openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Simplify rabbitmq service templates 

Change-Id: I61e95220720a8fea674d4532b2462bb0299ff7d7
This commit is contained in:
ramishra 2021-05-22 21:58:43 +05:30
parent 464bc1e7f7
commit b356d3d1e4
7 changed files with 68 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
deployment/rabbitmq/rabbitmq-container-puppet.yaml
View File

@ -117,16 +117,14 @@ parameter_groups:
- RabbitIPv6
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
is_ipv6:
equals:
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, RabbitmqNetwork]}]}
- 6
key_size_override_unset: {equals: [{get_param: RabbitmqCertificateKeySize}, '']}
key_size_override_set:
not: {equals: [{get_param: RabbitmqCertificateKeySize}, '']}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -209,16 +207,7 @@ outputs:
# puppet-tripleo
tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}
rabbitmq::collect_statistics_interval: 30000
-
if:
- internal_tls_enabled
-
tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
tripleo::profile::base::rabbitmq::certificate_specs:
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
service_key: '/etc/pki/tls/private/rabbitmq.key'
- {}
- rabbitmq::admin_enable: false
rabbitmq::admin_enable: false
rabbitmq::management_enable: true
rabbitmq::use_config_file_for_plugins: true
rabbitmq::management_ip_address:
@ -233,11 +222,17 @@ outputs:
rabbitmq::management_port: 15672
rabbitmq::config_management_variables:
rates_mode: none
tripleo::certmonger::rabbitmq::postsave_cmd:
if:
- {get_param: EnableInternalTLS}
- true
- if:
- internal_tls_enabled
- tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here
- {}
# BEGIN DOCKER SETTINGS
- {get_param: EnableInternalTLS}
- tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
tripleo::profile::base::rabbitmq::certificate_specs:
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
service_key: '/etc/pki/tls/private/rabbitmq.key'
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: rabbitmq
step_config:
@ -291,17 +286,14 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/rabbitmq:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
- /var/log/containers/rabbitmq:/var/log/rabbitmq
- if:
- internal_tls_enabled
-
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
- {get_param: EnableInternalTLS}
- - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
- null
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
KOLLA_BOOTSTRAP: true
@ -321,17 +313,14 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/rabbitmq:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
- /var/log/containers/rabbitmq:/var/log/rabbitmq:z
- if:
- internal_tls_enabled
-
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
- {get_param: EnableInternalTLS}
- - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
- null
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
container_puppet_tasks:
@ -346,12 +335,10 @@ outputs:
- /var/lib/rabbitmq:/var/lib/rabbitmq
metadata_settings:
if:
- internal_tls_enabled
-
- service: rabbitmq
- {get_param: EnableInternalTLS}
- - service: rabbitmq
network: {get_param: [ServiceNetMap, RabbitmqNetwork]}
type: node
- null
deploy_steps_tasks:
- name: Certificate generation
when:
@ -400,9 +387,9 @@ outputs:
{{container_cli}} exec "$container_name" rabbitmqctl eval "ssl:clear_pem_cache()."
key_size:
if:
- key_size_override_unset
- {get_param: CertificateKeySize}
- key_size_override_set
- {get_param: RabbitmqCertificateKeySize}
- {get_param: CertificateKeySize}
ca: ipa
host_prep_tasks:
- name: creat fcontext entry for rabbitmq data
@ -421,7 +408,7 @@ outputs:
- { 'path': /var/lib/rabbitmq, 'setype': container_file_t }
# TODO: Removal of package
upgrade_tasks: []
update_tasks:
update_tasks: []
# TODO: Are we sure we want to support this. Rolling update
# without pacemaker may fail. Do we test this ? In any case,
# this is under tripleo_container_manage control so the latest image should be

50
deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml
View File

@ -75,11 +75,10 @@ parameters:
certificate for this service
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
key_size_override_unset: {equals: [{get_param: RabbitmqMessageCertificateKeySize}, '']}
key_size_override_set:
not: {equals: [{get_param: RabbitmqMessageCertificateKeySize}, '']}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -144,16 +143,13 @@ outputs:
rabbitmq::management_ip_address: 127.0.0.1
rabbitmq::config_management_variables:
rates_mode: none
-
if:
- internal_tls_enabled
-
tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here
tripleo::profile::base::rabbitmq::certificate_specs:
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
service_key: '/etc/pki/tls/private/rabbitmq.key'
- {}
- if:
- {get_param: EnableInternalTLS}
- tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here
tripleo::profile::base::rabbitmq::certificate_specs:
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
service_key: '/etc/pki/tls/private/rabbitmq.key'
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: rabbitmq
@ -208,17 +204,14 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/rabbitmq:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
- /var/log/containers/rabbitmq:/var/log/rabbitmq:z
- if:
- internal_tls_enabled
-
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
- {get_param: EnableInternalTLS}
- - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
- null
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
KOLLA_BOOTSTRAP: true
@ -238,17 +231,14 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/rabbitmq:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
- /var/log/containers/rabbitmq:/var/log/rabbitmq:z
- if:
- internal_tls_enabled
-
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
- {get_param: EnableInternalTLS}
- - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
- null
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
container_puppet_tasks:
@ -263,12 +253,10 @@ outputs:
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
metadata_settings:
if:
- internal_tls_enabled
-
- service: rabbitmq
- {get_param: EnableInternalTLS}
- - service: rabbitmq
network: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
type: node
- null
deploy_steps_tasks:
- name: Certificate generation
when:
@ -317,9 +305,9 @@ outputs:
{{container_cli}} exec "$container_name" rabbitmqctl eval "ssl:clear_pem_cache()."
key_size:
if:
- key_size_override_unset
- {get_param: CertificateKeySize}
- key_size_override_set
- {get_param: RabbitmqMessageCertificateKeySize}
- {get_param: CertificateKeySize}
ca: ipa
host_prep_tasks:
- name: create fcontext for rabbitmq data

14
deployment/rabbitmq/rabbitmq-messaging-notify-pacemaker-puppet.yaml
View File

@ -68,14 +68,7 @@ parameters:
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
conditions:
puppet_debug_enabled: {get_param: ConfigDebug}
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]}
common_tag_full: {equals: [{get_param: ClusterFullTag}, true]}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -108,12 +101,12 @@ outputs:
- rabbitmq::service_manage: false
tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest
if:
- common_tag_full
- {get_param: ClusterFullTag}
- "cluster.common.tag/rabbitmq:pcmklatest"
- yaql:
data:
if:
- common_tag_enabled
- {get_param: ClusterCommonTag}
- yaql:
data: {get_param: ContainerRabbitmqImage}
expression: concat("cluster.common.tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1])
@ -205,9 +198,8 @@ outputs:
- 'file,file_line,concat,augeas,rabbitmq_policy,rabbitmq_user,rabbitmq_ready'
- 'include tripleo::profile::pacemaker::rabbitmq_bundle'
- if:
- puppet_debug_enabled
- {get_param: ConfigDebug}
- - '--debug'
- - ''
image: {get_param: ContainerRabbitmqImage}
volumes:
list_concat:

1
deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml
View File

@ -47,7 +47,6 @@ parameters:
type: string
resources:
ContainersCommon:
type: ../containers-common.yaml

14
deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml
View File

@ -68,14 +68,7 @@ parameters:
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
conditions:
puppet_debug_enabled: {get_param: ConfigDebug}
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]}
common_tag_full: {equals: [{get_param: ClusterFullTag}, true]}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -108,12 +101,12 @@ outputs:
- rabbitmq::service_manage: false
tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest
if:
- common_tag_full
- {get_param: ClusterFullTag}
- "cluster.common.tag/rabbitmq:pcmklatest"
- yaql:
data:
if:
- common_tag_enabled
- {get_param: ClusterCommonTag}
- yaql:
data: {get_param: ContainerRabbitmqImage}
expression: concat("cluster.common.tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1])
@ -205,9 +198,8 @@ outputs:
- 'file,file_line,concat,augeas,rabbitmq_policy,rabbitmq_user,rabbitmq_ready'
- 'include tripleo::profile::pacemaker::rabbitmq_bundle'
- if:
- puppet_debug_enabled
- {get_param: ConfigDebug}
- - '--debug'
- - ''
image: {get_param: ContainerRabbitmqImage}
volumes:
list_concat:

44
deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml
View File

@ -76,11 +76,10 @@ parameters:
certificate for this service
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
key_size_override_unset: {equals: [{get_param: RpcCertificateKeySize}, '']}
key_size_override_set:
not: {equals: [{get_param: RpcCertificateKeySize}, '']}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -144,16 +143,13 @@ outputs:
rabbitmq::management_ip_address: 127.0.0.1
rabbitmq::config_management_variables:
rates_mode: none
-
if:
- internal_tls_enabled
-
tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
- if:
- {get_param: EnableInternalTLS}
- tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here
tripleo::profile::base::rabbitmq::certificate_specs:
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
service_key: '/etc/pki/tls/private/rabbitmq.key'
- {}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: rabbitmq
@ -208,17 +204,14 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/rabbitmq:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
- /var/log/containers/rabbitmq:/var/log/rabbitmq:z
- if:
- internal_tls_enabled
-
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
- {get_param: EnableInternalTLS}
- - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
- null
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
KOLLA_BOOTSTRAP: true
@ -238,17 +231,14 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/rabbitmq:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
- /var/log/containers/rabbitmq:/var/log/rabbitmq:z
- if:
- internal_tls_enabled
-
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
- {get_param: EnableInternalTLS}
- - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
- null
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
container_puppet_tasks:
@ -263,12 +253,10 @@ outputs:
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
metadata_settings:
if:
- internal_tls_enabled
-
- service: rabbitmq
- {get_param: EnableInternalTLS}
- - service: rabbitmq
network: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
type: node
- null
deploy_steps_tasks:
- name: Certificate generation
when:
@ -317,9 +305,9 @@ outputs:
{{container_cli}} exec "$container_name" rabbitmqctl eval "ssl:clear_pem_cache()."
key_size:
if:
- key_size_override_unset
- {get_param: CertificateKeySize}
- key_size_override_set
- {get_param: RpcCertificateKeySize}
- {get_param: CertificateKeySize}
ca: ipa
host_prep_tasks:
- name: create fcontext for rabbitmq data
@ -337,7 +325,7 @@ outputs:
- { 'path': /var/log/containers/rabbitmq, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/rabbitmq, 'setype': container_file_t }
upgrade_tasks: []
update_tasks:
update_tasks: []
# TODO: Are we sure we want to support this. Rolling update
# without pacemaker may fail. Do we test this ? In any case,
# this is under tripleo_container_manage control so the latest image should be

14
deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml
View File

@ -68,14 +68,7 @@ parameters:
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
conditions:
puppet_debug_enabled: {get_param: ConfigDebug}
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]}
common_tag_full: {equals: [{get_param: ClusterFullTag}, true]}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -108,12 +101,12 @@ outputs:
- rabbitmq::service_manage: false
tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest
if:
- common_tag_full
- {get_param: ClusterFullTag}
- "cluster.common.tag/rabbitmq:pcmklatest"
- yaql:
data:
if:
- common_tag_enabled
- {get_param: ClusterCommonTag}
- yaql:
data: {get_param: ContainerRabbitmqImage}
expression: concat("cluster.common.tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1])
@ -205,9 +198,8 @@ outputs:
- 'file,file_line,concat,augeas,rabbitmq_policy,rabbitmq_user,rabbitmq_ready'
- 'include tripleo::profile::pacemaker::rabbitmq_bundle'
- if:
- puppet_debug_enabled
- {get_param: ConfigDebug}
- - '--debug'
- - ''
image: {get_param: ContainerRabbitmqImage}
volumes:
list_concat: