flatten the ec2 service configurations

This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration
for the ec2 services.

Related-Blueprint: services-yaml-flattening

Change-Id: I401a1766222d45a4a584069d27cd880806cbab9f
This commit is contained in:
Dan Prince 2019-02-25 08:33:23 -05:00
parent 92766d5a69
commit 9b1bb23aa6
6 changed files with 161 additions and 234 deletions

View File

@ -3,7 +3,7 @@ resource_registry:
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Services::BarbicanApi: ../../deployment/barbican/barbican-api-container-puppet.yaml
OS::TripleO::Services::Zaqar: ../../deployment/zaqar/zaqar-container-puppet.yaml
OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml
OS::TripleO::Services::Ec2Api: ../../deployment/ec2/ec2-api-container-puppet.yaml
OS::TripleO::Services::PankoApi: ../../deployment/deprecated/panko/panko-api-container-puppet.yaml
OS::TripleO::Services::OsloMessagingRpc: ../../deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml

View File

@ -15,7 +15,7 @@ resource_registry:
OS::TripleO::Services::HeatEngine: ../../deployment/heat/heat-engine-container-puppet.yaml
OS::TripleO::Services::BarbicanApi: ../../deployment/barbican/barbican-api-container-puppet.yaml
OS::TripleO::Services::Zaqar: ../../deployment/zaqar/zaqar-container-puppet.yaml
OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml
OS::TripleO::Services::Ec2Api: ../../deployment/ec2/ec2-api-container-puppet.yaml
OS::TripleO::Services::PankoApi: ../../deployment/deprecated/panko/panko-api-container-puppet.yaml
OS::TripleO::Services::OsloMessagingRpc: ../../deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml

View File

@ -44,42 +44,179 @@ parameters:
EnableInternalTLS:
type: boolean
default: false
Ec2ApiWorkers:
default: 0
description: Number of workers for EC2-API service.
type: number
Ec2ApiPassword:
description: The password for the nova service and db account, used by nova-api.
type: string
hidden: true
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
Ec2ApiExternalNetwork:
type: string
default: ''
description: Name of the external network, which is used to connect VPCs to
Internet and to allocate Elastic IPs
NovaDefaultFloatingPool:
default: 'public'
description: Default pool for floating IP addresses
type: string
MonitoringSubscriptionEc2Api:
default: 'overcloud-ec2-api'
type: string
EnablePackageInstall:
default: 'false'
description: Set to true to enable package installation at deploy time
type: boolean
Ec2ApiPolicies:
description: |
A hash of policies to configure for EC2-API.
e.g. { ec2api-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
nova_workers_zero: {equals : [{get_param: Ec2ApiWorkers}, 0]}
external_network_unset: {equals : [{get_param: Ec2ApiExternalNetwork}, '']}
use_tls_proxy: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
type: ../../docker/services/containers-common.yaml
MySQLClient:
type: ../../deployment/database/mysql-client.yaml
Ec2ApiPuppetBase:
type: ../../puppet/services/ec2-api.yaml
TLSProxyBase:
type: OS::TripleO::Services::TLSProxyBase
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
EndpointMap: {get_param: EndpointMap}
EnableInternalTLS: {get_param: EnableInternalTLS}
outputs:
role_data:
description: Role data for the EC2 API role.
value:
service_name: {get_attr: [Ec2ApiPuppetBase, role_data, service_name]}
config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, config_settings]}
service_config_settings:
service_name: ec2_api
monitoring_subscription: {get_param: MonitoringSubscriptionEc2Api}
config_settings:
map_merge:
- get_attr: [Ec2ApiPuppetBase, role_data, service_config_settings]
- fluentd:
- get_attr: [TLSProxyBase, role_data, config_settings]
- tripleo::ec2_api::firewall_rules:
'113 ec2_api':
dport:
- 8788
- 13788
ec2api::keystone::authtoken::project_name: 'service'
ec2api::keystone::authtoken::password: {get_param: Ec2ApiPassword}
ec2api::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
ec2api::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
ec2api::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
ec2api::policy::policies: {get_param: Ec2ApiPolicies}
ec2api::api::enabled: true
ec2api::package_manage: {get_param: EnablePackageInstall}
ec2api::api::ec2api_listen:
if:
- use_tls_proxy
- 'localhost'
- str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
ec2api::metadata::metadata_listen:
if:
- use_tls_proxy
- 'localhost'
- str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
ec2api::db::database_connection:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
username: ec2_api
password: {get_param: Ec2ApiPassword}
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /ec2_api
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
ec2api::api::keystone_ec2_tokens_url:
list_join:
- ''
- - {get_param: [EndpointMap, KeystoneV3Internal, uri]}
- '/ec2tokens'
-
if:
- nova_workers_zero
- {}
- ec2api::api::ec2api_workers: {get_param: Ec2ApiWorkers}
ec2api::metadata::metadata_workers: {get_param: Ec2ApiWorkers}
-
if:
- external_network_unset
- ec2api::api::external_network: {get_param: NovaDefaultFloatingPool}
- ec2api::api::external_network: {get_param: Ec2ApiExternalNetwork}
-
if:
- use_tls_proxy
- tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_bind_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_fqdn:
str_replace:
template: "%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_bind_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_fqdn:
str_replace:
template: "%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
- {}
service_config_settings:
fluentd:
tripleo_fluentd_groups_ec2_api:
- nova
tripleo_fluentd_sources_ec2_api:
- {get_param: Ec2ApiLoggingSource}
keystone:
ec2api::keystone::auth::tenant: 'service'
ec2api::keystone::auth::public_url: {get_param: [EndpointMap, Ec2ApiPublic, uri]}
ec2api::keystone::auth::internal_url: {get_param: [EndpointMap, Ec2ApiInternal, uri]}
ec2api::keystone::auth::admin_url: {get_param: [EndpointMap, Ec2ApiAdmin, uri]}
ec2api::keystone::auth::password: {get_param: Ec2ApiPassword}
ec2api::keystone::auth::region: {get_param: KeystoneRegion}
mysql:
ec2api::db::mysql::password: {get_param: Ec2ApiPassword}
ec2api::db::mysql::user: ec2_api
ec2api::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
ec2api::db::mysql::dbname: ec2_api
ec2api::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: ec2_api
@ -87,7 +224,7 @@ outputs:
step_config:
list_join:
- "\n"
- - {get_attr: [Ec2ApiPuppetBase, role_data, step_config]}
- - "include tripleo::profile::base::nova::ec2api"
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerEc2ApiConfigImage}
kolla_config:
@ -238,4 +375,4 @@ outputs:
- - ec2_api_tls_proxy
- null
metadata_settings:
get_attr: [Ec2ApiPuppetBase, role_data, metadata_settings]
get_attr: [TLSProxyBase, role_data, metadata_settings]

View File

@ -1,2 +1,2 @@
resource_registry:
OS::TripleO::Services::Ec2Api: ../../puppet/services/ec2-api.yaml
OS::TripleO::Services::Ec2Api: ../../deployment/ec2/ec2-api-container-puppet.yaml

View File

@ -1,3 +1,3 @@
# A Heat environment file which can be used to enable EC2-API service.
resource_registry:
OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml
OS::TripleO::Services::Ec2Api: ../../deployment/ec2/ec2-api-container-puppet.yaml

View File

@ -1,210 +0,0 @@
heat_template_version: rocky
description: >
OpenStack EC2-API service configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
Ec2ApiWorkers:
default: 0
description: Number of workers for EC2-API service.
type: number
Ec2ApiPassword:
description: The password for the nova service and db account, used by nova-api.
type: string
hidden: true
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
Ec2ApiExternalNetwork:
type: string
default: ''
description: Name of the external network, which is used to connect VPCs to
Internet and to allocate Elastic IPs
NovaDefaultFloatingPool:
default: 'public'
description: Default pool for floating IP addresses
type: string
MonitoringSubscriptionEc2Api:
default: 'overcloud-ec2-api'
type: string
Ec2ApiLoggingSource:
type: json
default:
tag: openstack.ec2.api
path: /var/log/ec2api/ec2api.log
EnablePackageInstall:
default: 'false'
description: Set to true to enable package installation at deploy time
type: boolean
Ec2ApiPolicies:
description: |
A hash of policies to configure for EC2-API.
e.g. { ec2api-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
EnableInternalTLS:
type: boolean
default: false
conditions:
nova_workers_zero: {equals : [{get_param: Ec2ApiWorkers}, 0]}
external_network_unset: {equals : [{get_param: Ec2ApiExternalNetwork}, '']}
use_tls_proxy: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
TLSProxyBase:
type: OS::TripleO::Services::TLSProxyBase
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
EnableInternalTLS: {get_param: EnableInternalTLS}
outputs:
role_data:
description: Role data for the EC2-API service.
value:
service_name: ec2_api
monitoring_subscription: {get_param: MonitoringSubscriptionEc2Api}
config_settings:
map_merge:
- get_attr: [TLSProxyBase, role_data, config_settings]
- tripleo::ec2_api::firewall_rules:
'113 ec2_api':
dport:
- 8788
- 13788
ec2api::keystone::authtoken::project_name: 'service'
ec2api::keystone::authtoken::password: {get_param: Ec2ApiPassword}
ec2api::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
ec2api::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
ec2api::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
ec2api::policy::policies: {get_param: Ec2ApiPolicies}
ec2api::api::enabled: true
ec2api::package_manage: {get_param: EnablePackageInstall}
ec2api::api::ec2api_listen:
if:
- use_tls_proxy
- 'localhost'
- str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
ec2api::metadata::metadata_listen:
if:
- use_tls_proxy
- 'localhost'
- str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
ec2api::db::database_connection:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
username: ec2_api
password: {get_param: Ec2ApiPassword}
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /ec2_api
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
ec2api::api::keystone_ec2_tokens_url:
list_join:
- ''
- - {get_param: [EndpointMap, KeystoneV3Internal, uri]}
- '/ec2tokens'
-
if:
- nova_workers_zero
- {}
- ec2api::api::ec2api_workers: {get_param: Ec2ApiWorkers}
ec2api::metadata::metadata_workers: {get_param: Ec2ApiWorkers}
-
if:
- external_network_unset
- ec2api::api::external_network: {get_param: NovaDefaultFloatingPool}
- ec2api::api::external_network: {get_param: Ec2ApiExternalNetwork}
-
if:
- use_tls_proxy
- tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_bind_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_fqdn:
str_replace:
template: "%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_bind_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_fqdn:
str_replace:
template: "%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
- {}
step_config: |
include tripleo::profile::base::nova::ec2api
service_config_settings:
fluentd:
tripleo_fluentd_groups_ec2_api:
- nova
tripleo_fluentd_sources_ec2_api:
- {get_param: Ec2ApiLoggingSource}
keystone:
ec2api::keystone::auth::tenant: 'service'
ec2api::keystone::auth::public_url: {get_param: [EndpointMap, Ec2ApiPublic, uri]}
ec2api::keystone::auth::internal_url: {get_param: [EndpointMap, Ec2ApiInternal, uri]}
ec2api::keystone::auth::admin_url: {get_param: [EndpointMap, Ec2ApiAdmin, uri]}
ec2api::keystone::auth::password: {get_param: Ec2ApiPassword}
ec2api::keystone::auth::region: {get_param: KeystoneRegion}
mysql:
ec2api::db::mysql::password: {get_param: Ec2ApiPassword}
ec2api::db::mysql::user: ec2_api
ec2api::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
ec2api::db::mysql::dbname: ec2_api
ec2api::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
upgrade_tasks: []
metadata_settings:
get_attr: [TLSProxyBase, role_data, metadata_settings]