openstack/tripleo-heat-templates
Code Issues Proposed changes

Merge "flatten the panko service"

Browse Source
This commit is contained in:
Zuul 2019-02-02 06:15:49 +00:00 committed by Gerrit Code Review
commit e78c69e6ac
12 changed files with 320 additions and 439 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ci/environments/scenario001-multinode-containers.yaml
View File

@ -5,7 +5,7 @@ resource_registry:
OS::TripleO::Services::CephMon: ../../docker/services/ceph-ansible/ceph-mon.yaml
OS::TripleO::Services::CephOSD: ../../docker/services/ceph-ansible/ceph-osd.yaml
OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml
OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml
OS::TripleO::Services::PankoApi: ../../deployment/panko/panko-api-container-puppet.yaml
OS::TripleO::Services::Collectd: ../../docker/services/metrics/collectd.yaml
OS::TripleO::Services::MetricsQdr: ../../docker/services/metrics/qdr.yaml
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml

2
ci/environments/scenario001-standalone.yaml
View File

@ -10,7 +10,7 @@ resource_registry:
OS::TripleO::Services::CephMon: ../../docker/services/ceph-ansible/ceph-mon.yaml
OS::TripleO::Services::CephOSD: ../../docker/services/ceph-ansible/ceph-osd.yaml
OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml
OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml
OS::TripleO::Services::PankoApi: ../../deployment/panko/panko-api-container-puppet.yaml
OS::TripleO::Services::Collectd: ../../docker/services/metrics/collectd.yaml
OS::TripleO::Services::GnocchiApi: ../../docker/services/gnocchi-api.yaml
OS::TripleO::Services::GnocchiMetricd: ../../docker/services/gnocchi-metricd.yaml

2
ci/environments/scenario002-multinode-containers.yaml
View File

@ -4,7 +4,7 @@ resource_registry:
OS::TripleO::Services::BarbicanApi: ../../docker/services/barbican-api.yaml
OS::TripleO::Services::Zaqar: ../../deployment/zaqar/zaqar-container-puppet.yaml
OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml
OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml
OS::TripleO::Services::PankoApi: ../../deployment/panko/panko-api-container-puppet.yaml
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml

2
ci/environments/scenario002-standalone.yaml
View File

@ -16,7 +16,7 @@ resource_registry:
OS::TripleO::Services::BarbicanApi: ../../docker/services/barbican-api.yaml
OS::TripleO::Services::Zaqar: ../../deployment/zaqar/zaqar-container-puppet.yaml
OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml
OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml
OS::TripleO::Services::PankoApi: ../../deployment/panko/panko-api-container-puppet.yaml
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml

312
deployment/panko/panko-api-container-puppet.yaml Normal file
View File

@ -0,0 +1,312 @@
heat_template_version: rocky
description: >
OpenStack Panko service configured with docker.
Note, this service is deprecated in Pike release and
will be disabled in future releases.
parameters:
DockerPankoApiImage:
description: image
type: string
DockerPankoConfigImage:
description: The container image to use for the panko config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
MonitoringSubscriptionPankoApi:
default: 'overcloud-ceilometer-panko-api'
type: string
PankoApiPolicies:
description: |
A hash of policies to configure for Panko API.
e.g. { panko-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
PankoEventTTL:
description: Number of seconds that events are kept in the database
default: '86400'
type: string
PankoPassword:
description: The password for the panko services.
type: string
hidden: true
Debug:
default: false
description: Set to True to enable debugging on all services.
type: boolean
PankoDebug:
default: ''
description: Set to True to enable debugging Panko services.
type: string
constraints:
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
EnablePankoExpirer:
type: boolean
default: true
description: Enable panko expirer to periodically delete events from db
PankoExpirerMinute:
type: string
description: >
Cron to delete events data from db - Minute
default: '1'
PankoExpirerHour:
type: string
description: >
Cron to delete events data from db - Hour
default: '0'
PankoExpirerMonthday:
type: string
description: >
Cron to delete events data from db - Month Day
default: '*'
PankoExpirerMonth:
type: string
description: >
Cron to delete events data from db - Month
default: '*'
PankoExpirerWeekday:
type: string
description: >
Cron to delete events from db - Week Day
default: '*'
conditions:
service_debug_unset: {equals : [{get_param: PankoDebug}, '']}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ../../docker/services/containers-common.yaml
MySQLClient:
type: ../database/mysql-client.yaml
ApacheServiceBase:
type: ../../puppet/services/apache.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
PankoApiLogging:
type: OS::TripleO::Services::Logging::PankoApi
outputs:
role_data:
description: Role data for the Panko API role.
value:
service_name: panko_api
monitoring_subscription: {get_param: MonitoringSubscriptionPankoApi}
config_settings:
map_merge:
- get_attr: [ApacheServiceBase, role_data, config_settings]
- get_attr: [PankoApiLogging, config_settings]
- apache::default_vhost: false
panko::wsgi::apache::ssl: {get_param: EnableInternalTLS}
panko::wsgi::apache::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
panko::policy::policies: {get_param: PankoApiPolicies}
panko::api::service_name: 'httpd'
panko::api::enable_proxy_headers_parsing: true
panko::api::event_time_to_live: {get_param: PankoEventTTL}
tripleo::panko_api::firewall_rules:
'140 panko-api':
dport:
- 8977
- 13977
panko::api::host:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
panko::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
enable_panko_expirer: {get_param: EnablePankoExpirer}
panko::db::database_connection:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
username: panko
password: {get_param: PankoPassword}
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /panko
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
panko::logging::debug:
if:
- service_debug_unset
- {get_param: Debug }
- {get_param: PankoDebug }
panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::keystone::authtoken::project_name: 'service'
panko::keystone::authtoken::user_domain_name: 'Default'
panko::keystone::authtoken::project_domain_name: 'Default'
panko::keystone::authtoken::password: {get_param: PankoPassword}
panko::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::auth::auth_password: {get_param: PankoPassword}
panko::auth::auth_region: {get_param: KeystoneRegion}
panko::auth::auth_tenant_name: 'service'
panko::expirer::minute: {get_param: PankoExpirerMinute}
panko::expirer::hour: {get_param: PankoExpirerHour}
panko::expirer::monthday: {get_param: PankoExpirerMonthday}
panko::expirer::month: {get_param: PankoExpirerMonth}
panko::expirer::weekday: {get_param: PankoExpirerWeekday}
service_config_settings:
keystone:
panko::keystone::auth::public_url: {get_param: [EndpointMap, PankoPublic, uri]}
panko::keystone::auth::internal_url: {get_param: [EndpointMap, PankoInternal, uri]}
panko::keystone::auth::admin_url: {get_param: [EndpointMap, PankoAdmin, uri]}
panko::keystone::auth::password: {get_param: PankoPassword}
panko::keystone::auth::region: {get_param: KeystoneRegion}
panko::keystone::auth::tenant: 'service'
mysql:
panko::db::mysql::user: panko
panko::db::mysql::password: {get_param: PankoPassword}
panko::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
panko::db::mysql::dbname: panko
panko::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
# BEGIN DOCKER SETTINGS #
puppet_config:
config_volume: panko
puppet_tags: panko_api_paste_ini,panko_config
step_config:
list_join:
- "\n"
- - "include tripleo::profile::base::panko::api"
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerPankoConfigImage}
kolla_config:
/var/lib/kolla/config_files/panko_api.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d"
dest: "/etc/httpd/conf.d"
merge: false
preserve_properties: true
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/panko
owner: panko:panko
recurse: true
docker_config:
step_2:
get_attr: [PankoApiLogging, docker_config, step_2]
step_3:
panko_db_sync:
image: &panko_api_image {get_param: DockerPankoApiImage}
net: host
detach: false
privileged: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [PankoApiLogging, volumes]}
-
- /var/lib/config-data/panko/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/panko/etc/panko:/etc/panko:ro
command:
# NOTE(jaosorior): When providing extra arguments, we need to make sure that they're part
# of the bash -c invocation, so we include them in the quoted db sync command. Hence the
# final single quote that's part of the list_join.
list_join:
- ' '
- - "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync"
- {get_attr: [PankoApiLogging, cmd_extra_args]}
- "'"
step_4:
panko_api:
start_order: 2
image: *panko_api_image
net: host
privileged: false
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [PankoApiLogging, volumes]}
-
- /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/panko/:/var/lib/kolla/config_files/src:ro
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks: {get_attr: [PankoApiLogging, host_prep_tasks]}
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- panko_api

170
docker/services/panko-api.yaml
View File

@ -1,170 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Panko service configured with docker.
Note, this service is deprecated in Pike release and
will be disabled in future releases.
parameters:
DockerPankoApiImage:
description: image
type: string
DockerPankoConfigImage:
description: The container image to use for the panko config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../deployment/database/mysql-client.yaml
PankoApiPuppetBase:
type: ../../puppet/services/panko-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
PankoApiLogging:
type: OS::TripleO::Services::Logging::PankoApi
outputs:
role_data:
description: Role data for the Panko API role.
value:
service_name: {get_attr: [PankoApiPuppetBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [PankoApiPuppetBase, role_data, config_settings]
- get_attr: [PankoApiLogging, config_settings]
- apache::default_vhost: false
service_config_settings: {get_attr: [PankoApiPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
puppet_config:
config_volume: panko
puppet_tags: panko_api_paste_ini,panko_config
step_config:
list_join:
- "\n"
- - {get_attr: [PankoApiPuppetBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerPankoConfigImage}
kolla_config:
/var/lib/kolla/config_files/panko_api.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d"
dest: "/etc/httpd/conf.d"
merge: false
preserve_properties: true
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/panko
owner: panko:panko
recurse: true
docker_config:
step_2:
get_attr: [PankoApiLogging, docker_config, step_2]
step_3:
panko_db_sync:
image: &panko_api_image {get_param: DockerPankoApiImage}
net: host
detach: false
privileged: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [PankoApiLogging, volumes]}
-
- /var/lib/config-data/panko/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/panko/etc/panko:/etc/panko:ro
command:
# NOTE(jaosorior): When providing extra arguments, we need to make sure that they're part
# of the bash -c invocation, so we include them in the quoted db sync command. Hence the
# final single quote that's part of the list_join.
list_join:
- ' '
- - "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync"
- {get_attr: [PankoApiLogging, cmd_extra_args]}
- "'"
step_4:
panko_api:
start_order: 2
image: *panko_api_image
net: host
privileged: false
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [PankoApiLogging, volumes]}
-
- /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/panko/:/var/lib/kolla/config_files/src:ro
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks: {get_attr: [PankoApiLogging, host_prep_tasks]}
metadata_settings:
get_attr: [PankoApiPuppetBase, role_data, metadata_settings]
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- panko_api

2
environments/baremetal-services.yaml
View File

@ -47,7 +47,7 @@ resource_registry:
OS::TripleO::Services::NovaPlacement: ../puppet/services/nova-placement.yaml
OS::TripleO::Services::NovaScheduler: ../puppet/services/nova-scheduler.yaml
OS::TripleO::Services::NovaVncProxy: ../puppet/services/nova-vnc-proxy.yaml
OS::TripleO::Services::PankoApi: ../puppet/services/panko-api.yaml
OS::TripleO::Services::PankoApi: ../deployment/panko/panko-api-container-puppet.yaml
OS::TripleO::Services::Qdr: OS::Heat::None
OS::TripleO::Services::RabbitMQ: ../puppet/services/rabbitmq.yaml
OS::TripleO::Services::Redis: ../puppet/services/database/redis.yaml

2
environments/services-baremetal/undercloud-panko.yaml
View File

@ -1,2 +1,2 @@
resource_registry:
OS::TripleO::Services::UndercloudPankoApi: ../../puppet/services/panko-api.yaml
OS::TripleO::Services::UndercloudPankoApi: ../../deployment/panko/panko-api-container-puppet.yaml

2
environments/services/undercloud-panko.yaml
View File

@ -1,4 +1,4 @@
# DEPRECATED. This file will be removed in the Stein release as it is no longer
# needed
resource_registry:
OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml
OS::TripleO::Services::PankoApi: ../../deployment/panko/panko-api-container-puppet.yaml

2
overcloud-resource-registry-puppet.j2.yaml
View File

@ -264,7 +264,7 @@ resource_registry:
OS::TripleO::Services::AodhEvaluator: deployment/aodh/aodh-evaluator-container-puppet.yaml
OS::TripleO::Services::AodhListener: deployment/aodh/aodh-listener-container-puppet.yaml
OS::TripleO::Services::AodhNotifier: deployment/aodh/aodh-notifier-container-puppet.yaml
OS::TripleO::Services::PankoApi: docker/services/panko-api.yaml
OS::TripleO::Services::PankoApi: deployment/panko/panko-api-container-puppet.yaml
OS::TripleO::Services::MetricsQdr: OS::Heat::None
OS::TripleO::Services::MistralEngine: OS::Heat::None
OS::TripleO::Services::MistralApi: OS::Heat::None

124
puppet/services/panko-api.yaml
View File

@ -1,124 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Panko API service configured with Puppet.
Note, This service is deprecated in Pike release and will
be disabled in future releases.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
MonitoringSubscriptionPankoApi:
default: 'overcloud-ceilometer-panko-api'
type: string
EnableInternalTLS:
type: boolean
default: false
PankoApiPolicies:
description: |
A hash of policies to configure for Panko API.
e.g. { panko-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
PankoEventTTL:
description: Number of seconds that events are kept in the database
default: '86400'
type: string
resources:
PankoBase:
type: ./panko-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
ApacheServiceBase:
type: ./apache.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
EnableInternalTLS: {get_param: EnableInternalTLS}
outputs:
role_data:
description: Role data for the Panko API service.
value:
service_name: panko_api
monitoring_subscription: {get_param: MonitoringSubscriptionPankoApi}
config_settings:
map_merge:
- get_attr: [PankoBase, role_data, config_settings]
- get_attr: [ApacheServiceBase, role_data, config_settings]
- panko::wsgi::apache::ssl: {get_param: EnableInternalTLS}
panko::wsgi::apache::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
panko::policy::policies: {get_param: PankoApiPolicies}
panko::api::service_name: 'httpd'
panko::api::enable_proxy_headers_parsing: true
panko::api::event_time_to_live: {get_param: PankoEventTTL}
tripleo::panko_api::firewall_rules:
'140 panko-api':
dport:
- 8977
- 13977
panko::api::host:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
panko::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
service_config_settings:
get_attr: [PankoBase, role_data, service_config_settings]
step_config: |
include tripleo::profile::base::panko::api
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks: []

137
puppet/services/panko-base.yaml
View File

@ -1,137 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Panko service configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
PankoPassword:
description: The password for the panko services.
type: string
hidden: true
Debug:
default: false
description: Set to True to enable debugging on all services.
type: boolean
PankoDebug:
default: ''
description: Set to True to enable debugging Panko services.
type: string
constraints:
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
EnablePankoExpirer:
type: boolean
default: true
description: Enable panko expirer to periodically delete events from db
PankoExpirerMinute:
type: string
description: >
Cron to delete events data from db - Minute
default: '1'
PankoExpirerHour:
type: string
description: >
Cron to delete events data from db - Hour
default: '0'
PankoExpirerMonthday:
type: string
description: >
Cron to delete events data from db - Month Day
default: '*'
PankoExpirerMonth:
type: string
description: >
Cron to delete events data from db - Month
default: '*'
PankoExpirerWeekday:
type: string
description: >
Cron to delete events from db - Week Day
default: '*'
conditions:
service_debug_unset: {equals : [{get_param: PankoDebug}, '']}
outputs:
role_data:
description: Role data for the Panko role.
value:
service_name: panko_base
config_settings:
enable_panko_expirer: {get_param: EnablePankoExpirer}
panko::db::database_connection:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
username: panko
password: {get_param: PankoPassword}
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /panko
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
panko::logging::debug:
if:
- service_debug_unset
- {get_param: Debug }
- {get_param: PankoDebug }
panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::keystone::authtoken::project_name: 'service'
panko::keystone::authtoken::user_domain_name: 'Default'
panko::keystone::authtoken::project_domain_name: 'Default'
panko::keystone::authtoken::password: {get_param: PankoPassword}
panko::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::auth::auth_password: {get_param: PankoPassword}
panko::auth::auth_region: {get_param: KeystoneRegion}
panko::auth::auth_tenant_name: 'service'
panko::expirer::minute: {get_param: PankoExpirerMinute}
panko::expirer::hour: {get_param: PankoExpirerHour}
panko::expirer::monthday: {get_param: PankoExpirerMonthday}
panko::expirer::month: {get_param: PankoExpirerMonth}
panko::expirer::weekday: {get_param: PankoExpirerWeekday}
service_config_settings:
keystone:
panko::keystone::auth::public_url: {get_param: [EndpointMap, PankoPublic, uri]}
panko::keystone::auth::internal_url: {get_param: [EndpointMap, PankoInternal, uri]}
panko::keystone::auth::admin_url: {get_param: [EndpointMap, PankoAdmin, uri]}
panko::keystone::auth::password: {get_param: PankoPassword}
panko::keystone::auth::region: {get_param: KeystoneRegion}
panko::keystone::auth::tenant: 'service'
mysql:
panko::db::mysql::user: panko
panko::db::mysql::password: {get_param: PankoPassword}
panko::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
panko::db::mysql::dbname: panko
panko::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"