This repository has been archived by the owner on Feb 29, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 180
/
ironic-conductor.yaml
268 lines (259 loc) · 11.2 KB
/
ironic-conductor.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
heat_template_version: rocky
description: >
OpenStack containerized Ironic Conductor service
parameters:
DockerIronicConductorImage:
description: image
type: string
DockerIronicConfigImage:
description: The container image to use for the ironic config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
IronicConfigureSwiftTempUrlKey:
default: true
description: Whether to configure Swift temporary URLs for use with
the "direct" and "ansible" deploy interfaces.
type: boolean
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
conditions:
configure_swift_temp_url: {equals: [{get_param: IronicConfigureSwiftTempUrlKey}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
IronicConductorBase:
type: ../../puppet/services/ironic-conductor.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ironic Conductor role.
value:
service_name: {get_attr: [IronicConductorBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [IronicConductorBase, role_data, config_settings]
# to avoid hard linking errors we store these on the same
# volume/device as the ironic master_path
# https://github.com/docker/docker/issues/7457
- ironic::drivers::pxe::tftp_root: /var/lib/ironic/tftpboot
- ironic::drivers::pxe::tftp_master_path: /var/lib/ironic/tftpboot/master_images
- ironic::pxe::tftp_root: /var/lib/ironic/tftpboot
- ironic::pxe::http_root: /var/lib/ironic/httpboot
- ironic::conductor::http_root: /var/lib/ironic/httpboot
logging_source: {get_attr: [IronicConductorBase, role_data, logging_source]}
logging_groups: {get_attr: [IronicConductorBase, role_data, logging_groups]}
service_config_settings: {get_attr: [IronicConductorBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: ironic
puppet_tags: ironic_config
step_config:
list_join:
- "\n"
- - {get_attr: [IronicConductorBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerIronicConfigImage}
kolla_config:
/var/lib/kolla/config_files/ironic_conductor.json:
command: /usr/bin/ironic-conductor
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/lib/ironic
owner: ironic:ironic
recurse: true
- path: /var/log/ironic
owner: ironic:ironic
recurse: true
docker_config_scripts:
create_swift_temp_url_key.sh:
mode: "0700"
content: |
#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=$(crudini --get /etc/ironic/ironic.conf swift project_domain_name)
export OS_USER_DOMAIN_NAME=$(crudini --get /etc/ironic/ironic.conf swift user_domain_name)
export OS_PROJECT_NAME=$(crudini --get /etc/ironic/ironic.conf swift project_name)
export OS_USERNAME=$(crudini --get /etc/ironic/ironic.conf swift username)
export OS_PASSWORD=$(crudini --get /etc/ironic/ironic.conf swift password)
export OS_AUTH_URL=$(crudini --get /etc/ironic/ironic.conf swift auth_url)
export OS_AUTH_TYPE=password
export OS_IDENTITY_API_VERSION=3
echo "Check if a temporary URL key already exists"
KEY_SET=$(openstack object store account show -c properties -f value 2>/dev/null | tr ',' '\n' | grep Temp-Url-Key || true)
if [ -z $KEY_SET ]; then
echo "Creating a new temporary URL for project $OS_PROJECT_NAME"
SWIFT_TEMP_URL_KEY=$(uuidgen | sha1sum | awk '{print $1}')
openstack object store account set --property "Temp-URL-Key=$SWIFT_TEMP_URL_KEY" || exit 1
fi
docker_config:
step_4:
map_merge:
- if:
- configure_swift_temp_url
- create_swift_temp_url_key:
start_order: 70
image: &ironic_conductor_image {get_param: DockerIronicConductorImage}
net: host
detach: false
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/puppet-generated/ironic/etc/ironic:/etc/ironic:ro
- /var/lib/docker-config-scripts/create_swift_temp_url_key.sh:/create_swift_temp_url_key.sh:ro
user: root
command: "/usr/bin/bootstrap_host_exec ironic_conductor /create_swift_temp_url_key.sh"
- {}
- ironic_conductor:
start_order: 80
image: *ironic_conductor_image
net: host
privileged: true
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /sys:/sys
- /dev:/dev
- /run:/run #shared?
- /var/lib/ironic:/var/lib/ironic:shared
- /var/log/containers/ironic:/var/log/ironic
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/ironic
- /var/lib/ironic
- name: ironic logs readme
copy:
dest: /var/log/ironic/readme.txt
content: |
Log files from ironic containers can be found under
/var/log/containers/ironic and /var/log/containers/httpd/ironic-*.
ignore_errors: true
- name: stat /httpboot
stat: path=/httpboot
register: stat_httpboot
- name: stat /tftpboot
stat: path=/tftpboot
register: stat_tftpboot
- name: stat /var/lib/ironic/httpboot
stat: path=/var/lib/ironic/httpboot
register: stat_ironic_httpboot
- name: stat /var/lib/ironic/tftpboot
stat: path=/var/lib/ironic/tftpboot
register: stat_ironic_tftpboot
# cannot use 'copy' module as with 'remote_src' it doesn't support recursion
- name: migrate /httpboot to containerized (if applicable)
command: /bin/cp -R /httpboot /var/lib/ironic/httpboot
when: stat_httpboot.stat.exists and not stat_ironic_httpboot.stat.exists
- name: migrate /tftpboot to containerized (if applicable)
command: /bin/cp -R /tftpboot /var/lib/ironic/tftpboot
when: stat_tftpboot.stat.exists and not stat_ironic_tftpboot.stat.exists
# Even if there was nothing to copy from original locations,
# we need to create the dirs before starting the containers
- name: ensure ironic pxe directories exist
file:
path: /var/lib/ironic/{{ item }}
state: directory
with_items:
- httpboot
- tftpboot
upgrade_tasks:
- when: step|int == 0
tags: common
block:
- name: Check if ironic_conductor is deployed
command: systemctl is-enabled --quiet openstack-ironic-conductor
ignore_errors: True
register: ironic_conductor_enabled_result
- name: Set fact ironic_conductor_enabled
set_fact:
ironic_conductor_enabled: "{{ ironic_conductor_enabled_result.rc == 0 }}"
- name: "PreUpgrade step0,validation: Check service openstack-ironic-conductor is running"
command: systemctl is-active --quiet openstack-ironic-conductor
tags: validation
when: ironic_conductor_enabled|bool
- when: step|int == 2
block:
- name: Stop and disable ironic_conductor service
when: ironic_conductor_enabled|bool
service: name=openstack-ironic-conductor state=stopped enabled=no
- name: Set fact for removal of openstack-ironic-conductor package
set_fact:
remove_ironic_conductor_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-ironic-conductor package if operator requests it
yum: name=openstack-ironic-conductor state=removed
ignore_errors: True
when: remove_ironic_conductor_package|bool
fast_forward_upgrade_tasks:
- block:
- name: Check if ironic_conductor is deployed
command: systemctl is-enabled --quiet openstack-ironic-conductor
ignore_errors: True
register: ironic_conductor_enabled_result
- name: Set fact ironic_conductor_enabled
set_fact:
ironic_conductor_enabled: "{{ ironic_conductor_enabled_result.rc == 0 }}"
when:
- step|int == 0
- release == 'ocata'
- name: Stop openstack-ironic-conductor
service: name=openstack-ironic-conductor state=stopped enabled=no
when:
- step|int == 1
- release == 'ocata'
- ironic_conductor_enabled|bool
- name: Ironic packages update
shell: yum -y update openstack-ironic*
when:
- step|int == 6
- is_bootstrap_node|bool