|
|
@ -0,0 +1,358 @@ |
|
|
|
heat_template_version: rocky |
|
|
|
|
|
|
|
description: > |
|
|
|
OpenStack Panko service configured with docker. |
|
|
|
Note, this service is deprecated in Pike release and |
|
|
|
will be disabled in future releases. |
|
|
|
|
|
|
|
parameters: |
|
|
|
ContainerPankoApiImage: |
|
|
|
description: image |
|
|
|
type: string |
|
|
|
ContainerPankoConfigImage: |
|
|
|
description: The container image to use for the panko config_volume |
|
|
|
type: string |
|
|
|
EndpointMap: |
|
|
|
default: {} |
|
|
|
description: Mapping of service endpoint -> protocol. Typically set |
|
|
|
via parameter_defaults in the resource registry. |
|
|
|
type: json |
|
|
|
ServiceData: |
|
|
|
default: {} |
|
|
|
description: Dictionary packing service data |
|
|
|
type: json |
|
|
|
ServiceNetMap: |
|
|
|
default: {} |
|
|
|
description: Mapping of service_name -> network name. Typically set |
|
|
|
via parameter_defaults in the resource registry. This |
|
|
|
mapping overrides those in ServiceNetMapDefaults. |
|
|
|
type: json |
|
|
|
DefaultPasswords: |
|
|
|
default: {} |
|
|
|
type: json |
|
|
|
RoleName: |
|
|
|
default: '' |
|
|
|
description: Role name on which the service is applied |
|
|
|
type: string |
|
|
|
RoleParameters: |
|
|
|
default: {} |
|
|
|
description: Parameters specific to the role |
|
|
|
type: json |
|
|
|
EnableInternalTLS: |
|
|
|
type: boolean |
|
|
|
default: false |
|
|
|
MonitoringSubscriptionPankoApi: |
|
|
|
default: 'overcloud-ceilometer-panko-api' |
|
|
|
type: string |
|
|
|
PankoApiPolicies: |
|
|
|
description: | |
|
|
|
A hash of policies to configure for Panko API. |
|
|
|
e.g. { panko-context_is_admin: { key: context_is_admin, value: 'role:admin' } } |
|
|
|
default: {} |
|
|
|
type: json |
|
|
|
PankoEventTTL: |
|
|
|
description: Number of seconds that events are kept in the database |
|
|
|
default: '86400' |
|
|
|
type: string |
|
|
|
PankoPassword: |
|
|
|
description: The password for the panko services. |
|
|
|
type: string |
|
|
|
hidden: true |
|
|
|
Debug: |
|
|
|
default: false |
|
|
|
description: Set to True to enable debugging on all services. |
|
|
|
type: boolean |
|
|
|
PankoDebug: |
|
|
|
default: '' |
|
|
|
description: Set to True to enable debugging Panko services. |
|
|
|
type: string |
|
|
|
constraints: |
|
|
|
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE'] |
|
|
|
KeystoneRegion: |
|
|
|
type: string |
|
|
|
default: 'regionOne' |
|
|
|
description: Keystone region for endpoint |
|
|
|
EnablePankoExpirer: |
|
|
|
type: boolean |
|
|
|
default: true |
|
|
|
description: Enable panko expirer to periodically delete events from db |
|
|
|
PankoExpirerMinute: |
|
|
|
type: string |
|
|
|
description: > |
|
|
|
Cron to delete events data from db - Minute |
|
|
|
default: '1' |
|
|
|
PankoExpirerHour: |
|
|
|
type: string |
|
|
|
description: > |
|
|
|
Cron to delete events data from db - Hour |
|
|
|
default: '0' |
|
|
|
PankoExpirerMonthday: |
|
|
|
type: string |
|
|
|
description: > |
|
|
|
Cron to delete events data from db - Month Day |
|
|
|
default: '*' |
|
|
|
PankoExpirerMonth: |
|
|
|
type: string |
|
|
|
description: > |
|
|
|
Cron to delete events data from db - Month |
|
|
|
default: '*' |
|
|
|
PankoExpirerWeekday: |
|
|
|
type: string |
|
|
|
description: > |
|
|
|
Cron to delete events from db - Week Day |
|
|
|
default: '*' |
|
|
|
|
|
|
|
conditions: |
|
|
|
service_debug_unset: {equals : [{get_param: PankoDebug}, '']} |
|
|
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} |
|
|
|
|
|
|
|
resources: |
|
|
|
|
|
|
|
ContainersCommon: |
|
|
|
type: ../../containers-common.yaml |
|
|
|
|
|
|
|
MySQLClient: |
|
|
|
type: ../../database/mysql-client.yaml |
|
|
|
|
|
|
|
ApacheServiceBase: |
|
|
|
type: ../../../deployment/apache/apache-baremetal-puppet.yaml |
|
|
|
properties: |
|
|
|
EndpointMap: {get_param: EndpointMap} |
|
|
|
ServiceData: {get_param: ServiceData} |
|
|
|
ServiceNetMap: {get_param: ServiceNetMap} |
|
|
|
DefaultPasswords: {get_param: DefaultPasswords} |
|
|
|
RoleName: {get_param: RoleName} |
|
|
|
RoleParameters: {get_param: RoleParameters} |
|
|
|
|
|
|
|
PankoApiLogging: |
|
|
|
type: OS::TripleO::Services::Logging::PankoApi |
|
|
|
|
|
|
|
outputs: |
|
|
|
role_data: |
|
|
|
description: Role data for the Panko API role. |
|
|
|
value: |
|
|
|
service_name: panko_api |
|
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionPankoApi} |
|
|
|
config_settings: |
|
|
|
map_merge: |
|
|
|
- get_attr: [ApacheServiceBase, role_data, config_settings] |
|
|
|
- get_attr: [PankoApiLogging, config_settings] |
|
|
|
- apache::default_vhost: false |
|
|
|
panko::wsgi::apache::ssl: {get_param: EnableInternalTLS} |
|
|
|
panko::wsgi::apache::servername: |
|
|
|
str_replace: |
|
|
|
template: |
|
|
|
"%{hiera('fqdn_$NETWORK')}" |
|
|
|
params: |
|
|
|
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} |
|
|
|
panko::policy::policies: {get_param: PankoApiPolicies} |
|
|
|
panko::api::service_name: 'httpd' |
|
|
|
panko::api::enable_proxy_headers_parsing: true |
|
|
|
panko::api::event_time_to_live: {get_param: PankoEventTTL} |
|
|
|
tripleo::panko_api::firewall_rules: |
|
|
|
'140 panko-api': |
|
|
|
dport: |
|
|
|
- 8977 |
|
|
|
- 13977 |
|
|
|
panko::api::host: |
|
|
|
str_replace: |
|
|
|
template: |
|
|
|
"%{hiera('fqdn_$NETWORK')}" |
|
|
|
params: |
|
|
|
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} |
|
|
|
# NOTE: bind IP is found in hiera replacing the network name with the |
|
|
|
# local node IP for the given network; replacement examples |
|
|
|
# (eg. for internal_api): |
|
|
|
# internal_api -> IP |
|
|
|
# internal_api_uri -> [IP] |
|
|
|
# internal_api_subnet - > IP/CIDR |
|
|
|
panko::wsgi::apache::bind_host: |
|
|
|
str_replace: |
|
|
|
template: |
|
|
|
"%{hiera('$NETWORK')}" |
|
|
|
params: |
|
|
|
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} |
|
|
|
enable_panko_expirer: {get_param: EnablePankoExpirer} |
|
|
|
panko::db::database_connection: |
|
|
|
make_url: |
|
|
|
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} |
|
|
|
username: panko |
|
|
|
password: {get_param: PankoPassword} |
|
|
|
host: {get_param: [EndpointMap, MysqlInternal, host]} |
|
|
|
path: /panko |
|
|
|
query: |
|
|
|
read_default_file: /etc/my.cnf.d/tripleo.cnf |
|
|
|
read_default_group: tripleo |
|
|
|
panko::logging::debug: |
|
|
|
if: |
|
|
|
- service_debug_unset |
|
|
|
- {get_param: Debug } |
|
|
|
- {get_param: PankoDebug } |
|
|
|
panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } |
|
|
|
panko::keystone::authtoken::project_name: 'service' |
|
|
|
panko::keystone::authtoken::user_domain_name: 'Default' |
|
|
|
panko::keystone::authtoken::project_domain_name: 'Default' |
|
|
|
panko::keystone::authtoken::password: {get_param: PankoPassword} |
|
|
|
panko::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } |
|
|
|
panko::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } |
|
|
|
panko::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } |
|
|
|
panko::auth::auth_password: {get_param: PankoPassword} |
|
|
|
panko::auth::auth_region: {get_param: KeystoneRegion} |
|
|
|
panko::auth::auth_tenant_name: 'service' |
|
|
|
panko::expirer::minute: {get_param: PankoExpirerMinute} |
|
|
|
panko::expirer::hour: {get_param: PankoExpirerHour} |
|
|
|
panko::expirer::monthday: {get_param: PankoExpirerMonthday} |
|
|
|
panko::expirer::month: {get_param: PankoExpirerMonth} |
|
|
|
panko::expirer::weekday: {get_param: PankoExpirerWeekday} |
|
|
|
service_config_settings: |
|
|
|
keystone: |
|
|
|
panko::keystone::auth::public_url: {get_param: [EndpointMap, PankoPublic, uri]} |
|
|
|
panko::keystone::auth::internal_url: {get_param: [EndpointMap, PankoInternal, uri]} |
|
|
|
panko::keystone::auth::admin_url: {get_param: [EndpointMap, PankoAdmin, uri]} |
|
|
|
panko::keystone::auth::password: {get_param: PankoPassword} |
|
|
|
panko::keystone::auth::region: {get_param: KeystoneRegion} |
|
|
|
panko::keystone::auth::tenant: 'service' |
|
|
|
mysql: |
|
|
|
panko::db::mysql::user: panko |
|
|
|
panko::db::mysql::password: {get_param: PankoPassword} |
|
|
|
panko::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} |
|
|
|
panko::db::mysql::dbname: panko |
|
|
|
panko::db::mysql::allowed_hosts: |
|
|
|
- '%' |
|
|
|
- "%{hiera('mysql_bind_host')}" |
|
|
|
# BEGIN DOCKER SETTINGS # |
|
|
|
puppet_config: |
|
|
|
config_volume: panko |
|
|
|
puppet_tags: panko_api_paste_ini,panko_config |
|
|
|
step_config: |
|
|
|
list_join: |
|
|
|
- "\n" |
|
|
|
- - "include tripleo::profile::base::panko::api" |
|
|
|
- {get_attr: [MySQLClient, role_data, step_config]} |
|
|
|
config_image: {get_param: ContainerPankoConfigImage} |
|
|
|
kolla_config: |
|
|
|
/var/lib/kolla/config_files/panko_api.json: |
|
|
|
command: /usr/sbin/httpd -DFOREGROUND |
|
|
|
config_files: |
|
|
|
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d" |
|
|
|
dest: "/etc/httpd/conf.d" |
|
|
|
merge: false |
|
|
|
preserve_properties: true |
|
|
|
- source: "/var/lib/kolla/config_files/src/*" |
|
|
|
dest: "/" |
|
|
|
merge: true |
|
|
|
preserve_properties: true |
|
|
|
permissions: |
|
|
|
- path: /var/log/panko |
|
|
|
owner: panko:panko |
|
|
|
recurse: true |
|
|
|
/var/lib/kolla/config_files/panko_api_cron.json: |
|
|
|
command: /usr/sbin/crond -n |
|
|
|
config_files: |
|
|
|
- source: "/var/lib/kolla/config_files/src/*" |
|
|
|
dest: "/" |
|
|
|
merge: true |
|
|
|
preserve_properties: true |
|
|
|
permissions: |
|
|
|
- path: /var/log/panko |
|
|
|
owner: panko:panko |
|
|
|
recurse: true |
|
|
|
docker_config: |
|
|
|
step_2: |
|
|
|
get_attr: [PankoApiLogging, docker_config, step_2] |
|
|
|
step_3: |
|
|
|
panko_db_sync: |
|
|
|
image: &panko_api_image {get_param: ContainerPankoApiImage} |
|
|
|
net: host |
|
|
|
detach: false |
|
|
|
privileged: false |
|
|
|
user: root |
|
|
|
volumes: |
|
|
|
list_concat: |
|
|
|
- {get_attr: [ContainersCommon, volumes]} |
|
|
|
- {get_attr: [PankoApiLogging, volumes]} |
|
|
|
- |
|
|
|
- /var/lib/config-data/panko/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro |
|
|
|
- /var/lib/config-data/panko/etc/panko:/etc/panko:ro |
|
|
|
command: |
|
|
|
# NOTE(jaosorior): When providing extra arguments, we need to make sure that they're part |
|
|
|
# of the bash -c invocation, so we include them in the quoted db sync command. Hence the |
|
|
|
# final single quote that's part of the list_join. |
|
|
|
list_join: |
|
|
|
- ' ' |
|
|
|
- - "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync" |
|
|
|
- {get_attr: [PankoApiLogging, cmd_extra_args]} |
|
|
|
- "'" |
|
|
|
step_4: |
|
|
|
panko_api: |
|
|
|
start_order: 2 |
|
|
|
image: *panko_api_image |
|
|
|
net: host |
|
|
|
privileged: false |
|
|
|
restart: always |
|
|
|
healthcheck: |
|
|
|
test: /openstack/healthcheck |
|
|
|
volumes: |
|
|
|
list_concat: |
|
|
|
- {get_attr: [ContainersCommon, volumes]} |
|
|
|
- {get_attr: [PankoApiLogging, volumes]} |
|
|
|
- |
|
|
|
- /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro |
|
|
|
- /var/lib/config-data/puppet-generated/panko/:/var/lib/kolla/config_files/src:ro |
|
|
|
- |
|
|
|
if: |
|
|
|
- internal_tls_enabled |
|
|
|
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro |
|
|
|
- '' |
|
|
|
- |
|
|
|
if: |
|
|
|
- internal_tls_enabled |
|
|
|
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro |
|
|
|
- '' |
|
|
|
environment: |
|
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS |
|
|
|
panko_api_cron: |
|
|
|
image: *panko_api_image |
|
|
|
net: host |
|
|
|
user: root |
|
|
|
privileged: false |
|
|
|
restart: always |
|
|
|
healthcheck: |
|
|
|
test: '/usr/share/openstack-tripleo-common/healthcheck/cron panko' |
|
|
|
volumes: |
|
|
|
list_concat: |
|
|
|
- {get_attr: [ContainersCommon, volumes]} |
|
|
|
- {get_attr: [PankoApiLogging, volumes]} |
|
|
|
- |
|
|
|
- /var/lib/kolla/config_files/panko_api_cron.json:/var/lib/kolla/config_files/config.json:ro |
|
|
|
- /var/lib/config-data/puppet-generated/panko/:/var/lib/kolla/config_files/src:ro |
|
|
|
environment: |
|
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS |
|
|
|
host_prep_tasks: {get_attr: [PankoApiLogging, host_prep_tasks]} |
|
|
|
metadata_settings: |
|
|
|
get_attr: [ApacheServiceBase, role_data, metadata_settings] |
|
|
|
post_upgrade_tasks: |
|
|
|
- when: step|int == 1 |
|
|
|
import_role: |
|
|
|
name: tripleo-docker-rm |
|
|
|
vars: |
|
|
|
containers_to_rm: |
|
|
|
- panko_api |
|
|
|
- panko_api_cron |
|
|
|
tripleo_container_cli: "docker" |
|
|
|
external_upgrade_tasks: |
|
|
|
- when: |
|
|
|
- step|int == 1 |
|
|
|
tags: |
|
|
|
- never |
|
|
|
- system_upgrade_transfer_data |
|
|
|
- system_upgrade_stop_services |
|
|
|
block: |
|
|
|
- name: Stop panko containers |
|
|
|
import_role: |
|
|
|
name: tripleo-container-stop |
|
|
|
vars: |
|
|
|
tripleo_containers_to_stop: |
|
|
|
- panko_api |
|
|
|
- panko_api_cron |
|
|
|
tripleo_delegate_to: "{{ groups['panko_api'] | default([]) }}" |