docker/services/nova-libvirt.yaml

   1 heat_template_version: pike
   2
   3 description: >
   4   OpenStack Libvirt Service
   5
   6 parameters:
   7   DockerNamespace:
   8     description: namespace
   9     default: 'tripleoupstream'
  10     type: string
  11   DockerNovaLibvirtImage:
  12     description: image
  13     default: 'centos-binary-nova-libvirt:latest'
  14     type: string
  15   # we configure libvirt via the nova-compute container due to coupling
  16   # in the puppet modules
  17   DockerNovaLibvirtConfigImage:
  18     description: The container image to use for the nova_libvirt config_volume
  19     default: 'centos-binary-nova-compute:latest'
  20     type: string
  21   EnablePackageInstall:
  22     default: 'false'
  23     description: Set to true to enable package installation
  24     type: boolean
  25   ServiceNetMap:
  26     default: {}
  27     description: Mapping of service_name -> network name. Typically set
  28                  via parameter_defaults in the resource registry.  This
  29                  mapping overrides those in ServiceNetMapDefaults.
  30     type: json
  31   DefaultPasswords:
  32     default: {}
  33     type: json
  34   RoleName:
  35     default: ''
  36     description: Role name on which the service is applied
  37     type: string
  38   RoleParameters:
  39     default: {}
  40     description: Parameters specific to the role
  41     type: json
  42   EndpointMap:
  43     default: {}
  44     description: Mapping of service endpoint -> protocol. Typically set
  45                  via parameter_defaults in the resource registry.
  46     type: json
  47   EnableInternalTLS:
  48     type: boolean
  49     default: false
  50   UseTLSTransportForLiveMigration:
  51     type: boolean
  52     default: true
  53     description: If set to true and if EnableInternalTLS is enabled, it will
  54                  set the libvirt URI's transport to tls and configure the
  55                  relevant keys for libvirt.
  56
  57 conditions:
  58
  59   use_tls_for_live_migration:
  60     and:
  61     - equals:
  62       - {get_param: EnableInternalTLS}
  63       - true
  64     - equals:
  65       - {get_param: UseTLSTransportForLiveMigration}
  66       - true
  67
  68 resources:
  69
  70   ContainersCommon:
  71     type: ./containers-common.yaml
  72
  73   NovaLibvirtBase:
  74     type: ../../puppet/services/nova-libvirt.yaml
  75     properties:
  76       EndpointMap: {get_param: EndpointMap}
  77       ServiceNetMap: {get_param: ServiceNetMap}
  78       DefaultPasswords: {get_param: DefaultPasswords}
  79       RoleName: {get_param: RoleName}
  80       RoleParameters: {get_param: RoleParameters}
  81
  82 outputs:
  83   role_data:
  84     description: Role data for the Libvirt service.
  85     value:
  86       service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]}
  87       config_settings:
  88         map_merge:
  89           - get_attr: [NovaLibvirtBase, role_data, config_settings]
  90           # FIXME: we need to disable migration for now as the
  91           # hieradata is common for all services, and this means nova
  92           # and nova_placement puppet runs also try to configure
  93           # libvirt, and they fail. We can remove this override when
  94           # we have hieradata separation between containers.
  95           - tripleo::profile::base::nova::manage_migration: false
  96       step_config: &step_config
  97         get_attr: [NovaLibvirtBase, role_data, step_config]
  98       puppet_config:
  99         config_volume: nova_libvirt
 100         puppet_tags: nova_config
 101         step_config: *step_config
 102         config_image:
 103           list_join:
 104             - '/'
 105             - [ {get_param: DockerNamespace}, {get_param: DockerNovaLibvirtConfigImage} ]
 106       kolla_config:
 107         /var/lib/kolla/config_files/nova_libvirt.json:
 108           command:
 109             if:
 110               - use_tls_for_live_migration
 111               - /usr/sbin/libvirtd --listen --config /etc/libvirt/libvirtd.conf
 112               - /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
 113           config_files:
 114             - source: "/var/lib/kolla/config_files/src/*"
 115               dest: "/"
 116               merge: true
 117               preserve_properties: true
 118           permissions:
 119             - path: /var/log/nova
 120               owner: nova:nova
 121               recurse: true
 122       docker_config:
 123         step_3:
 124           nova_libvirt:
 125             image:
 126               list_join:
 127               - '/'
 128               - [ {get_param: DockerNamespace}, {get_param: DockerNovaLibvirtImage} ]
 129             net: host
 130             pid: host
 131             privileged: true
 132             restart: always
 133             volumes:
 134               list_concat:
 135                 - {get_attr: [ContainersCommon, volumes]}
 136                 -
 137                   - /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro
 138                   - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
 139                   - /lib/modules:/lib/modules:ro
 140                   - /dev:/dev
 141                   - /run:/run
 142                   - /sys/fs/cgroup:/sys/fs/cgroup
 143                   - /var/lib/nova:/var/lib/nova
 144                   # Needed to use host's virtlogd
 145                   - /var/run/libvirt:/var/run/libvirt
 146                   - /var/lib/libvirt:/var/lib/libvirt
 147                   - /etc/libvirt/qemu:/etc/libvirt/qemu
 148                   - /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
 149                   - /var/log/containers/nova:/var/log/nova
 150             environment:
 151               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
 152       host_prep_tasks:
 153         - name: create libvirt persistent data directories
 154           file:
 155             path: "{{ item }}"
 156             state: directory
 157           with_items:
 158             - /etc/libvirt/qemu
 159             - /var/lib/libvirt
 160             - /var/log/containers/nova
 161         - name: set enable_package_install fact
 162           set_fact:
 163             enable_package_install: {get_param: EnablePackageInstall}
 164         # We use virtlogd on host, so when using Deployed Server
 165         # feature, we need to ensure libvirt is installed.
 166         - name: install libvirt-daemon
 167           package:
 168             name: libvirt-daemon
 169             state: present
 170           when: enable_package_install
 171         - name: start virtlogd socket
 172           service:
 173             name: virtlogd.socket
 174             state: started
 175             enabled: yes
 176           when: enable_package_install
 177       upgrade_tasks:
 178         - name: Stop and disable libvirtd service
 179           tags: step2
 180           service: name=libvirtd state=stopped enabled=no