Browse Source
EC2 api was deprecated with Ieb108a363cecafe3407d0dd505947c99bb24226c. Lets remove it. Change-Id: Ied22623e56d8a01649486b43a7c673470f75f13bchanges/03/690103/3
30 changed files with 1 additions and 852 deletions
@ -1,393 +0,0 @@
|
||||
heat_template_version: rocky |
||||
|
||||
description: > |
||||
OpenStack containerized EC2 API service |
||||
|
||||
parameters: |
||||
ContainerEc2ApiImage: |
||||
description: image |
||||
type: string |
||||
ContainerEc2ApiConfigImage: |
||||
description: The container image to use for the ec2_api config_volume |
||||
type: string |
||||
Ec2ApiLoggingSource: |
||||
type: json |
||||
default: |
||||
tag: openstack.ec2.api |
||||
file: /var/log/containers/ec2api/ec2api.log |
||||
EndpointMap: |
||||
default: {} |
||||
description: Mapping of service endpoint -> protocol. Typically set |
||||
via parameter_defaults in the resource registry. |
||||
type: json |
||||
ServiceData: |
||||
default: {} |
||||
description: Dictionary packing service data |
||||
type: json |
||||
ServiceNetMap: |
||||
default: {} |
||||
description: Mapping of service_name -> network name. Typically set |
||||
via parameter_defaults in the resource registry. This |
||||
mapping overrides those in ServiceNetMapDefaults. |
||||
type: json |
||||
DefaultPasswords: |
||||
default: {} |
||||
type: json |
||||
EnableSQLAlchemyCollectd: |
||||
type: boolean |
||||
description: > |
||||
Set to true to enable the SQLAlchemy-collectd server plugin |
||||
default: false |
||||
RoleName: |
||||
default: '' |
||||
description: Role name on which the service is applied |
||||
type: string |
||||
RoleParameters: |
||||
default: {} |
||||
description: Parameters specific to the role |
||||
type: json |
||||
EnableInternalTLS: |
||||
type: boolean |
||||
default: false |
||||
Ec2ApiWorkers: |
||||
default: 0 |
||||
description: Number of workers for EC2-API service. |
||||
type: number |
||||
Ec2ApiPassword: |
||||
description: The password for the nova service and db account, used by nova-api. |
||||
type: string |
||||
hidden: true |
||||
KeystoneRegion: |
||||
type: string |
||||
default: 'regionOne' |
||||
description: Keystone region for endpoint |
||||
Ec2ApiExternalNetwork: |
||||
type: string |
||||
default: '' |
||||
description: Name of the external network, which is used to connect VPCs to |
||||
Internet and to allocate Elastic IPs |
||||
NovaDefaultFloatingPool: |
||||
default: 'public' |
||||
description: Default pool for floating IP addresses |
||||
type: string |
||||
MonitoringSubscriptionEc2Api: |
||||
default: 'overcloud-ec2-api' |
||||
type: string |
||||
EnablePackageInstall: |
||||
default: 'false' |
||||
description: Set to true to enable package installation at deploy time |
||||
type: boolean |
||||
Ec2ApiPolicies: |
||||
description: | |
||||
A hash of policies to configure for EC2-API. |
||||
e.g. { ec2api-context_is_admin: { key: context_is_admin, value: 'role:admin' } } |
||||
default: {} |
||||
type: json |
||||
|
||||
conditions: |
||||
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} |
||||
nova_workers_zero: {equals : [{get_param: Ec2ApiWorkers}, 0]} |
||||
external_network_unset: {equals : [{get_param: Ec2ApiExternalNetwork}, '']} |
||||
use_tls_proxy: {equals: [{get_param: EnableInternalTLS}, true]} |
||||
enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]} |
||||
|
||||
resources: |
||||
|
||||
ContainersCommon: |
||||
type: ../../../deployment/containers-common.yaml |
||||
|
||||
MySQLClient: |
||||
type: ../../../deployment/database/mysql-client.yaml |
||||
|
||||
|
||||
TLSProxyBase: |
||||
type: OS::TripleO::Services::TLSProxyBase |
||||
properties: |
||||
ServiceData: {get_param: ServiceData} |
||||
ServiceNetMap: {get_param: ServiceNetMap} |
||||
DefaultPasswords: {get_param: DefaultPasswords} |
||||
EndpointMap: {get_param: EndpointMap} |
||||
EnableInternalTLS: {get_param: EnableInternalTLS} |
||||
|
||||
outputs: |
||||
role_data: |
||||
description: Role data for the EC2 API role. |
||||
value: |
||||
service_name: ec2_api |
||||
monitoring_subscription: {get_param: MonitoringSubscriptionEc2Api} |
||||
config_settings: |
||||
map_merge: |
||||
- get_attr: [TLSProxyBase, role_data, config_settings] |
||||
- tripleo::ec2_api::firewall_rules: |
||||
'113 ec2_api': |
||||
dport: |
||||
- 8788 |
||||
- 13788 |
||||
ec2api::keystone::authtoken::project_name: 'service' |
||||
ec2api::keystone::authtoken::password: {get_param: Ec2ApiPassword} |
||||
ec2api::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } |
||||
ec2api::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } |
||||
ec2api::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} |
||||
ec2api::policy::policies: {get_param: Ec2ApiPolicies} |
||||
ec2api::api::enabled: true |
||||
ec2api::package_manage: {get_param: EnablePackageInstall} |
||||
ec2api::api::ec2api_listen: |
||||
if: |
||||
- use_tls_proxy |
||||
- "%{hiera('localhost_address')}" |
||||
- str_replace: |
||||
template: |
||||
"%{hiera('fqdn_$NETWORK')}" |
||||
params: |
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]} |
||||
ec2api::metadata::metadata_listen: |
||||
if: |
||||
- use_tls_proxy |
||||
- "%{hiera('localhost_address')}" |
||||
- str_replace: |
||||
template: |
||||
"%{hiera('fqdn_$NETWORK')}" |
||||
params: |
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]} |
||||
ec2api::db::database_connection: |
||||
make_url: |
||||
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} |
||||
username: ec2_api |
||||
password: {get_param: Ec2ApiPassword} |
||||
host: {get_param: [EndpointMap, MysqlInternal, host]} |
||||
path: /ec2_api |
||||
query: |
||||
if: |
||||
- enable_sqlalchemy_collectd |
||||
- |
||||
read_default_file: /etc/my.cnf.d/tripleo.cnf |
||||
read_default_group: tripleo |
||||
plugin: collectd |
||||
collectd_program_name: ec2_api |
||||
collectd_host: localhost |
||||
- |
||||
read_default_file: /etc/my.cnf.d/tripleo.cnf |
||||
read_default_group: tripleo |
||||
|
||||
ec2api::api::keystone_ec2_tokens_url: |
||||
list_join: |
||||
- '' |
||||
- - {get_param: [EndpointMap, KeystoneV3Internal, uri]} |
||||
- '/ec2tokens' |
||||
- |
||||
if: |
||||
- nova_workers_zero |
||||
- {} |
||||
- ec2api::api::ec2api_workers: {get_param: Ec2ApiWorkers} |
||||
ec2api::metadata::metadata_workers: {get_param: Ec2ApiWorkers} |
||||
- |
||||
if: |
||||
- external_network_unset |
||||
- ec2api::api::external_network: {get_param: NovaDefaultFloatingPool} |
||||
- ec2api::api::external_network: {get_param: Ec2ApiExternalNetwork} |
||||
- |
||||
if: |
||||
- use_tls_proxy |
||||
- tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_bind_ip: |
||||
str_replace: |
||||
template: |
||||
"%{hiera('$NETWORK')}" |
||||
params: |
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]} |
||||
tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_fqdn: |
||||
str_replace: |
||||
template: "%{hiera('fqdn_$NETWORK')}" |
||||
params: |
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]} |
||||
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_bind_ip: |
||||
str_replace: |
||||
template: |
||||
"%{hiera('$NETWORK')}" |
||||
params: |
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]} |
||||
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_fqdn: |
||||
str_replace: |
||||
template: "%{hiera('fqdn_$NETWORK')}" |
||||
params: |
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]} |
||||
- {} |
||||
service_config_settings: |
||||
rsyslog: |
||||
tripleo_logging_sources_ec2_api: |
||||
- {get_param: Ec2ApiLoggingSource} |
||||
keystone: |
||||
ec2api::keystone::auth::tenant: 'service' |
||||
ec2api::keystone::auth::public_url: {get_param: [EndpointMap, Ec2ApiPublic, uri]} |
||||
ec2api::keystone::auth::internal_url: {get_param: [EndpointMap, Ec2ApiInternal, uri]} |
||||
ec2api::keystone::auth::admin_url: {get_param: [EndpointMap, Ec2ApiAdmin, uri]} |
||||
ec2api::keystone::auth::password: {get_param: Ec2ApiPassword} |
||||
ec2api::keystone::auth::region: {get_param: KeystoneRegion} |
||||
mysql: |
||||
ec2api::db::mysql::password: {get_param: Ec2ApiPassword} |
||||
ec2api::db::mysql::user: ec2_api |
||||
ec2api::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} |
||||
ec2api::db::mysql::dbname: ec2_api |
||||
ec2api::db::mysql::allowed_hosts: |
||||
- '%' |
||||
- "%{hiera('mysql_bind_host')}" |
||||
# BEGIN DOCKER SETTINGS |
||||
puppet_config: |
||||
config_volume: ec2_api |
||||
puppet_tags: ec2api_api_paste_ini,ec2api_config |
||||
step_config: |
||||
list_join: |
||||
- "\n" |
||||
- - "include tripleo::profile::base::nova::ec2api" |
||||
- {get_attr: [MySQLClient, role_data, step_config]} |
||||
config_image: {get_param: ContainerEc2ApiConfigImage} |
||||
kolla_config: |
||||
/var/lib/kolla/config_files/ec2_api.json: |
||||
command: /usr/bin/ec2-api |
||||
config_files: |
||||
- source: "/var/lib/kolla/config_files/src/*" |
||||
dest: "/" |
||||
merge: true |
||||
preserve_properties: true |
||||
permissions: |
||||
- path: /var/log/ec2api |
||||
owner: ec2api:ec2api |
||||
recurse: true |
||||
/var/lib/kolla/config_files/ec2_api_tls_proxy.json: |
||||
command: /usr/sbin/httpd -DFOREGROUND |
||||
config_files: |
||||
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d" |
||||
dest: "/etc/httpd/conf.d" |
||||
merge: false |
||||
preserve_properties: true |
||||
- source: "/var/lib/kolla/config_files/src/*" |
||||
dest: "/" |
||||
merge: true |
||||
preserve_properties: true |
||||
/var/lib/kolla/config_files/ec2_api_metadata.json: |
||||
command: /usr/bin/ec2-api-metadata |
||||
config_files: |
||||
- source: "/var/lib/kolla/config_files/src/*" |
||||
dest: "/" |
||||
merge: true |
||||
preserve_properties: true |
||||
permissions: |
||||
- path: /var/log/ec2api # default log dir for metadata service as well |
||||
owner: ec2api:ec2api |
||||
recurse: true |
||||
docker_config: |
||||
# db sync runs before permissions set by kolla_config |
||||
step_2: |
||||
ec2_api_init_logs: |
||||
image: &ec2_api_image {get_param: ContainerEc2ApiImage} |
||||
net: none |
||||
privileged: false |
||||
user: root |
||||
volumes: |
||||
- /var/log/containers/ec2_api:/var/log/ec2api:z |
||||
# mount ec2_api_metadata to "ec2api-metadata" only here to fix |
||||
# permissions of both directories in one go |
||||
- /var/log/containers/ec2_api_metadata:/var/log/ec2api-metadata:z |
||||
command: ['/bin/bash', '-c', 'chown -R ec2api:ec2api /var/log/ec2api /var/log/ec2api-metadata'] |
||||
step_3: |
||||
ec2_api_db_sync: |
||||
image: *ec2_api_image |
||||
net: host |
||||
detach: false |
||||
privileged: false |
||||
user: root |
||||
volumes: |
||||
list_concat: |
||||
- {get_attr: [ContainersCommon, volumes]} |
||||
- |
||||
- /var/lib/config-data/ec2_api/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro |
||||
- /var/lib/config-data/ec2_api/etc/ec2api/:/etc/ec2api/:ro |
||||
- /var/log/containers/ec2_api:/var/log/ec2api:z |
||||
command: "/usr/bin/bootstrap_host_exec ec2_api su ec2api -s /bin/bash -c '/usr/bin/ec2-api-manage db_sync'" |
||||
step_4: |
||||
map_merge: |
||||
- ec2_api: |
||||
image: *ec2_api_image |
||||
net: host |
||||
privileged: false |
||||
restart: always |
||||
volumes: |
||||
list_concat: |
||||
- {get_attr: [ContainersCommon, volumes]} |
||||
- |
||||
- /var/lib/kolla/config_files/ec2_api.json:/var/lib/kolla/config_files/config.json:ro |
||||
- /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro |
||||
- /var/log/containers/ec2_api:/var/log/ec2api:z |
||||
environment: |
||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS |
||||
ec2_api_metadata: |
||||
image: *ec2_api_image |
||||
net: host |
||||
privileged: false |
||||
restart: always |
||||
volumes: |
||||
list_concat: |
||||
- {get_attr: [ContainersCommon, volumes]} |
||||
- |
||||
- /var/lib/kolla/config_files/ec2_api_metadata.json:/var/lib/kolla/config_files/config.json:ro |
||||
- /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro |
||||
- /var/log/containers/ec2_api_metadata:/var/log/ec2api:z |
||||
environment: |
||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS |
||||
- if: |
||||
- internal_tls_enabled |
||||
- ec2_api_tls_proxy: |
||||
image: *ec2_api_image |
||||
net: host |
||||
user: root |
||||
restart: always |
||||
volumes: |
||||
list_concat: |
||||
- {get_attr: [ContainersCommon, volumes]} |
||||
- |
||||
- /var/lib/kolla/config_files/ec2_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro |
||||
- /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro |
||||
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro |
||||
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro |
||||
environment: |
||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS |
||||
- {} |
||||
host_prep_tasks: |
||||
- name: create persistent log directories |
||||
file: |
||||
path: "{{ item.path }}" |
||||
state: directory |
||||
setype: "{{ item.setype }}" |
||||
with_items: |
||||
- { 'path': /var/log/containers/ec2_api, 'setype': svirt_sandbox_file_t } |
||||
- { 'path': /var/log/containers/ec2_api_metadata, 'setype': svirt_sandbox_file_t } |
||||
- { 'path': /var/log/ec2_api, 'setype': svirt_sandbox_file_t } |
||||
- { 'path': /var/log/ec2_api_metadata, 'setype': svirt_sandbox_file_t } |
||||
- name: ec2_api logs readme |
||||
copy: |
||||
dest: /var/log/{{ item }}/readme.txt |
||||
content: | |
||||
Log files from ec2api containers can be found under |
||||
/var/log/containers/ec2_api and /var/log/containers/ec2_api_metadata. |
||||
with_items: |
||||
- ec2api |
||||
- ec2api-metadata |
||||
ignore_errors: true |
||||
upgrade_tasks: [] |
||||
post_upgrade_tasks: |
||||
- when: step|int == 1 |
||||
import_role: |
||||
name: tripleo-docker-rm |
||||
vars: |
||||
containers_to_rm: |
||||
with_items: |
||||
list_concat: |
||||
- - ec2_api |
||||
- - ec2_api_metadata |
||||
- - if: |
||||
- internal_tls_enabled |
||||
- - ec2_api_tls_proxy |
||||
- null |
||||
tripleo_container_cli: "docker" |
||||
metadata_settings: |
||||
get_attr: [TLSProxyBase, role_data, metadata_settings] |
@ -1,2 +0,0 @@
|
||||
resource_registry: |
||||
OS::TripleO::Services::Ec2Api: ../../deployment/deprecated/ec2/ec2-api-container-puppet.yaml |
@ -1,3 +0,0 @@
|
||||
# A Heat environment file which can be used to enable EC2-API service. |
||||
resource_registry: |
||||
OS::TripleO::Services::Ec2Api: ../../deployment/deprecated/ec2/ec2-api-container-puppet.yaml |
Loading…
Reference in new issue