docker/internal TLS: spawn extra container for ec2api TLS proxy
This spawns extra containers that runs httpd to run the TLS proxy that will go in front of ec2-api and ec2-api-metadata. bp tls-via-certmonger-containers Depends-On: I214fe20e12487395e1c6e247e92b2f53ba158ff9 Depends-On: Iae8e61cb5be4faeea8861296629dd6a5f3ed4f01 Change-Id: I847e13c22354aab7759364e04e009f40e6a75b79
This commit is contained in:
parent
5f4105e2c3
commit
1ccb030120
@ -36,6 +36,13 @@ parameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
conditions:
|
||||
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
resources:
|
||||
|
||||
@ -85,6 +92,13 @@ outputs:
|
||||
- path: /var/log/ec2api
|
||||
owner: ec2api:ec2api
|
||||
recurse: true
|
||||
/var/lib/kolla/config_files/ec2_api_tls_proxy.json:
|
||||
command: /usr/sbin/httpd -DFOREGROUND
|
||||
config_files:
|
||||
- source: "/var/lib/kolla/config_files/src/*"
|
||||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
/var/lib/kolla/config_files/ec2_api_metadata.json:
|
||||
command: /usr/bin/ec2-api-metadata
|
||||
config_files:
|
||||
@ -120,38 +134,58 @@ outputs:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/config-data/ec2_api/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
|
||||
- /var/lib/config-data/ec2_api/etc/ec2api/:/etc/ec2api/:ro
|
||||
- /var/log/containers/ec2_api:/var/log/ec2api
|
||||
command: "/usr/bin/bootstrap_host_exec ec2_api su ec2api -s /bin/bash -c '/usr/bin/ec2-api-manage db_sync'"
|
||||
step_4:
|
||||
ec2_api:
|
||||
image: *ec2_api_image
|
||||
net: host
|
||||
privileged: false
|
||||
restart: always
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/ec2_api.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro
|
||||
- /var/log/containers/ec2_api:/var/log/ec2api
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
ec2_api_metadata:
|
||||
image: *ec2_api_image
|
||||
net: host
|
||||
privileged: false
|
||||
restart: always
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/ec2_api_metadata.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro
|
||||
- /var/log/containers/ec2_api_metadata:/var/log/ec2api
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
map_merge:
|
||||
- ec2_api:
|
||||
image: *ec2_api_image
|
||||
net: host
|
||||
privileged: false
|
||||
restart: always
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/ec2_api.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro
|
||||
- /var/log/containers/ec2_api:/var/log/ec2api
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
ec2_api_metadata:
|
||||
image: *ec2_api_image
|
||||
net: host
|
||||
privileged: false
|
||||
restart: always
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/ec2_api_metadata.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro
|
||||
- /var/log/containers/ec2_api_metadata:/var/log/ec2api
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- ec2_api_tls_proxy:
|
||||
image: *ec2_api_image
|
||||
net: host
|
||||
user: root
|
||||
restart: always
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/ec2_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro
|
||||
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
||||
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
- {}
|
||||
host_prep_tasks:
|
||||
- name: create persistent log directories
|
||||
file:
|
||||
@ -197,3 +231,5 @@ outputs:
|
||||
tags: step2
|
||||
when: ec2_api_metadata_enabled.rc == 0
|
||||
service: name=openstack-ec2-api-metadata state=stopped enabled=no
|
||||
metadata_settings:
|
||||
get_attr: [Ec2ApiPuppetBase, role_data, metadata_settings]
|
||||
|
Loading…
x
Reference in New Issue
Block a user