208 lines
6.1 KiB
YAML
208 lines
6.1 KiB
YAML
heat_template_version: 2014-10-16
|
|
|
|
description: >
|
|
This is a nested stack that defines software configs for Mesos slave.
|
|
|
|
parameters:
|
|
|
|
executor_registration_timeout:
|
|
type: string
|
|
description: >
|
|
Amount of time to wait for an executor to register with the slave before
|
|
considering it hung and shutting it down
|
|
|
|
http_proxy:
|
|
type: string
|
|
description: http proxy address for docker
|
|
|
|
https_proxy:
|
|
type: string
|
|
description: https proxy address for docker
|
|
|
|
no_proxy:
|
|
type: string
|
|
description: no proxies for docker
|
|
|
|
auth_url:
|
|
type: string
|
|
description: >
|
|
url for mesos to authenticate before sending request
|
|
|
|
username:
|
|
type: string
|
|
description: user name
|
|
|
|
password:
|
|
type: string
|
|
description: >
|
|
user password, not set in current implementation, only used to
|
|
fill in for Kubernetes config file
|
|
hidden: true
|
|
|
|
tenant_name:
|
|
type: string
|
|
description: >
|
|
tenant_name is used to isolate access to Compute resources
|
|
|
|
volume_driver:
|
|
type: string
|
|
description: volume driver to use for container storage
|
|
|
|
region_name:
|
|
type: string
|
|
description: A logically separate section of the cluster
|
|
|
|
domain_name:
|
|
type: string
|
|
description: >
|
|
domain is to define the administrative boundaries for management
|
|
of Keystone entities
|
|
|
|
rexray_preempt:
|
|
type: string
|
|
description: >
|
|
enables any host to take control of a volume irrespective of whether
|
|
other hosts are using the volume
|
|
|
|
verify_ca:
|
|
type: boolean
|
|
description: whether or not to validate certificate authority
|
|
|
|
mesos_slave_isolation:
|
|
type: string
|
|
description: >
|
|
Isolation mechanisms to use, e.g., `posix/cpu,posix/mem`, or
|
|
`cgroups/cpu,cgroups/mem`, or network/port_mapping (configure with flag:
|
|
`--with-network-isolator` to enable), or `cgroups/devices/gpus/nvidia`
|
|
for nvidia specific gpu isolation (configure with flag: `--enable-nvidia
|
|
-gpu-support` to enable), or `external`, or load an alternate isolator
|
|
module using the `--modules` flag. Note that this flag is only relevant
|
|
for the Mesos Containerizer.
|
|
|
|
mesos_slave_work_dir:
|
|
type: string
|
|
description: directory path to place framework work directories
|
|
|
|
mesos_slave_image_providers:
|
|
type: string
|
|
description: >
|
|
Comma separated list of supported image providers e.g.,
|
|
APPC,DOCKER
|
|
|
|
mesos_slave_executor_env_variables:
|
|
type: string
|
|
description: >
|
|
JSON object representing the environment variables that should be passed
|
|
to the executor, and thus subsequently task(s). By default the executor,
|
|
executor will inherit the slave's environment variables.
|
|
|
|
mesos_masters_ips:
|
|
type: string
|
|
description: IP addresses of the Mesos master servers.
|
|
|
|
mesos_slave_wc_curl_cli:
|
|
type: string
|
|
description: Wait condition notify command for slave.
|
|
|
|
openstack_ca:
|
|
type: string
|
|
description: The OpenStack CA certificate to install on the node.
|
|
|
|
resources:
|
|
|
|
######################################################################
|
|
#
|
|
# software configs. these are components that are combined into
|
|
# a multipart MIME user-data archive.
|
|
#
|
|
|
|
write_heat_params:
|
|
type: OS::Heat::SoftwareConfig
|
|
properties:
|
|
group: ungrouped
|
|
config:
|
|
str_replace:
|
|
template: {get_file: fragments/write-heat-params.yaml}
|
|
params:
|
|
"$MESOS_MASTERS_IPS": {get_param: mesos_masters_ips}
|
|
"$EXECUTOR_REGISTRATION_TIMEOUT": {get_param: executor_registration_timeout}
|
|
"$HTTP_PROXY": {get_param: http_proxy}
|
|
"$HTTPS_PROXY": {get_param: https_proxy}
|
|
"$NO_PROXY": {get_param: no_proxy}
|
|
"$AUTH_URL": {get_param: auth_url}
|
|
"$USERNAME": {get_param: username}
|
|
"$PASSWORD": {get_param: password}
|
|
"$TENANT_NAME": {get_param: tenant_name}
|
|
"$VOLUME_DRIVER": {get_param: volume_driver}
|
|
"$REGION_NAME": {get_param: region_name}
|
|
"$DOMAIN_NAME": {get_param: domain_name}
|
|
"$REXRAY_PREEMPT": {get_param: rexray_preempt}
|
|
"$ISOLATION": {get_param: mesos_slave_isolation}
|
|
"$WORK_DIR": {get_param: mesos_slave_work_dir}
|
|
"$IMAGE_PROVIDERS": {get_param: mesos_slave_image_providers}
|
|
"$EXECUTOR_ENVIRONMENT_VARIABLES": {get_param: mesos_slave_executor_env_variables}
|
|
|
|
add_ext_ca_certs:
|
|
type: OS::Heat::SoftwareConfig
|
|
properties:
|
|
group: ungrouped
|
|
config:
|
|
str_replace:
|
|
template: {get_file: fragments/add-ext-ca-certs.sh}
|
|
params:
|
|
"@@CACERTS_CONTENT@@": {get_param: openstack_ca}
|
|
|
|
configure_mesos_slave:
|
|
type: OS::Heat::SoftwareConfig
|
|
properties:
|
|
group: ungrouped
|
|
config: {get_file: fragments/configure-mesos-slave.sh}
|
|
|
|
start_services:
|
|
type: OS::Heat::SoftwareConfig
|
|
properties:
|
|
group: ungrouped
|
|
config: {get_file: fragments/start-services-slave.sh}
|
|
|
|
slave_wc_notify:
|
|
type: OS::Heat::SoftwareConfig
|
|
properties:
|
|
group: ungrouped
|
|
config:
|
|
str_replace:
|
|
template: |
|
|
#!/bin/bash -v
|
|
wc_notify $VERIFY_CA --data-binary '{"status": "SUCCESS"}'
|
|
params:
|
|
wc_notify: {get_param: mesos_slave_wc_curl_cli}
|
|
"$VERIFY_CA": {get_param: verify_ca}
|
|
|
|
add_proxy:
|
|
type: OS::Heat::SoftwareConfig
|
|
properties:
|
|
group: ungrouped
|
|
config: {get_file: fragments/add-proxy.sh}
|
|
|
|
volume_service:
|
|
type: OS::Heat::SoftwareConfig
|
|
properties:
|
|
group: ungrouped
|
|
config: {get_file: fragments/volume-service.sh}
|
|
|
|
mesos_slave_init:
|
|
type: OS::Heat::MultipartMime
|
|
properties:
|
|
parts:
|
|
- config: {get_resource: add_ext_ca_certs}
|
|
- config: {get_resource: write_heat_params}
|
|
- config: {get_resource: configure_mesos_slave}
|
|
- config: {get_resource: add_proxy}
|
|
- config: {get_resource: volume_service}
|
|
- config: {get_resource: start_services}
|
|
- config: {get_resource: slave_wc_notify}
|
|
|
|
outputs:
|
|
mesos_init:
|
|
value: {get_resource: mesos_slave_init}
|
|
description: ID of the multipart mime.
|