docker/services/nova-libvirt.yaml

   1 heat_template_version: pike
   2
   3 description: >
   4   OpenStack Libvirt Service
   5
   6 parameters:
   7   DockerNovaLibvirtImage:
   8     description: image
   9     type: string
  10   # we configure libvirt via the nova-compute container due to coupling
  11   # in the puppet modules
  12   DockerNovaLibvirtConfigImage:
  13     description: The container image to use for the nova_libvirt config_volume
  14     type: string
  15   EnablePackageInstall:
  16     default: 'false'
  17     description: Set to true to enable package installation at deploy time
  18     type: boolean
  19   ServiceData:
  20     default: {}
  21     description: Dictionary packing service data
  22     type: json
  23   ServiceNetMap:
  24     default: {}
  25     description: Mapping of service_name -> network name. Typically set
  26                  via parameter_defaults in the resource registry.  This
  27                  mapping overrides those in ServiceNetMapDefaults.
  28     type: json
  29   DefaultPasswords:
  30     default: {}
  31     type: json
  32   RoleName:
  33     default: ''
  34     description: Role name on which the service is applied
  35     type: string
  36   RoleParameters:
  37     default: {}
  38     description: Parameters specific to the role
  39     type: json
  40   EndpointMap:
  41     default: {}
  42     description: Mapping of service endpoint -> protocol. Typically set
  43                  via parameter_defaults in the resource registry.
  44     type: json
  45   EnableInternalTLS:
  46     type: boolean
  47     default: false
  48   UseTLSTransportForLiveMigration:
  49     type: boolean
  50     default: true
  51     description: If set to true and if EnableInternalTLS is enabled, it will
  52                  set the libvirt URI's transport to tls and configure the
  53                  relevant keys for libvirt.
  54
  55 conditions:
  56
  57   use_tls_for_live_migration:
  58     and:
  59     - equals:
  60       - {get_param: EnableInternalTLS}
  61       - true
  62     - equals:
  63       - {get_param: UseTLSTransportForLiveMigration}
  64       - true
  65
  66 resources:
  67
  68   ContainersCommon:
  69     type: ./containers-common.yaml
  70
  71   NovaLibvirtBase:
  72     type: ../../puppet/services/nova-libvirt.yaml
  73     properties:
  74       EndpointMap: {get_param: EndpointMap}
  75       ServiceData: {get_param: ServiceData}
  76       ServiceNetMap: {get_param: ServiceNetMap}
  77       DefaultPasswords: {get_param: DefaultPasswords}
  78       RoleName: {get_param: RoleName}
  79       RoleParameters: {get_param: RoleParameters}
  80
  81 outputs:
  82   role_data:
  83     description: Role data for the Libvirt service.
  84     value:
  85       service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]}
  86       config_settings:
  87         map_merge:
  88           - get_attr: [NovaLibvirtBase, role_data, config_settings]
  89           # FIXME: we need to disable migration for now as the
  90           # hieradata is common for all services, and this means nova
  91           # and nova_placement puppet runs also try to configure
  92           # libvirt, and they fail. We can remove this override when
  93           # we have hieradata separation between containers.
  94           - tripleo::profile::base::nova::manage_migration: false
  95       step_config: &step_config
  96         get_attr: [NovaLibvirtBase, role_data, step_config]
  97       puppet_config:
  98         config_volume: nova_libvirt
  99         puppet_tags: nova_config,file,exec
 100         step_config: *step_config
 101         config_image: {get_param: DockerNovaLibvirtConfigImage}
 102       kolla_config:
 103         /var/lib/kolla/config_files/nova_libvirt.json:
 104           command:
 105             if:
 106               - use_tls_for_live_migration
 107               - /usr/sbin/libvirtd --listen --config /etc/libvirt/libvirtd.conf
 108               - /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
 109           config_files:
 110             - source: "/var/lib/kolla/config_files/src/*"
 111               dest: "/"
 112               merge: true
 113               preserve_properties: true
 114           permissions:
 115             - path: /var/log/nova
 116               owner: nova:nova
 117               recurse: true
 118       docker_config:
 119         step_3:
 120           nova_libvirt:
 121             image: {get_param: DockerNovaLibvirtImage}
 122             net: host
 123             pid: host
 124             privileged: true
 125             restart: always
 126             volumes:
 127               list_concat:
 128                 - {get_attr: [ContainersCommon, volumes]}
 129                 -
 130                   - /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro
 131                   - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
 132                   - /lib/modules:/lib/modules:ro
 133                   - /dev:/dev
 134                   - /run:/run
 135                   - /sys/fs/cgroup:/sys/fs/cgroup
 136                   - /var/lib/nova:/var/lib/nova
 137                   - /etc/libvirt/secrets:/etc/libvirt/secrets
 138                   # Needed to use host's virtlogd
 139                   - /var/run/libvirt:/var/run/libvirt
 140                   - /var/lib/libvirt:/var/lib/libvirt
 141                   - /etc/libvirt/qemu:/etc/libvirt/qemu
 142                   - /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
 143                   - /var/log/containers/nova:/var/log/nova
 144             environment:
 145               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
 146       host_prep_tasks:
 147         - name: create libvirt persistent data directories
 148           file:
 149             path: "{{ item }}"
 150             state: directory
 151           with_items:
 152             - /etc/libvirt/secrets
 153             - /etc/libvirt/qemu
 154             - /var/lib/libvirt
 155             - /var/log/containers/nova
 156         - name: set enable_package_install fact
 157           set_fact:
 158             enable_package_install: {get_param: EnablePackageInstall}
 159         # We use virtlogd on host, so when using Deployed Server
 160         # feature, we need to ensure libvirt is installed.
 161         - name: install libvirt-daemon
 162           package:
 163             name: libvirt-daemon
 164             state: present
 165           when: enable_package_install
 166         - name: start virtlogd socket
 167           service:
 168             name: virtlogd.socket
 169             state: started
 170             enabled: yes
 171           when: enable_package_install
 172       upgrade_tasks:
 173         - name: Stop and disable libvirtd service
 174           tags: step2
 175           service: name=libvirtd state=stopped enabled=no