openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Merge "flatten the panko service"

This commit is contained in:
Zuul 2019-02-02 06:15:49 +00:00 committed by Gerrit Code Review
parent 9617be2d2f edf4e9e739
commit e78c69e6ac
12 changed files with 320 additions and 439 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ci/environments/scenario001-multinode-containers.yaml
View File

@ -5,7 +5,7 @@ resource_registry:
OS::TripleO::Services::CephMon: ../../docker/services/ceph-ansible/ceph-mon.yaml
OS::TripleO::Services::CephOSD: ../../docker/services/ceph-ansible/ceph-osd.yaml
OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml
OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml
OS::TripleO::Services::PankoApi: ../../deployment/panko/panko-api-container-puppet.yaml
OS::TripleO::Services::Collectd: ../../docker/services/metrics/collectd.yaml
OS::TripleO::Services::MetricsQdr: ../../docker/services/metrics/qdr.yaml
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml

2
ci/environments/scenario001-standalone.yaml
View File

@ -10,7 +10,7 @@ resource_registry:
OS::TripleO::Services::CephMon: ../../docker/services/ceph-ansible/ceph-mon.yaml
OS::TripleO::Services::CephOSD: ../../docker/services/ceph-ansible/ceph-osd.yaml
OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml
OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml
OS::TripleO::Services::PankoApi: ../../deployment/panko/panko-api-container-puppet.yaml
OS::TripleO::Services::Collectd: ../../docker/services/metrics/collectd.yaml
OS::TripleO::Services::GnocchiApi: ../../docker/services/gnocchi-api.yaml
OS::TripleO::Services::GnocchiMetricd: ../../docker/services/gnocchi-metricd.yaml

2
ci/environments/scenario002-multinode-containers.yaml
View File

@ -4,7 +4,7 @@ resource_registry:
OS::TripleO::Services::BarbicanApi: ../../docker/services/barbican-api.yaml
OS::TripleO::Services::Zaqar: ../../deployment/zaqar/zaqar-container-puppet.yaml
OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml
OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml
OS::TripleO::Services::PankoApi: ../../deployment/panko/panko-api-container-puppet.yaml
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml

2
ci/environments/scenario002-standalone.yaml
View File

@ -16,7 +16,7 @@ resource_registry:
OS::TripleO::Services::BarbicanApi: ../../docker/services/barbican-api.yaml
OS::TripleO::Services::Zaqar: ../../deployment/zaqar/zaqar-container-puppet.yaml
OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml
OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml
OS::TripleO::Services::PankoApi: ../../deployment/panko/panko-api-container-puppet.yaml
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml

312
deployment/panko/panko-api-container-puppet.yaml Normal file
View File

@ -0,0 +1,312 @@
heat_template_version: rocky
description: >
OpenStack Panko service configured with docker.
Note, this service is deprecated in Pike release and
will be disabled in future releases.
parameters:
DockerPankoApiImage:
description: image
type: string
DockerPankoConfigImage:
description: The container image to use for the panko config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
MonitoringSubscriptionPankoApi:
default: 'overcloud-ceilometer-panko-api'
type: string
PankoApiPolicies:
description: |
A hash of policies to configure for Panko API.
e.g. { panko-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
PankoEventTTL:
description: Number of seconds that events are kept in the database
default: '86400'
type: string
PankoPassword:
description: The password for the panko services.
type: string
hidden: true
Debug:
default: false
description: Set to True to enable debugging on all services.
type: boolean
PankoDebug:
default: ''
description: Set to True to enable debugging Panko services.
type: string
constraints:
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
EnablePankoExpirer:
type: boolean
default: true
description: Enable panko expirer to periodically delete events from db
PankoExpirerMinute:
type: string
description: >
Cron to delete events data from db - Minute
default: '1'
PankoExpirerHour:
type: string
description: >
Cron to delete events data from db - Hour
default: '0'
PankoExpirerMonthday:
type: string
description: >
Cron to delete events data from db - Month Day
default: '*'
PankoExpirerMonth:
type: string
description: >
Cron to delete events data from db - Month
default: '*'
PankoExpirerWeekday:
type: string
description: >
Cron to delete events from db - Week Day
default: '*'
conditions:
service_debug_unset: {equals : [{get_param: PankoDebug}, '']}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ../../docker/services/containers-common.yaml
MySQLClient:
type: ../database/mysql-client.yaml
ApacheServiceBase:
type: ../../puppet/services/apache.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
PankoApiLogging:
type: OS::TripleO::Services::Logging::PankoApi
outputs:
role_data:
description: Role data for the Panko API role.
value:
service_name: panko_api
monitoring_subscription: {get_param: MonitoringSubscriptionPankoApi}
config_settings:
map_merge:
- get_attr: [ApacheServiceBase, role_data, config_settings]
- get_attr: [PankoApiLogging, config_settings]
- apache::default_vhost: false
panko::wsgi::apache::ssl: {get_param: EnableInternalTLS}
panko::wsgi::apache::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
panko::policy::policies: {get_param: PankoApiPolicies}
panko::api::service_name: 'httpd'
panko::api::enable_proxy_headers_parsing: true
panko::api::event_time_to_live: {get_param: PankoEventTTL}
tripleo::panko_api::firewall_rules:
'140 panko-api':
dport:
- 8977
- 13977
panko::api::host:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
panko::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
enable_panko_expirer: {get_param: EnablePankoExpirer}
panko::db::database_connection:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
username: panko
password: {get_param: PankoPassword}
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /panko
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
panko::logging::debug:
if:
- service_debug_unset
- {get_param: Debug }
- {get_param: PankoDebug }
panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::keystone::authtoken::project_name: 'service'
panko::keystone::authtoken::user_domain_name: 'Default'
panko::keystone::authtoken::project_domain_name: 'Default'
panko::keystone::authtoken::password: {get_param: PankoPassword}
panko::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::auth::auth_password: {get_param: PankoPassword}
panko::auth::auth_region: {get_param: KeystoneRegion}
panko::auth::auth_tenant_name: 'service'
panko::expirer::minute: {get_param: PankoExpirerMinute}
panko::expirer::hour: {get_param: PankoExpirerHour}
panko::expirer::monthday: {get_param: PankoExpirerMonthday}
panko::expirer::month: {get_param: PankoExpirerMonth}
panko::expirer::weekday: {get_param: PankoExpirerWeekday}
service_config_settings:
keystone:
panko::keystone::auth::public_url: {get_param: [EndpointMap, PankoPublic, uri]}
panko::keystone::auth::internal_url: {get_param: [EndpointMap, PankoInternal, uri]}
panko::keystone::auth::admin_url: {get_param: [EndpointMap, PankoAdmin, uri]}
panko::keystone::auth::password: {get_param: PankoPassword}
panko::keystone::auth::region: {get_param: KeystoneRegion}
panko::keystone::auth::tenant: 'service'
mysql:
panko::db::mysql::user: panko
panko::db::mysql::password: {get_param: PankoPassword}
panko::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
panko::db::mysql::dbname: panko
panko::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
# BEGIN DOCKER SETTINGS #
puppet_config:
config_volume: panko
puppet_tags: panko_api_paste_ini,panko_config
step_config:
list_join:
- "\n"
- - "include tripleo::profile::base::panko::api"
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerPankoConfigImage}
kolla_config:
/var/lib/kolla/config_files/panko_api.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d"
dest: "/etc/httpd/conf.d"
merge: false
preserve_properties: true
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/panko
owner: panko:panko
recurse: true
docker_config:
step_2:
get_attr: [PankoApiLogging, docker_config, step_2]
step_3:
panko_db_sync:
image: &panko_api_image {get_param: DockerPankoApiImage}
net: host
detach: false
privileged: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [PankoApiLogging, volumes]}
-
- /var/lib/config-data/panko/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/panko/etc/panko:/etc/panko:ro
command:
# NOTE(jaosorior): When providing extra arguments, we need to make sure that they're part
# of the bash -c invocation, so we include them in the quoted db sync command. Hence the
# final single quote that's part of the list_join.
list_join:
- ' '
- - "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync"
- {get_attr: [PankoApiLogging, cmd_extra_args]}
- "'"
step_4:
panko_api:
start_order: 2
image: *panko_api_image
net: host
privileged: false
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [PankoApiLogging, volumes]}
-
- /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/panko/:/var/lib/kolla/config_files/src:ro
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks: {get_attr: [PankoApiLogging, host_prep_tasks]}
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- panko_api

170
docker/services/panko-api.yaml
View File

@ -1,170 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Panko service configured with docker.
Note, this service is deprecated in Pike release and
will be disabled in future releases.
parameters:
DockerPankoApiImage:
description: image
type: string
DockerPankoConfigImage:
description: The container image to use for the panko config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../deployment/database/mysql-client.yaml
PankoApiPuppetBase:
type: ../../puppet/services/panko-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
PankoApiLogging:
type: OS::TripleO::Services::Logging::PankoApi
outputs:
role_data:
description: Role data for the Panko API role.
value:
service_name: {get_attr: [PankoApiPuppetBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [PankoApiPuppetBase, role_data, config_settings]
- get_attr: [PankoApiLogging, config_settings]
- apache::default_vhost: false
service_config_settings: {get_attr: [PankoApiPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
puppet_config:
config_volume: panko
puppet_tags: panko_api_paste_ini,panko_config
step_config:
list_join:
- "\n"
- - {get_attr: [PankoApiPuppetBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerPankoConfigImage}
kolla_config:
/var/lib/kolla/config_files/panko_api.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d"
dest: "/etc/httpd/conf.d"
merge: false
preserve_properties: true
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/panko
owner: panko:panko
recurse: true
docker_config:
step_2:
get_attr: [PankoApiLogging, docker_config, step_2]
step_3:
panko_db_sync:
image: &panko_api_image {get_param: DockerPankoApiImage}
net: host
detach: false
privileged: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [PankoApiLogging, volumes]}
-
- /var/lib/config-data/panko/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/panko/etc/panko:/etc/panko:ro
command:
# NOTE(jaosorior): When providing extra arguments, we need to make sure that they're part
# of the bash -c invocation, so we include them in the quoted db sync command. Hence the
# final single quote that's part of the list_join.
list_join:
- ' '
- - "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync"
- {get_attr: [PankoApiLogging, cmd_extra_args]}
- "'"
step_4:
panko_api:
start_order: 2
image: *panko_api_image
net: host
privileged: false
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [PankoApiLogging, volumes]}
-
- /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/panko/:/var/lib/kolla/config_files/src:ro
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks: {get_attr: [PankoApiLogging, host_prep_tasks]}
metadata_settings:
get_attr: [PankoApiPuppetBase, role_data, metadata_settings]
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- panko_api

2
environments/baremetal-services.yaml
View File

@ -47,7 +47,7 @@ resource_registry:
OS::TripleO::Services::NovaPlacement: ../puppet/services/nova-placement.yaml
OS::TripleO::Services::NovaScheduler: ../puppet/services/nova-scheduler.yaml
OS::TripleO::Services::NovaVncProxy: ../puppet/services/nova-vnc-proxy.yaml
OS::TripleO::Services::PankoApi: ../puppet/services/panko-api.yaml
OS::TripleO::Services::PankoApi: ../deployment/panko/panko-api-container-puppet.yaml
OS::TripleO::Services::Qdr: OS::Heat::None
OS::TripleO::Services::RabbitMQ: ../puppet/services/rabbitmq.yaml
OS::TripleO::Services::Redis: ../puppet/services/database/redis.yaml

2
environments/services-baremetal/undercloud-panko.yaml
View File

@ -1,2 +1,2 @@
resource_registry:
OS::TripleO::Services::UndercloudPankoApi: ../../puppet/services/panko-api.yaml
OS::TripleO::Services::UndercloudPankoApi: ../../deployment/panko/panko-api-container-puppet.yaml

2
environments/services/undercloud-panko.yaml
View File

@ -1,4 +1,4 @@
# DEPRECATED. This file will be removed in the Stein release as it is no longer
# needed
resource_registry:
OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml
OS::TripleO::Services::PankoApi: ../../deployment/panko/panko-api-container-puppet.yaml

2
overcloud-resource-registry-puppet.j2.yaml
View File

@ -264,7 +264,7 @@ resource_registry:
OS::TripleO::Services::AodhEvaluator: deployment/aodh/aodh-evaluator-container-puppet.yaml
OS::TripleO::Services::AodhListener: deployment/aodh/aodh-listener-container-puppet.yaml
OS::TripleO::Services::AodhNotifier: deployment/aodh/aodh-notifier-container-puppet.yaml
OS::TripleO::Services::PankoApi: docker/services/panko-api.yaml
OS::TripleO::Services::PankoApi: deployment/panko/panko-api-container-puppet.yaml
OS::TripleO::Services::MetricsQdr: OS::Heat::None
OS::TripleO::Services::MistralEngine: OS::Heat::None
OS::TripleO::Services::MistralApi: OS::Heat::None

124
puppet/services/panko-api.yaml
View File

@ -1,124 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Panko API service configured with Puppet.
Note, This service is deprecated in Pike release and will
be disabled in future releases.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
MonitoringSubscriptionPankoApi:
default: 'overcloud-ceilometer-panko-api'
type: string
EnableInternalTLS:
type: boolean
default: false
PankoApiPolicies:
description: |
A hash of policies to configure for Panko API.
e.g. { panko-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
PankoEventTTL:
description: Number of seconds that events are kept in the database
default: '86400'
type: string
resources:
PankoBase:
type: ./panko-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
ApacheServiceBase:
type: ./apache.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
EnableInternalTLS: {get_param: EnableInternalTLS}
outputs:
role_data:
description: Role data for the Panko API service.
value:
service_name: panko_api
monitoring_subscription: {get_param: MonitoringSubscriptionPankoApi}
config_settings:
map_merge:
- get_attr: [PankoBase, role_data, config_settings]
- get_attr: [ApacheServiceBase, role_data, config_settings]
- panko::wsgi::apache::ssl: {get_param: EnableInternalTLS}
panko::wsgi::apache::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
panko::policy::policies: {get_param: PankoApiPolicies}
panko::api::service_name: 'httpd'
panko::api::enable_proxy_headers_parsing: true
panko::api::event_time_to_live: {get_param: PankoEventTTL}
tripleo::panko_api::firewall_rules:
'140 panko-api':
dport:
- 8977
- 13977
panko::api::host:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
panko::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
service_config_settings:
get_attr: [PankoBase, role_data, service_config_settings]
step_config: |
include tripleo::profile::base::panko::api
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks: []

137
puppet/services/panko-base.yaml
View File

@ -1,137 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Panko service configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
PankoPassword:
description: The password for the panko services.
type: string
hidden: true
Debug:
default: false
description: Set to True to enable debugging on all services.
type: boolean
PankoDebug:
default: ''
description: Set to True to enable debugging Panko services.
type: string
constraints:
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
EnablePankoExpirer:
type: boolean
default: true
description: Enable panko expirer to periodically delete events from db
PankoExpirerMinute:
type: string
description: >
Cron to delete events data from db - Minute
default: '1'
PankoExpirerHour:
type: string
description: >
Cron to delete events data from db - Hour
default: '0'
PankoExpirerMonthday:
type: string
description: >
Cron to delete events data from db - Month Day
default: '*'
PankoExpirerMonth:
type: string
description: >
Cron to delete events data from db - Month
default: '*'
PankoExpirerWeekday:
type: string
description: >
Cron to delete events from db - Week Day
default: '*'
conditions:
service_debug_unset: {equals : [{get_param: PankoDebug}, '']}
outputs:
role_data:
description: Role data for the Panko role.
value:
service_name: panko_base
config_settings:
enable_panko_expirer: {get_param: EnablePankoExpirer}
panko::db::database_connection:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
username: panko
password: {get_param: PankoPassword}
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /panko
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
panko::logging::debug:
if:
- service_debug_unset
- {get_param: Debug }
- {get_param: PankoDebug }
panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::keystone::authtoken::project_name: 'service'
panko::keystone::authtoken::user_domain_name: 'Default'
panko::keystone::authtoken::project_domain_name: 'Default'
panko::keystone::authtoken::password: {get_param: PankoPassword}
panko::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::auth::auth_password: {get_param: PankoPassword}
panko::auth::auth_region: {get_param: KeystoneRegion}
panko::auth::auth_tenant_name: 'service'
panko::expirer::minute: {get_param: PankoExpirerMinute}
panko::expirer::hour: {get_param: PankoExpirerHour}
panko::expirer::monthday: {get_param: PankoExpirerMonthday}
panko::expirer::month: {get_param: PankoExpirerMonth}
panko::expirer::weekday: {get_param: PankoExpirerWeekday}
service_config_settings:
keystone:
panko::keystone::auth::public_url: {get_param: [EndpointMap, PankoPublic, uri]}
panko::keystone::auth::internal_url: {get_param: [EndpointMap, PankoInternal, uri]}
panko::keystone::auth::admin_url: {get_param: [EndpointMap, PankoAdmin, uri]}
panko::keystone::auth::password: {get_param: PankoPassword}
panko::keystone::auth::region: {get_param: KeystoneRegion}
panko::keystone::auth::tenant: 'service'
mysql:
panko::db::mysql::user: panko
panko::db::mysql::password: {get_param: PankoPassword}
panko::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
panko::db::mysql::dbname: panko
panko::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"