docker/services/nova-libvirt.yaml

   1 heat_template_version: pike
   2
   3 description: >
   4   OpenStack Libvirt Service
   5
   6 parameters:
   7   DockerNovaLibvirtImage:
   8     description: image
   9     type: string
  10   # we configure libvirt via the nova-compute container due to coupling
  11   # in the puppet modules
  12   DockerNovaLibvirtConfigImage:
  13     description: The container image to use for the nova_libvirt config_volume
  14     type: string
  15   ServiceData:
  16     default: {}
  17     description: Dictionary packing service data
  18     type: json
  19   ServiceNetMap:
  20     default: {}
  21     description: Mapping of service_name -> network name. Typically set
  22                  via parameter_defaults in the resource registry.  This
  23                  mapping overrides those in ServiceNetMapDefaults.
  24     type: json
  25   DefaultPasswords:
  26     default: {}
  27     type: json
  28   RoleName:
  29     default: ''
  30     description: Role name on which the service is applied
  31     type: string
  32   RoleParameters:
  33     default: {}
  34     description: Parameters specific to the role
  35     type: json
  36   EndpointMap:
  37     default: {}
  38     description: Mapping of service endpoint -> protocol. Typically set
  39                  via parameter_defaults in the resource registry.
  40     type: json
  41   EnableInternalTLS:
  42     type: boolean
  43     default: false
  44   UseTLSTransportForLiveMigration:
  45     type: boolean
  46     default: true
  47     description: If set to true and if EnableInternalTLS is enabled, it will
  48                  set the libvirt URI's transport to tls and configure the
  49                  relevant keys for libvirt.
  50   DockerNovaMigrationSshdPort:
  51     default: 2022
  52     description: Port that dockerized nova migration target sshd service
  53                  binds to.
  54     type: number
  55   NovaEnableRbdBackend:
  56     default: false
  57     description: Whether to enable or not the Rbd backend for Nova
  58     type: boolean
  59   CinderEnableRbdBackend:
  60     default: false
  61     description: Whether to enable or not the Rbd backend for Cinder
  62     type: boolean
  63   CephClientKey:
  64     description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
  65     type: string
  66     hidden: true
  67   CephClusterFSID:
  68     type: string
  69     description: The Ceph cluster FSID. Must be a UUID.
  70
  71 conditions:
  72
  73   use_tls_for_live_migration:
  74     and:
  75     - equals:
  76       - {get_param: EnableInternalTLS}
  77       - true
  78     - equals:
  79       - {get_param: UseTLSTransportForLiveMigration}
  80       - true
  81
  82   need_libvirt_secret:
  83     or:
  84     - equals:
  85       - {get_param: NovaEnableRbdBackend}
  86       - true
  87     - equals:
  88       - {get_param: CinderEnableRbdBackend}
  89       - true
  90
  91 resources:
  92
  93   ContainersCommon:
  94     type: ./containers-common.yaml
  95
  96   MySQLClient:
  97     type: ../../puppet/services/database/mysql-client.yaml
  98
  99   NovaLibvirtBase:
 100     type: ../../puppet/services/nova-libvirt.yaml
 101     properties:
 102       EndpointMap: {get_param: EndpointMap}
 103       ServiceData: {get_param: ServiceData}
 104       ServiceNetMap: {get_param: ServiceNetMap}
 105       DefaultPasswords: {get_param: DefaultPasswords}
 106       RoleName: {get_param: RoleName}
 107       RoleParameters: {get_param: RoleParameters}
 108
 109 outputs:
 110   role_data:
 111     description: Role data for the Libvirt service.
 112     value:
 113       service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]}
 114       config_settings:
 115         map_merge:
 116           - get_attr: [NovaLibvirtBase, role_data, config_settings]
 117           - tripleo::profile::base::certmonger_user::libvirt_postsave_cmd: "true" # TODO: restart the libvirt container here
 118
 119       logging_source: {get_attr: [NovaLibvirtBase, role_data, logging_source]}
 120       logging_groups: {get_attr: [NovaLibvirtBase, role_data, logging_groups]}
 121       step_config: &step_config
 122         list_join:
 123           - "\n"
 124           - - {get_attr: [NovaLibvirtBase, role_data, step_config]}
 125             - {get_attr: [MySQLClient, role_data, step_config]}
 126       puppet_config:
 127         config_volume: nova_libvirt
 128         puppet_tags: libvirtd_config,nova_config,file
 129         step_config: *step_config
 130         config_image: {get_param: DockerNovaLibvirtConfigImage}
 131       kolla_config:
 132         /var/lib/kolla/config_files/nova_libvirt.json:
 133           command:
 134             if:
 135               - use_tls_for_live_migration
 136               - /usr/sbin/libvirtd --listen --config /etc/libvirt/libvirtd.conf
 137               - /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
 138           config_files:
 139             - source: "/var/lib/kolla/config_files/src/*"
 140               dest: "/"
 141               merge: true
 142               preserve_properties: true
 143             - source: "/var/lib/kolla/config_files/src-ceph/"
 144               dest: "/etc/ceph/"
 145               merge: true
 146               preserve_properties: true
 147         /var/lib/kolla/config_files/nova_virtlogd.json:
 148           command: /usr/sbin/virtlogd --config /etc/libvirt/virtlogd.conf
 149           config_files:
 150             - source: "/var/lib/kolla/config_files/src/*"
 151               dest: "/"
 152               merge: true
 153               preserve_properties: true
 154           permissions:
 155             - path: /var/log/nova
 156               owner: nova:nova
 157               recurse: true
 158       docker_config:
 159         step_3:
 160           nova_virtlogd:
 161             start_order: 0
 162             image: {get_param: DockerNovaLibvirtImage}
 163             net: host
 164             pid: host
 165             privileged: true
 166             restart: always
 167             volumes:
 168               list_concat:
 169                 - {get_attr: [ContainersCommon, volumes]}
 170                 -
 171                   - /var/lib/kolla/config_files/nova_virtlogd.json:/var/lib/kolla/config_files/config.json:ro
 172                   - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
 173                   - /lib/modules:/lib/modules:ro
 174                   - /dev:/dev
 175                   - /run:/run
 176                   - /sys/fs/cgroup:/sys/fs/cgroup
 177                   - /var/lib/nova:/var/lib/nova
 178                   - /var/run/libvirt:/var/run/libvirt
 179                   - /var/lib/libvirt:/var/lib/libvirt
 180                   - /etc/libvirt/qemu:/etc/libvirt/qemu:ro
 181                   - /var/log/libvirt/qemu:/var/log/libvirt/qemu
 182             environment:
 183               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
 184           nova_libvirt:
 185             start_order: 1
 186             image: {get_param: DockerNovaLibvirtImage}
 187             net: host
 188             pid: host
 189             privileged: true
 190             restart: always
 191             volumes:
 192               list_concat:
 193                 - {get_attr: [ContainersCommon, volumes]}
 194                 -
 195                   - /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro
 196                   - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
 197                   - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
 198                   - /lib/modules:/lib/modules:ro
 199                   - /dev:/dev
 200                   - /run:/run
 201                   - /sys/fs/cgroup:/sys/fs/cgroup
 202                   - /var/lib/nova:/var/lib/nova
 203                   - /etc/libvirt:/etc/libvirt
 204                   - /var/run/libvirt:/var/run/libvirt
 205                   - /var/lib/libvirt:/var/lib/libvirt
 206                   - /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
 207                   - /var/log/containers/nova:/var/log/nova
 208                   - /var/lib/vhost_sockets:/var/lib/vhost_sockets
 209                 -
 210                   if:
 211                     - use_tls_for_live_migration
 212                     -
 213                       - /etc/ipa/ca.crt:/etc/pki/CA/cacert.pem:ro
 214                       - /etc/pki/libvirt/servercert.pem:/etc/pki/libvirt/servercert.pem:ro
 215                       - /etc/pki/libvirt/private/serverkey.pem:/etc/pki/libvirt/private/serverkey.pem:ro
 216                       - /etc/pki/libvirt/clientcert.pem:/etc/pki/libvirt/clientcert.pem:ro
 217                       - /etc/pki/libvirt/private/clientkey.pem:/etc/pki/libvirt/private/clientkey.pem:ro
 218                     - null
 219             environment:
 220               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
 221         step_4:
 222           if:
 223             - need_libvirt_secret
 224             - nova_libvirt_init_secret:
 225                 detach: false
 226                 image: {get_param: DockerNovaLibvirtImage}
 227                 privileged: false
 228                 user: root
 229                 volumes:
 230                   list_concat:
 231                     - {get_attr: [ContainersCommon, volumes]}
 232                     -
 233                       - /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova:/etc/nova:ro
 234                       - /etc/libvirt:/etc/libvirt
 235                       - /var/run/libvirt:/var/run/libvirt
 236                       - /var/lib/libvirt:/var/lib/libvirt
 237                 command:
 238                   - /bin/bash
 239                   - -c
 240                   - str_replace:
 241                       template: /usr/bin/virsh secret-define --file /etc/nova/secret.xml && /usr/bin/virsh secret-set-value --secret 'SECRET_UUID' --base64 'SECRET_KEY'
 242                       params:
 243                         SECRET_UUID: {get_param: CephClusterFSID}
 244                         SECRET_KEY: {get_param: CephClientKey}
 245             - {}
 246       host_prep_tasks:
 247         - name: create libvirt persistent data directories
 248           file:
 249             path: "{{ item }}"
 250             state: directory
 251           with_items:
 252             - /etc/libvirt
 253             - /etc/libvirt/secrets
 254             - /etc/libvirt/qemu
 255             - /var/lib/libvirt
 256             - /var/log/containers/nova
 257         # qemu user on host will be cretaed by libvirt package install, ensure
 258         # the qemu user created with same uid/gid as like libvirt package.
 259         # These specific values are required since ovs is running on host.
 260         # Once ovs with DPDK is containerized, we could modify this uid/gid
 261         # to match with kolla config values.
 262         - name: ensure qemu group is present on the host
 263           group:
 264             name: qemu
 265             gid: 107
 266             state: present
 267         - name: ensure qemu user is present on the host
 268           user:
 269             name: qemu
 270             uid: 107
 271             group: qemu
 272             state: present
 273             shell: /sbin/nologin
 274             comment: qemu user
 275         - name: create directory for vhost-user sockets with qemu ownership
 276           file:
 277             path: /var/lib/vhost_sockets
 278             state: directory
 279             owner: qemu
 280             group: qemu
 281         - name: ensure ceph configurations exist
 282           file:
 283             path: /etc/ceph
 284             state: directory
 285         - name: check if libvirt is installed
 286           command: /usr/bin/rpm -q libvirt-daemon
 287           failed_when: false
 288           register: libvirt_installed
 289         - name: make sure libvirt services are disabled
 290           service:
 291             name: "{{ item }}"
 292             state: stopped
 293             enabled: no
 294           with_items:
 295             - libvirtd.service
 296             - virtlogd.socket
 297           when: libvirt_installed.rc == 0
 298       metadata_settings:
 299         get_attr: [NovaLibvirtBase, role_data, metadata_settings]
 300       upgrade_tasks:
 301         - name: Stop and disable libvirtd service
 302           tags: step2
 303           service: name=libvirtd state=stopped enabled=no