flatten the ec2 service configurations
This change combines the previous puppet and docker files into a single file that performs the docker service installation and configuration for the ec2 services. Related-Blueprint: services-yaml-flattening Change-Id: I401a1766222d45a4a584069d27cd880806cbab9f
This commit is contained in:
parent
92766d5a69
commit
9b1bb23aa6
@ -3,7 +3,7 @@ resource_registry:
|
||||
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
|
||||
OS::TripleO::Services::BarbicanApi: ../../deployment/barbican/barbican-api-container-puppet.yaml
|
||||
OS::TripleO::Services::Zaqar: ../../deployment/zaqar/zaqar-container-puppet.yaml
|
||||
OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml
|
||||
OS::TripleO::Services::Ec2Api: ../../deployment/ec2/ec2-api-container-puppet.yaml
|
||||
OS::TripleO::Services::PankoApi: ../../deployment/deprecated/panko/panko-api-container-puppet.yaml
|
||||
OS::TripleO::Services::OsloMessagingRpc: ../../deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml
|
||||
OS::TripleO::Services::OsloMessagingNotify: ../../deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml
|
||||
|
@ -15,7 +15,7 @@ resource_registry:
|
||||
OS::TripleO::Services::HeatEngine: ../../deployment/heat/heat-engine-container-puppet.yaml
|
||||
OS::TripleO::Services::BarbicanApi: ../../deployment/barbican/barbican-api-container-puppet.yaml
|
||||
OS::TripleO::Services::Zaqar: ../../deployment/zaqar/zaqar-container-puppet.yaml
|
||||
OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml
|
||||
OS::TripleO::Services::Ec2Api: ../../deployment/ec2/ec2-api-container-puppet.yaml
|
||||
OS::TripleO::Services::PankoApi: ../../deployment/deprecated/panko/panko-api-container-puppet.yaml
|
||||
OS::TripleO::Services::OsloMessagingRpc: ../../deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml
|
||||
OS::TripleO::Services::OsloMessagingNotify: ../../deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml
|
||||
|
@ -44,42 +44,179 @@ parameters:
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
Ec2ApiWorkers:
|
||||
default: 0
|
||||
description: Number of workers for EC2-API service.
|
||||
type: number
|
||||
Ec2ApiPassword:
|
||||
description: The password for the nova service and db account, used by nova-api.
|
||||
type: string
|
||||
hidden: true
|
||||
KeystoneRegion:
|
||||
type: string
|
||||
default: 'regionOne'
|
||||
description: Keystone region for endpoint
|
||||
Ec2ApiExternalNetwork:
|
||||
type: string
|
||||
default: ''
|
||||
description: Name of the external network, which is used to connect VPCs to
|
||||
Internet and to allocate Elastic IPs
|
||||
NovaDefaultFloatingPool:
|
||||
default: 'public'
|
||||
description: Default pool for floating IP addresses
|
||||
type: string
|
||||
MonitoringSubscriptionEc2Api:
|
||||
default: 'overcloud-ec2-api'
|
||||
type: string
|
||||
EnablePackageInstall:
|
||||
default: 'false'
|
||||
description: Set to true to enable package installation at deploy time
|
||||
type: boolean
|
||||
Ec2ApiPolicies:
|
||||
description: |
|
||||
A hash of policies to configure for EC2-API.
|
||||
e.g. { ec2api-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
||||
default: {}
|
||||
type: json
|
||||
|
||||
conditions:
|
||||
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
nova_workers_zero: {equals : [{get_param: Ec2ApiWorkers}, 0]}
|
||||
external_network_unset: {equals : [{get_param: Ec2ApiExternalNetwork}, '']}
|
||||
use_tls_proxy: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ./containers-common.yaml
|
||||
type: ../../docker/services/containers-common.yaml
|
||||
|
||||
MySQLClient:
|
||||
type: ../../deployment/database/mysql-client.yaml
|
||||
|
||||
Ec2ApiPuppetBase:
|
||||
type: ../../puppet/services/ec2-api.yaml
|
||||
|
||||
TLSProxyBase:
|
||||
type: OS::TripleO::Services::TLSProxyBase
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
EnableInternalTLS: {get_param: EnableInternalTLS}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the EC2 API role.
|
||||
value:
|
||||
service_name: {get_attr: [Ec2ApiPuppetBase, role_data, service_name]}
|
||||
config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, config_settings]}
|
||||
service_config_settings:
|
||||
service_name: ec2_api
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionEc2Api}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [Ec2ApiPuppetBase, role_data, service_config_settings]
|
||||
- fluentd:
|
||||
- get_attr: [TLSProxyBase, role_data, config_settings]
|
||||
- tripleo::ec2_api::firewall_rules:
|
||||
'113 ec2_api':
|
||||
dport:
|
||||
- 8788
|
||||
- 13788
|
||||
ec2api::keystone::authtoken::project_name: 'service'
|
||||
ec2api::keystone::authtoken::password: {get_param: Ec2ApiPassword}
|
||||
ec2api::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
ec2api::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
ec2api::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
ec2api::policy::policies: {get_param: Ec2ApiPolicies}
|
||||
ec2api::api::enabled: true
|
||||
ec2api::package_manage: {get_param: EnablePackageInstall}
|
||||
ec2api::api::ec2api_listen:
|
||||
if:
|
||||
- use_tls_proxy
|
||||
- 'localhost'
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
|
||||
ec2api::metadata::metadata_listen:
|
||||
if:
|
||||
- use_tls_proxy
|
||||
- 'localhost'
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
|
||||
ec2api::db::database_connection:
|
||||
make_url:
|
||||
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
|
||||
username: ec2_api
|
||||
password: {get_param: Ec2ApiPassword}
|
||||
host: {get_param: [EndpointMap, MysqlInternal, host]}
|
||||
path: /ec2_api
|
||||
query:
|
||||
read_default_file: /etc/my.cnf.d/tripleo.cnf
|
||||
read_default_group: tripleo
|
||||
ec2api::api::keystone_ec2_tokens_url:
|
||||
list_join:
|
||||
- ''
|
||||
- - {get_param: [EndpointMap, KeystoneV3Internal, uri]}
|
||||
- '/ec2tokens'
|
||||
-
|
||||
if:
|
||||
- nova_workers_zero
|
||||
- {}
|
||||
- ec2api::api::ec2api_workers: {get_param: Ec2ApiWorkers}
|
||||
ec2api::metadata::metadata_workers: {get_param: Ec2ApiWorkers}
|
||||
-
|
||||
if:
|
||||
- external_network_unset
|
||||
- ec2api::api::external_network: {get_param: NovaDefaultFloatingPool}
|
||||
- ec2api::api::external_network: {get_param: Ec2ApiExternalNetwork}
|
||||
-
|
||||
if:
|
||||
- use_tls_proxy
|
||||
- tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_bind_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
|
||||
tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
|
||||
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_bind_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
|
||||
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
|
||||
- {}
|
||||
service_config_settings:
|
||||
fluentd:
|
||||
tripleo_fluentd_groups_ec2_api:
|
||||
- nova
|
||||
tripleo_fluentd_sources_ec2_api:
|
||||
- {get_param: Ec2ApiLoggingSource}
|
||||
keystone:
|
||||
ec2api::keystone::auth::tenant: 'service'
|
||||
ec2api::keystone::auth::public_url: {get_param: [EndpointMap, Ec2ApiPublic, uri]}
|
||||
ec2api::keystone::auth::internal_url: {get_param: [EndpointMap, Ec2ApiInternal, uri]}
|
||||
ec2api::keystone::auth::admin_url: {get_param: [EndpointMap, Ec2ApiAdmin, uri]}
|
||||
ec2api::keystone::auth::password: {get_param: Ec2ApiPassword}
|
||||
ec2api::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
mysql:
|
||||
ec2api::db::mysql::password: {get_param: Ec2ApiPassword}
|
||||
ec2api::db::mysql::user: ec2_api
|
||||
ec2api::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
||||
ec2api::db::mysql::dbname: ec2_api
|
||||
ec2api::db::mysql::allowed_hosts:
|
||||
- '%'
|
||||
- "%{hiera('mysql_bind_host')}"
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: ec2_api
|
||||
@ -87,7 +224,7 @@ outputs:
|
||||
step_config:
|
||||
list_join:
|
||||
- "\n"
|
||||
- - {get_attr: [Ec2ApiPuppetBase, role_data, step_config]}
|
||||
- - "include tripleo::profile::base::nova::ec2api"
|
||||
- {get_attr: [MySQLClient, role_data, step_config]}
|
||||
config_image: {get_param: DockerEc2ApiConfigImage}
|
||||
kolla_config:
|
||||
@ -238,4 +375,4 @@ outputs:
|
||||
- - ec2_api_tls_proxy
|
||||
- null
|
||||
metadata_settings:
|
||||
get_attr: [Ec2ApiPuppetBase, role_data, metadata_settings]
|
||||
get_attr: [TLSProxyBase, role_data, metadata_settings]
|
@ -1,2 +1,2 @@
|
||||
resource_registry:
|
||||
OS::TripleO::Services::Ec2Api: ../../puppet/services/ec2-api.yaml
|
||||
OS::TripleO::Services::Ec2Api: ../../deployment/ec2/ec2-api-container-puppet.yaml
|
||||
|
@ -1,3 +1,3 @@
|
||||
# A Heat environment file which can be used to enable EC2-API service.
|
||||
resource_registry:
|
||||
OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml
|
||||
OS::TripleO::Services::Ec2Api: ../../deployment/ec2/ec2-api-container-puppet.yaml
|
||||
|
@ -1,210 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
OpenStack EC2-API service configured with Puppet
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
Ec2ApiWorkers:
|
||||
default: 0
|
||||
description: Number of workers for EC2-API service.
|
||||
type: number
|
||||
Ec2ApiPassword:
|
||||
description: The password for the nova service and db account, used by nova-api.
|
||||
type: string
|
||||
hidden: true
|
||||
KeystoneRegion:
|
||||
type: string
|
||||
default: 'regionOne'
|
||||
description: Keystone region for endpoint
|
||||
Ec2ApiExternalNetwork:
|
||||
type: string
|
||||
default: ''
|
||||
description: Name of the external network, which is used to connect VPCs to
|
||||
Internet and to allocate Elastic IPs
|
||||
NovaDefaultFloatingPool:
|
||||
default: 'public'
|
||||
description: Default pool for floating IP addresses
|
||||
type: string
|
||||
MonitoringSubscriptionEc2Api:
|
||||
default: 'overcloud-ec2-api'
|
||||
type: string
|
||||
Ec2ApiLoggingSource:
|
||||
type: json
|
||||
default:
|
||||
tag: openstack.ec2.api
|
||||
path: /var/log/ec2api/ec2api.log
|
||||
EnablePackageInstall:
|
||||
default: 'false'
|
||||
description: Set to true to enable package installation at deploy time
|
||||
type: boolean
|
||||
Ec2ApiPolicies:
|
||||
description: |
|
||||
A hash of policies to configure for EC2-API.
|
||||
e.g. { ec2api-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
||||
default: {}
|
||||
type: json
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
|
||||
conditions:
|
||||
nova_workers_zero: {equals : [{get_param: Ec2ApiWorkers}, 0]}
|
||||
external_network_unset: {equals : [{get_param: Ec2ApiExternalNetwork}, '']}
|
||||
use_tls_proxy: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
resources:
|
||||
|
||||
TLSProxyBase:
|
||||
type: OS::TripleO::Services::TLSProxyBase
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
EnableInternalTLS: {get_param: EnableInternalTLS}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the EC2-API service.
|
||||
value:
|
||||
service_name: ec2_api
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionEc2Api}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [TLSProxyBase, role_data, config_settings]
|
||||
- tripleo::ec2_api::firewall_rules:
|
||||
'113 ec2_api':
|
||||
dport:
|
||||
- 8788
|
||||
- 13788
|
||||
ec2api::keystone::authtoken::project_name: 'service'
|
||||
ec2api::keystone::authtoken::password: {get_param: Ec2ApiPassword}
|
||||
ec2api::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
ec2api::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
ec2api::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
ec2api::policy::policies: {get_param: Ec2ApiPolicies}
|
||||
ec2api::api::enabled: true
|
||||
ec2api::package_manage: {get_param: EnablePackageInstall}
|
||||
ec2api::api::ec2api_listen:
|
||||
if:
|
||||
- use_tls_proxy
|
||||
- 'localhost'
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
|
||||
ec2api::metadata::metadata_listen:
|
||||
if:
|
||||
- use_tls_proxy
|
||||
- 'localhost'
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
|
||||
ec2api::db::database_connection:
|
||||
make_url:
|
||||
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
|
||||
username: ec2_api
|
||||
password: {get_param: Ec2ApiPassword}
|
||||
host: {get_param: [EndpointMap, MysqlInternal, host]}
|
||||
path: /ec2_api
|
||||
query:
|
||||
read_default_file: /etc/my.cnf.d/tripleo.cnf
|
||||
read_default_group: tripleo
|
||||
ec2api::api::keystone_ec2_tokens_url:
|
||||
list_join:
|
||||
- ''
|
||||
- - {get_param: [EndpointMap, KeystoneV3Internal, uri]}
|
||||
- '/ec2tokens'
|
||||
-
|
||||
if:
|
||||
- nova_workers_zero
|
||||
- {}
|
||||
- ec2api::api::ec2api_workers: {get_param: Ec2ApiWorkers}
|
||||
ec2api::metadata::metadata_workers: {get_param: Ec2ApiWorkers}
|
||||
-
|
||||
if:
|
||||
- external_network_unset
|
||||
- ec2api::api::external_network: {get_param: NovaDefaultFloatingPool}
|
||||
- ec2api::api::external_network: {get_param: Ec2ApiExternalNetwork}
|
||||
-
|
||||
if:
|
||||
- use_tls_proxy
|
||||
- tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_bind_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
|
||||
tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
|
||||
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_bind_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
|
||||
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
|
||||
- {}
|
||||
step_config: |
|
||||
include tripleo::profile::base::nova::ec2api
|
||||
service_config_settings:
|
||||
fluentd:
|
||||
tripleo_fluentd_groups_ec2_api:
|
||||
- nova
|
||||
tripleo_fluentd_sources_ec2_api:
|
||||
- {get_param: Ec2ApiLoggingSource}
|
||||
keystone:
|
||||
ec2api::keystone::auth::tenant: 'service'
|
||||
ec2api::keystone::auth::public_url: {get_param: [EndpointMap, Ec2ApiPublic, uri]}
|
||||
ec2api::keystone::auth::internal_url: {get_param: [EndpointMap, Ec2ApiInternal, uri]}
|
||||
ec2api::keystone::auth::admin_url: {get_param: [EndpointMap, Ec2ApiAdmin, uri]}
|
||||
ec2api::keystone::auth::password: {get_param: Ec2ApiPassword}
|
||||
ec2api::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
mysql:
|
||||
ec2api::db::mysql::password: {get_param: Ec2ApiPassword}
|
||||
ec2api::db::mysql::user: ec2_api
|
||||
ec2api::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
||||
ec2api::db::mysql::dbname: ec2_api
|
||||
ec2api::db::mysql::allowed_hosts:
|
||||
- '%'
|
||||
- "%{hiera('mysql_bind_host')}"
|
||||
upgrade_tasks: []
|
||||
metadata_settings:
|
||||
get_attr: [TLSProxyBase, role_data, metadata_settings]
|
Loading…
Reference in New Issue
Block a user