Merge "Run octavia-api under httpd" into stable/queens
This commit is contained in:
commit
67ce74ed8b
|
@ -97,7 +97,7 @@ outputs:
|
|||
config_image: {get_param: DockerOctaviaConfigImage}
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/octavia_api.json:
|
||||
command: /usr/bin/octavia-api --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/api.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-api
|
||||
command: /usr/sbin/httpd -DFOREGROUND
|
||||
config_files:
|
||||
- source: "/var/lib/kolla/config_files/src/*"
|
||||
dest: "/"
|
||||
|
@ -107,13 +107,6 @@ outputs:
|
|||
- path: /var/log/octavia
|
||||
owner: octavia:octavia
|
||||
recurse: true
|
||||
/var/lib/kolla/config_files/octavia_api_tls_proxy.json:
|
||||
command: /usr/sbin/httpd -DFOREGROUND
|
||||
config_files:
|
||||
- source: "/var/lib/kolla/config_files/src/*"
|
||||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
docker_puppet_tasks:
|
||||
step_5:
|
||||
config_volume: octavia
|
||||
|
@ -165,6 +158,7 @@ outputs:
|
|||
net: host
|
||||
privileged: false
|
||||
restart: always
|
||||
user: root
|
||||
healthcheck:
|
||||
test: /openstack/healthcheck
|
||||
volumes:
|
||||
|
@ -173,29 +167,20 @@ outputs:
|
|||
-
|
||||
- /var/lib/kolla/config_files/octavia_api.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro
|
||||
- /var/log/containers/octavia:/var/log/octavia
|
||||
- /var/log/containers/httpd/octavia-api:/var/log/httpd
|
||||
- /var/log/containers/octavia:/var/log/octavia:z
|
||||
- /var/log/containers/httpd/octavia-api:/var/log/httpd:z
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
||||
- ''
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
||||
- ''
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- octavia_api_tls_proxy:
|
||||
start_order: 2
|
||||
image: *octavia_api_image
|
||||
net: host
|
||||
user: root
|
||||
restart: always
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/octavia_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro
|
||||
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
||||
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
- {}
|
||||
host_prep_tasks:
|
||||
- name: create persistent directories
|
||||
file:
|
||||
|
@ -213,6 +198,14 @@ outputs:
|
|||
Log files from octavia containers can be found under
|
||||
/var/log/containers/octavia and /var/log/containers/httpd/octavia-api.
|
||||
ignore_errors: true
|
||||
update_tasks:
|
||||
- name: remove TLS proxy if configured and running
|
||||
when:
|
||||
- step|int == 2
|
||||
- internal_tls_enabled|bool
|
||||
docker:
|
||||
name: octavia_api_tls_proxy
|
||||
state: absent
|
||||
upgrade_tasks:
|
||||
- when: step|int == 0
|
||||
tags: common
|
||||
|
@ -260,5 +253,10 @@ outputs:
|
|||
- octavia_api_httpd_enabled|bool
|
||||
- httpd_running|bool
|
||||
service: name=httpd state=stopped
|
||||
- name: remove TLS proxy if configured and running
|
||||
when: internal_tls_enabled|bool
|
||||
docker:
|
||||
name: octavia_api_tls_proxy
|
||||
state: absent
|
||||
metadata_settings:
|
||||
get_attr: [OctaviaApiPuppetBase, role_data, metadata_settings]
|
||||
|
|
|
@ -64,22 +64,8 @@ parameters:
|
|||
type: boolean
|
||||
default: false
|
||||
|
||||
conditions:
|
||||
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
resources:
|
||||
|
||||
TLSProxyBase:
|
||||
type: OS::TripleO::Services::TLSProxyBase
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
EnableInternalTLS: {get_param: EnableInternalTLS}
|
||||
|
||||
OctaviaBase:
|
||||
type: ./octavia-base.yaml
|
||||
properties:
|
||||
|
@ -110,14 +96,16 @@ outputs:
|
|||
map_merge:
|
||||
- get_attr: [OctaviaBase, role_data, config_settings]
|
||||
- get_attr: [OctaviaController, role_data, config_settings]
|
||||
- octavia::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
- get_attr: [TLSProxyBase, role_data, config_settings]
|
||||
- octavia::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
octavia::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
octavia::policy::policies: {get_param: OctaviaApiPolicies}
|
||||
octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
octavia::keystone::authtoken::project_name: {get_param: OctaviaProjectName}
|
||||
octavia::keystone::authtoken::password: {get_param: OctaviaPassword}
|
||||
octavia::api::sync_db: true
|
||||
tripleo.octavia_api.firewall_rules:
|
||||
octavia::api::service_name: 'httpd'
|
||||
octavia::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
||||
tripleo::octavia_api::firewall_rules:
|
||||
'120 octavia api':
|
||||
dport:
|
||||
- 9876
|
||||
|
@ -127,27 +115,24 @@ outputs:
|
|||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
tripleo::profile::base::octavia::api::tls_proxy_bind_ip:
|
||||
octavia::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
|
||||
tripleo::profile::base::octavia::api::tls_proxy_fqdn:
|
||||
octavia::wsgi::apache::server_name:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
|
||||
tripleo::profile::base::octavia::api::tls_proxy_port:
|
||||
get_param: [EndpointMap, OctaviaInternal, port]
|
||||
# Bind to localhost if internal TLS is enabled, since we put a TLS
|
||||
# proxy in front.
|
||||
octavia::api::host:
|
||||
if:
|
||||
- use_tls_proxy
|
||||
- '127.0.0.1'
|
||||
- {get_param: [ServiceNetMap, OctaviaApiNetwork]}
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
|
||||
step_config: |
|
||||
include tripleo::profile::base::octavia::api
|
||||
service_config_settings:
|
||||
|
@ -171,5 +156,3 @@ outputs:
|
|||
octavia::db::mysql::allowed_hosts:
|
||||
- '%'
|
||||
- "%{hiera('mysql_bind_host')}"
|
||||
metadata_settings:
|
||||
get_attr: [TLSProxyBase, role_data, metadata_settings]
|
||||
|
|
Loading…
Reference in New Issue