openstack/tripleo-heat-templates
Code Issues Proposed changes

flatten the mistral service configurations

Browse Source 
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration
for all mistral services.

With this patch the baremetal version of each mistral service has been removed.

Related-Blueprint: services-yaml-flattening

Change-Id: I3f2ac51c885548333299df2c92c1f8df154d241e
This commit is contained in:
Dan Prince
2018-12-28 09:24:03 -05:00
parent 560ec36685
commit cd354bc386
14 changed files with 151 additions and 373 deletions
Download Patch File Download Diff File Expand all files Collapse all files

254
deployment/mistral/mistral-api-container-puppet.yaml Normal file
View File

@@ -0,0 +1,254 @@
heat_template_version: rocky
description: >
OpenStack containerized Mistral API service
parameters:
DockerMistralApiImage:
description: image
type: string
DockerMistralConfigImage:
description: The container image to use for the mistral config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
MistralWorkers:
default: 1
description: The number of workers for the mistral-api.
type: number
MistralApiPolicies:
description: |
A hash of policies to configure for Mistral API.
e.g. { mistral-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
EnableInternalTLS:
type: boolean
default: false
MistralExecutionInterval:
default: 600
description: This setting defines how frequently Mistral checks for cron
triggers that need execution. The default is 10 minutes and
reduces the load that is has on the system.
type: number
MistralCorsAllowedOrigin:
type: string
default: ''
description: Indicate whether this resource may be shared with the domain received in the request
"origin" header.
conditions:
mistral_workers_zero: {equals : [{get_param: MistralWorkers}, 0]}
cors_allowed_origin_unset: {equals : [{get_param: MistralCorsAllowedOrigin}, '']}
resources:
ContainersCommon:
type: ../../docker/services/containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
MistralBase:
type: ./mistral-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Mistral API role.
value:
service_name: mistral_api
config_settings:
map_merge:
- get_attr: [MistralBase, role_data, config_settings]
-
if:
- cors_allowed_origin_unset
- {}
- mistral::cors::allowed_origin: {get_param: MistralCorsAllowedOrigin}
- mistral::api::api_workers: {get_param: MistralWorkers}
mistral::api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
mistral::wsgi::apache::ssl: {get_param: EnableInternalTLS}
mistral::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
mistral::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
mistral::policy::policies: {get_param: MistralApiPolicies}
mistral::cron_trigger::execution_interval: {get_param: MistralExecutionInterval}
mistral::api::allow_action_execution_deletion: true
tripleo::mistral_api::firewall_rules:
'133 mistral':
dport:
- 8989
- 13989
mistral::api::service_name: 'httpd'
mistral::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
mistral::wsgi::apache::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
- if:
- mistral_workers_zero
- {}
- mistral::wsgi::apache::workers: {get_param: MistralWorkers}
service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: mistral
puppet_tags: mistral_config
step_config:
list_join:
- "\n"
- - include ::tripleo::profile::base::mistral::api
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerMistralConfigImage}
kolla_config:
/var/lib/kolla/config_files/mistral_api.json:
command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/api.log --server=api
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/mistral
owner: mistral:mistral
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
step_2:
mistral_init_logs:
image: &mistral_api_image {get_param: DockerMistralApiImage}
net: none
privileged: false
user: root
volumes:
- /var/log/containers/mistral:/var/log/mistral:z
command: ['/bin/bash', '-c', 'chown -R mistral:mistral /var/log/mistral']
step_3:
mistral_db_sync:
start_order: 0
image: *mistral_api_image
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- /var/log/containers/mistral:/var/log/mistral:z
command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'"
step_4:
mistral_api:
start_order: 15
image: *mistral_api_image
net: host
privileged: false
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/mistral:/var/log/mistral:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_5:
mistral_db_populate:
start_order: 1
image: *mistral_api_image
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- /var/log/containers/mistral:/var/log/mistral:z
# NOTE: dprince this requires that we install openstack-tripleo-common into
# the Mistral API image so that we get tripleo* actions
command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf populate'"
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/mistral, 'setype': svirt_sandbox_file_t }
- name: mistral logs readme
copy:
dest: /var/log/mistral/readme.txt
content: |
Log files from mistral containers can be found under
/var/log/containers/mistral.
ignore_errors: true
upgrade_tasks:
- when: step|int == 3
block:
- name: Set fact for removal of openstack-mistral-api package
set_fact:
remove_mistral_api_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-mistral-api package if operator requests it
package: name=openstack-mistral-api state=removed
ignore_errors: True
when: remove_mistral_api_package|bool
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- mistral_api

133
deployment/mistral/mistral-base.yaml Normal file
View File

@@ -0,0 +1,133 @@
heat_template_version: rocky
description: >
Openstack Mistral base service. Shared for all Mistral services.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
Debug:
default: false
description: Set to True to enable debugging on all services.
type: boolean
MistralDebug:
default: ''
description: Set to True to enable debugging Mistral services.
type: string
constraints:
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
MistralPassword:
description: The password for the Mistral service and db account, used by the Mistral services.
type: string
hidden: true
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
NotificationDriver:
type: string
default: 'messagingv2'
description: Driver or drivers to handle sending notifications.
RpcPort:
default: 5672
description: The network port for messaging backend
type: number
RpcUserName:
default: guest
description: The username for messaging backend
type: string
RpcPassword:
description: The password for messaging backend
type: string
hidden: true
RpcUseSSL:
default: false
description: >
Messaging client subscriber parameter to specify
an SSL connection to the messaging host.
type: string
conditions:
service_debug_unset: {equals : [{get_param: MistralDebug}, '']}
outputs:
role_data:
description: Shared role data for the Mistral services.
value:
service_name: mistral_base
config_settings:
mistral::database_connection:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
username: mistral
password: {get_param: MistralPassword}
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /mistral
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
mistral::notification_driver: {get_param: NotificationDriver}
# TODO(ansmith): remove once p-t-o switches to oslo params
mistral::rabbit_userid: {get_param: RpcUserName}
mistral::rabbit_password: {get_param: RpcPassword}
mistral::rabbit_use_ssl: {get_param: RpcUseSSL}
mistral::rabbit_port: {get_param: RpcPort}
mistral::logging::debug:
if:
- service_debug_unset
- {get_param: Debug }
- {get_param: MistralDebug }
mistral::rpc_response_timeout: 120
mistral::keystone::authtoken::project_name: 'service'
mistral::keystone::authtoken::user_domain_name: 'Default'
mistral::keystone::authtoken::project_domain_name: 'Default'
mistral::keystone::authtoken::password: {get_param: MistralPassword}
mistral::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
mistral::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
mistral::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
mistral::keystone_ec2_uri:
list_join:
- ''
- - {get_param: [EndpointMap, KeystoneV3Internal, uri]}
- '/ec2tokens'
service_config_settings:
keystone:
mistral::keystone::auth::tenant: 'service'
mistral::keystone::auth::public_url: {get_param: [EndpointMap, MistralPublic, uri]}
mistral::keystone::auth::internal_url: {get_param: [EndpointMap, MistralInternal, uri]}
mistral::keystone::auth::admin_url: {get_param: [EndpointMap, MistralAdmin, uri]}
mistral::keystone::auth::password: {get_param: MistralPassword}
mistral::keystone::auth::region: {get_param: KeystoneRegion}
mysql:
mistral::db::mysql::user: mistral
mistral::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
mistral::db::mysql::dbname: mistral
mistral::db::mysql::password: {get_param: MistralPassword}
mistral::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"

187
deployment/mistral/mistral-engine-container-puppet.yaml Normal file
View File

@@ -0,0 +1,187 @@
heat_template_version: rocky
description: >
OpenStack containerized Mistral Engine service
parameters:
DockerMistralEngineImage:
description: image
type: string
DockerMistralConfigImage:
description: The container image to use for the mistral config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
MistralExecutionFieldSizeLimit:
default: 1024
description: The default maximum size in KB of large text fields of runtime
execution objects. Use -1 for no limit.
type: number
MistralEvaluationInterval:
default: 120
description: How often will the executions be evaluated
(in minutes). For example for value 120 the interval
will be 2 hours (every 2 hours).
type: number
MistralFinishedExecutionDuration:
default: 2880
description: Evaluate from which time remove executions in minutes.
For example when set to 60, remove all executions
that finished a 60 minutes ago or more.
Minimum value is 1.
Note that only final state execution will remove (SUCCESS/ERROR).
constraints:
- range: { min: 1 }
type: number
RpcPort:
default: 5672
description: The network port for messaging backend
type: number
resources:
ContainersCommon:
type: ../../docker/services/containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
MistralBase:
type: ./mistral-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Mistral Engine role.
value:
service_name: mistral_engine
config_settings:
map_merge:
- get_attr: [MistralBase, role_data, config_settings]
- mistral::engine::execution_field_size_limit_kb: {get_param: MistralExecutionFieldSizeLimit}
mistral::engine::evaluation_interval: {get_param: MistralEvaluationInterval}
mistral::engine::older_than: {get_param: MistralFinishedExecutionDuration}
service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: mistral
puppet_tags: mistral_config
step_config:
list_join:
- "\n"
- - include ::tripleo::profile::base::mistral::engine
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerMistralConfigImage}
kolla_config:
/var/lib/kolla/config_files/mistral_engine.json:
command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/engine.log --server=engine
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/mistral
owner: mistral:mistral
recurse: true
docker_config:
step_4:
mistral_engine:
image: {get_param: DockerMistralEngineImage}
net: host
privileged: false
restart: always
healthcheck:
test:
list_join:
- ' '
- - '/openstack/healthcheck'
- yaql:
expression: str($.data.port)
data:
port: {get_param: RpcPort}
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /run:/run
- /var/lib/kolla/config_files/mistral_engine.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/mistral:/var/log/mistral:z
- /var/lib/mistral:/var/lib/mistral:ro
- /usr/share/ansible/:/usr/share/ansible/:ro
- /usr/share/openstack-tripleo-validations:/usr/share/openstack-tripleo-validations:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/mistral, 'setype': svirt_sandbox_file_t }
- name: mistral logs readme
copy:
dest: /var/log/mistral/readme.txt
content: |
Log files from mistral containers can be found under
/var/log/containers/mistral.
ignore_errors: true
- name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink
persistent: yes
state: yes
upgrade_tasks:
- when: step|int == 3
block:
- name: Set fact for removal of openstack-mistral-engine package
set_fact:
remove_mistral_engine_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-mistral-engine package if operator requests it
package: name=openstack-mistral-engine state=removed
ignore_errors: True
when: remove_mistral_engine_package|bool
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- mistral_engine

162
deployment/mistral/mistral-event-engine-container-puppet.yaml Normal file
View File

@@ -0,0 +1,162 @@
heat_template_version: rocky
description: >
OpenStack containerized Mistral Event Engine service
parameters:
DockerMistralEventEngineImage:
description: image
type: string
DockerMistralConfigImage:
description: The container image to use for the mistral config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
RpcPort:
default: 5672
description: The network port for messaging backend
type: number
resources:
ContainersCommon:
type: ../../docker/services/containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
MistralBase:
type: ./mistral-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Mistral Event Engine role.
value:
service_name: mistral_event_engine
config_settings:
get_attr: [MistralBase, role_data, config_settings]
service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: mistral
puppet_tags: mistral_config
step_config:
list_join:
- "\n"
- - include ::tripleo::profile::base::mistral::event_engine
- get_attr: [MySQLClient, role_data, step_config]
config_image: {get_param: DockerMistralConfigImage}
kolla_config:
/var/lib/kolla/config_files/mistral_event_engine.json:
command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/event-engine.log --server=event-engine
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/mistral
owner: mistral:mistral
recurse: true
docker_config:
step_4:
mistral_event_engine:
image: {get_param: DockerMistralEventEngineImage}
net: host
privileged: false
restart: always
healthcheck:
test:
list_join:
- ' '
- - '/openstack/healthcheck'
- yaql:
expression: str($.data.port)
data:
port: {get_param: RpcPort}
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /run:/run
- /var/lib/kolla/config_files/mistral_event_engine.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/mistral:/var/log/mistral:z
- /var/lib/mistral:/var/lib/mistral:ro
- /usr/share/ansible/:/usr/share/ansible/:ro
- /usr/share/openstack-tripleo-validations:/usr/share/openstack-tripleo-validations:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/mistral, 'setype': svirt_sandbox_file_t }
- name: mistral logs readme
copy:
dest: /var/log/mistral/readme.txt
content: |
Log files from mistral containers can be found under
/var/log/containers/mistral.
ignore_errors: true
- name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink
persistent: yes
state: yes
upgrade_tasks:
- when: step|int == 3
block:
- name: Set fact for removal of openstack-mistral-event-engine package
set_fact:
remove_mistral_event_engine_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-mistral-event-engine package if operator requests it
package: name=openstack-mistral-event-engine state=removed
ignore_errors: True
when: remove_mistral_event_engine_package|bool
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- mistral_event_engine

240
deployment/mistral/mistral-executor-container-puppet.yaml Normal file
View File

@@ -0,0 +1,240 @@
heat_template_version: rocky
description: >
OpenStack containerized Mistral Executor service
parameters:
DockerMistralExecutorImage:
description: image
type: string
DockerMistralExecutorUlimit:
default: ['nofile=1024']
description: ulimit for Mistral Executor Container
type: comma_delimited_list
DockerMistralConfigImage:
description: The container image to use for the mistral config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
MistralExecutorVolumes:
default: []
description: List of additional volumes to mount into the mistral-executor container
type: comma_delimited_list
MistralExecutorExtraVolumes:
default: []
description: List of user-provided additional volumes to mount into the mistral-executor container
type: comma_delimited_list
UndercloudConfigFilePath:
default: ''
description: Configuration file for Undercloud, needed by TripleO Validations.
type: string
ContainerCli:
type: string
default: 'docker'
description: CLI tool used to manage containers.
constraints:
- allowed_values: ['docker', 'podman']
MistralDockerGroup:
default: false
description: Add the mistral user to the docker group to allow actions to perform docker operations.
type: boolean
RpcPort:
default: 5672
description: The network port for messaging backend
type: number
conditions:
undercloud_config_file_path_unset: {equals : [{get_param: UndercloudConfigFilePath}, '']}
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
resources:
ContainersCommon:
type: ../../docker/services/containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
MistralBase:
type: ./mistral-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Mistral Executor role.
value:
service_name: mistral_executor
config_settings:
map_merge:
- get_attr: [MistralBase, role_data, config_settings]
# Note: the hiera parameter will only work if the TripleO validations
# are run from Mistral Executor container. If the parameter is
# needed on the host, it'll have to be defined somewhere else too.
# The hiera param is set to the same value as the bind mound location
# of the file inside the container.
- tripleo_undercloud_conf_file: '/var/lib/mistral/undercloud.conf'
tripleo::profile::base::mistral::executor::docker_group: {get_param: MistralDockerGroup}
service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: mistral
puppet_tags: mistral_config,user,group
step_config:
list_join:
- "\n"
- - include ::tripleo::profile::base::mistral::executor
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerMistralConfigImage}
volumes:
list_concat:
-
if:
- docker_enabled
- - /var/run/docker.sock:/var/run/docker.sock:rw
- null
kolla_config:
/var/lib/kolla/config_files/mistral_executor.json:
command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/mistral
owner: mistral:mistral
recurse: true
- path: /var/lib/mistral
owner: mistral:mistral
recurse: true
docker_config:
step_4:
mistral_executor:
image: {get_param: DockerMistralExecutorImage}
ulimit: {get_param: DockerMistralExecutorUlimit}
net: host
privileged: true
restart: always
healthcheck:
test:
list_join:
- ' '
- - '/openstack/healthcheck'
- yaql:
expression: str($.data.port)
data:
port: {get_param: RpcPort}
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /var/log/containers/mistral:/var/log/mistral:z
- /var/lib/mistral:/var/lib/mistral:z
- /usr/share/ansible/:/usr/share/ansible/:ro
- /var/lib/config-data/puppet-generated:/var/lib/config-data/puppet-generated:ro
- /usr/share/openstack-tripleo-validations:/usr/share/openstack-tripleo-validations:ro
- /usr/share/openstack-tripleo-heat-templates:/usr/share/openstack-tripleo-heat-templates:ro
- {get_param: MistralExecutorVolumes}
- {get_param: MistralExecutorExtraVolumes}
- if:
- undercloud_config_file_path_unset
- null
- - list_join:
- ':'
- - {get_param: UndercloudConfigFilePath}
- '/var/lib/mistral/undercloud.conf'
- 'ro'
- if:
- docker_enabled
- - /var/run/docker.sock:/var/run/docker.sock:rw
# Required when pulling images from a registry during
# Image Prepare workflow
- - /var/lib/containers:/var/lib/containers:rw
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/mistral, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/mistral, 'setype': svirt_sandbox_file_t }
- name: mistral logs readme
copy:
dest: /var/log/mistral/readme.txt
content: |
Log files from mistral containers can be found under
/var/log/containers/mistral.
ignore_errors: true
- name: create ceph-ansible source directory
file:
path: /usr/share/ceph-ansible
state: directory
setype: svirt_sandbox_file_t
- name: create octavia-amphora-images directory
file:
path: /usr/share/openstack-octavia-amphora-images
state: directory
setype: svirt_sandbox_file_t
- name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink
persistent: yes
state: yes
upgrade_tasks:
- when: step|int == 3
block:
- name: Set fact for removal of openstack-mistral-executor package
set_fact:
remove_mistral_executor_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-mistral-executor package if operator requests it
package: name=openstack-mistral-executor state=removed
ignore_errors: True
when: remove_mistral_executor_package|bool
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- mistral_executor