diff --git a/puppet/services/tacker.yaml b/deployment/tacker/tacker-container-puppet.yaml similarity index 57% rename from puppet/services/tacker.yaml rename to deployment/tacker/tacker-container-puppet.yaml index 4123b4812c..a001fd842e 100644 --- a/puppet/services/tacker.yaml +++ b/deployment/tacker/tacker-container-puppet.yaml @@ -1,9 +1,20 @@ heat_template_version: rocky description: > - OpenStack Tacker service configured with Puppet + OpenStack containerized Tacker service parameters: + DockerTackerImage: + description: image + type: string + DockerTackerConfigImage: + description: The container image to use for the tacker config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json ServiceData: default: {} description: Dictionary packing service data @@ -25,11 +36,6 @@ parameters: default: {} description: Parameters specific to the role type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json TackerPassword: description: The password for the tacker service account. type: string @@ -80,6 +86,14 @@ parameters: conditions: service_debug_unset: {equals : [{get_param: TackerDebug}, '']} +resources: + + ContainersCommon: + type: ../../docker/services/containers-common.yaml + + MySQLClient: + type: ../database/mysql-client.yaml + outputs: role_data: description: Role data for the Tacker role. @@ -115,7 +129,6 @@ outputs: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, TackerApiNetwork]} - tacker::keystone::authtoken::project_name: 'service' tacker::keystone::authtoken::user_domain_name: 'Default' tacker::keystone::authtoken::project_domain_name: 'Default' @@ -145,7 +158,94 @@ outputs: tacker::keystone::auth::public_url: {get_param: [EndpointMap, TackerPublic, uri]} tacker::keystone::auth::internal_url: {get_param: [EndpointMap, TackerInternal, uri]} tacker::keystone::auth::admin_url: {get_param: [EndpointMap, TackerAdmin, uri]} - - step_config: | - include ::tripleo::profile::base::tacker + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: tacker + puppet_tags: tacker_config + step_config: + list_join: + - "\n" + - - "include ::tripleo::profile::base::tacker" + - {get_attr: [MySQLClient, role_data, step_config]} + config_image: {get_param: DockerTackerConfigImage} + kolla_config: + /var/lib/kolla/config_files/tacker_api.json: + command: /usr/bin/tacker-server --config-file=/etc/tacker/tacker.conf --log-file=/var/log/tacker/api.log + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/tacker + owner: tacker:tacker + recurse: true + docker_config: + # db sync runs before permissions set by kolla_config + step_2: + tacker_init_logs: + image: &tacker_image {get_param: DockerTackerImage} + net: none + privileged: false + user: root + volumes: + - /var/log/containers/tacker:/var/log/tacker + command: ['/bin/bash', '-c', 'chown -R tacker:tacker /var/log/tacker'] + step_3: + tacker_db_sync: + image: *tacker_image + net: host + privileged: false + detach: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + # FIXME(mandre) mounting /etc rw to workaround LP1696283 + # This should go away anyway and mount the exact files it + # needs or use kolla set_configs.py + - /var/lib/config-data/tacker/etc/:/etc/ + - /var/log/containers/tacker:/var/log/tacker + command: "/usr/bin/bootstrap_host_exec tacker su tacker -s /bin/bash -c 'tacker-db-manage --config-file /etc/tacker/tacker.conf upgrade head'" + step_4: + tacker_api: + image: *tacker_image + net: host + privileged: false + restart: always + healthcheck: + test: /openstack/healthcheck + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/tacker_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/tacker/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/tacker:/var/log/tacker + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item.path }}" + state: directory + setype: "{{ item.setype }}" + with_items: + - { 'path': /var/log/tacker, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/tacker, 'setype': svirt_sandbox_file_t } + - name: tacker logs readme + copy: + dest: /var/log/tacker/readme.txt + content: | + Log files from tacker containers can be found under + /var/log/containers/tacker. + ignore_errors: true upgrade_tasks: [] + post_upgrade_tasks: + - when: step|int == 1 + import_role: + name: tripleo-docker-rm + vars: + containers_to_rm: + - tacker_api diff --git a/docker/services/tacker.yaml b/docker/services/tacker.yaml deleted file mode 100644 index a02b030674..0000000000 --- a/docker/services/tacker.yaml +++ /dev/null @@ -1,157 +0,0 @@ -heat_template_version: rocky - -description: > - OpenStack containerized Tacker service - -parameters: - DockerTackerImage: - description: image - type: string - DockerTackerConfigImage: - description: The container image to use for the tacker config_volume - type: string - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - -resources: - - ContainersCommon: - type: ./containers-common.yaml - - MySQLClient: - type: ../../deployment/database/mysql-client.yaml - - TackerBase: - type: ../../puppet/services/tacker.yaml - properties: - EndpointMap: {get_param: EndpointMap} - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - -outputs: - role_data: - description: Role data for the Tacker role. - value: - service_name: {get_attr: [TackerBase, role_data, service_name]} - config_settings: - map_merge: - - get_attr: [TackerBase, role_data, config_settings] - service_config_settings: {get_attr: [TackerBase, role_data, service_config_settings]} - # BEGIN DOCKER SETTINGS - puppet_config: - config_volume: tacker - puppet_tags: tacker_config - step_config: - list_join: - - "\n" - - - {get_attr: [TackerBase, role_data, step_config]} - - {get_attr: [MySQLClient, role_data, step_config]} - config_image: {get_param: DockerTackerConfigImage} - kolla_config: - /var/lib/kolla/config_files/tacker_api.json: - command: /usr/bin/tacker-server --config-file=/etc/tacker/tacker.conf --log-file=/var/log/tacker/api.log - config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - permissions: - - path: /var/log/tacker - owner: tacker:tacker - recurse: true - docker_config: - # db sync runs before permissions set by kolla_config - step_2: - tacker_init_logs: - image: &tacker_image {get_param: DockerTackerImage} - net: none - privileged: false - user: root - volumes: - - /var/log/containers/tacker:/var/log/tacker - command: ['/bin/bash', '-c', 'chown -R tacker:tacker /var/log/tacker'] - step_3: - tacker_db_sync: - image: *tacker_image - net: host - privileged: false - detach: false - user: root - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - # FIXME(mandre) mounting /etc rw to workaround LP1696283 - # This should go away anyway and mount the exact files it - # needs or use kolla set_configs.py - - /var/lib/config-data/tacker/etc/:/etc/ - - /var/log/containers/tacker:/var/log/tacker - command: "/usr/bin/bootstrap_host_exec tacker su tacker -s /bin/bash -c 'tacker-db-manage --config-file /etc/tacker/tacker.conf upgrade head'" - step_4: - tacker_api: - image: *tacker_image - net: host - privileged: false - restart: always - healthcheck: - test: /openstack/healthcheck - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/tacker_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/puppet-generated/tacker/:/var/lib/kolla/config_files/src:ro - - /var/log/containers/tacker:/var/log/tacker - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - host_prep_tasks: - - name: create persistent directories - file: - path: "{{ item.path }}" - state: directory - setype: "{{ item.setype }}" - with_items: - - { 'path': /var/log/tacker, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/tacker, 'setype': svirt_sandbox_file_t } - - name: tacker logs readme - copy: - dest: /var/log/tacker/readme.txt - content: | - Log files from tacker containers can be found under - /var/log/containers/tacker. - ignore_errors: true - upgrade_tasks: [] - post_upgrade_tasks: - - when: step|int == 1 - import_role: - name: tripleo-docker-rm - vars: - containers_to_rm: - - tacker_api diff --git a/environments/enable_tacker.yaml b/environments/enable_tacker.yaml index 5079d1d4a4..4e34167ea1 100644 --- a/environments/enable_tacker.yaml +++ b/environments/enable_tacker.yaml @@ -1,2 +1,2 @@ resource_registry: - OS::TripleO::Services::Tacker: ../docker/services/tacker.yaml + OS::TripleO::Services::Tacker: ../deployment/tacker/tacker-container-puppet.yaml diff --git a/environments/services-baremetal/tacker.yaml b/environments/services-baremetal/tacker.yaml index 15cd09161d..d6f9d1f234 100644 --- a/environments/services-baremetal/tacker.yaml +++ b/environments/services-baremetal/tacker.yaml @@ -1,2 +1,2 @@ resource_registry: - OS::TripleO::Services::Tacker: ../../puppet/services/tacker.yaml + OS::TripleO::Services::Tacker: ../../deployment/tacker/tacker-container-puppet.yaml diff --git a/environments/services/tacker.yaml b/environments/services/tacker.yaml index cba8d6b9af..d6f9d1f234 100644 --- a/environments/services/tacker.yaml +++ b/environments/services/tacker.yaml @@ -1,2 +1,2 @@ resource_registry: - OS::TripleO::Services::Tacker: ../../docker/services/tacker.yaml + OS::TripleO::Services::Tacker: ../../deployment/tacker/tacker-container-puppet.yaml