diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml index b9ac04c279..4088084106 100644 --- a/ci/environments/scenario001-multinode-containers.yaml +++ b/ci/environments/scenario001-multinode-containers.yaml @@ -5,7 +5,7 @@ resource_registry: OS::TripleO::Services::CephMon: ../../docker/services/ceph-ansible/ceph-mon.yaml OS::TripleO::Services::CephOSD: ../../docker/services/ceph-ansible/ceph-osd.yaml OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml - OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml + OS::TripleO::Services::PankoApi: ../../deployment/panko/panko-api-container-puppet.yaml OS::TripleO::Services::Collectd: ../../docker/services/metrics/collectd.yaml OS::TripleO::Services::MetricsQdr: ../../docker/services/metrics/qdr.yaml OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml diff --git a/ci/environments/scenario001-standalone.yaml b/ci/environments/scenario001-standalone.yaml index 0cf034ca2c..83aa8dff98 100644 --- a/ci/environments/scenario001-standalone.yaml +++ b/ci/environments/scenario001-standalone.yaml @@ -10,7 +10,7 @@ resource_registry: OS::TripleO::Services::CephMon: ../../docker/services/ceph-ansible/ceph-mon.yaml OS::TripleO::Services::CephOSD: ../../docker/services/ceph-ansible/ceph-osd.yaml OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml - OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml + OS::TripleO::Services::PankoApi: ../../deployment/panko/panko-api-container-puppet.yaml OS::TripleO::Services::Collectd: ../../docker/services/metrics/collectd.yaml OS::TripleO::Services::GnocchiApi: ../../docker/services/gnocchi-api.yaml OS::TripleO::Services::GnocchiMetricd: ../../docker/services/gnocchi-metricd.yaml diff --git a/ci/environments/scenario002-multinode-containers.yaml b/ci/environments/scenario002-multinode-containers.yaml index ca42c4b569..08fcc0909f 100644 --- a/ci/environments/scenario002-multinode-containers.yaml +++ b/ci/environments/scenario002-multinode-containers.yaml @@ -4,7 +4,7 @@ resource_registry: OS::TripleO::Services::BarbicanApi: ../../docker/services/barbican-api.yaml OS::TripleO::Services::Zaqar: ../../deployment/zaqar/zaqar-container-puppet.yaml OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml - OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml + OS::TripleO::Services::PankoApi: ../../deployment/panko/panko-api-container-puppet.yaml OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml diff --git a/ci/environments/scenario002-standalone.yaml b/ci/environments/scenario002-standalone.yaml index cea5463538..5c2e89443f 100644 --- a/ci/environments/scenario002-standalone.yaml +++ b/ci/environments/scenario002-standalone.yaml @@ -16,7 +16,7 @@ resource_registry: OS::TripleO::Services::BarbicanApi: ../../docker/services/barbican-api.yaml OS::TripleO::Services::Zaqar: ../../deployment/zaqar/zaqar-container-puppet.yaml OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml - OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml + OS::TripleO::Services::PankoApi: ../../deployment/panko/panko-api-container-puppet.yaml OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml diff --git a/deployment/panko/panko-api-container-puppet.yaml b/deployment/panko/panko-api-container-puppet.yaml new file mode 100644 index 0000000000..b7245fd9b1 --- /dev/null +++ b/deployment/panko/panko-api-container-puppet.yaml @@ -0,0 +1,312 @@ +heat_template_version: rocky + +description: > + OpenStack Panko service configured with docker. + Note, this service is deprecated in Pike release and + will be disabled in future releases. + +parameters: + DockerPankoApiImage: + description: image + type: string + DockerPankoConfigImage: + description: The container image to use for the panko config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EnableInternalTLS: + type: boolean + default: false + MonitoringSubscriptionPankoApi: + default: 'overcloud-ceilometer-panko-api' + type: string + PankoApiPolicies: + description: | + A hash of policies to configure for Panko API. + e.g. { panko-context_is_admin: { key: context_is_admin, value: 'role:admin' } } + default: {} + type: json + PankoEventTTL: + description: Number of seconds that events are kept in the database + default: '86400' + type: string + PankoPassword: + description: The password for the panko services. + type: string + hidden: true + Debug: + default: false + description: Set to True to enable debugging on all services. + type: boolean + PankoDebug: + default: '' + description: Set to True to enable debugging Panko services. + type: string + constraints: + - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE'] + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + EnablePankoExpirer: + type: boolean + default: true + description: Enable panko expirer to periodically delete events from db + PankoExpirerMinute: + type: string + description: > + Cron to delete events data from db - Minute + default: '1' + PankoExpirerHour: + type: string + description: > + Cron to delete events data from db - Hour + default: '0' + PankoExpirerMonthday: + type: string + description: > + Cron to delete events data from db - Month Day + default: '*' + PankoExpirerMonth: + type: string + description: > + Cron to delete events data from db - Month + default: '*' + PankoExpirerWeekday: + type: string + description: > + Cron to delete events from db - Week Day + default: '*' + +conditions: + service_debug_unset: {equals : [{get_param: PankoDebug}, '']} + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + +resources: + + ContainersCommon: + type: ../../docker/services/containers-common.yaml + + MySQLClient: + type: ../database/mysql-client.yaml + + ApacheServiceBase: + type: ../../puppet/services/apache.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + + PankoApiLogging: + type: OS::TripleO::Services::Logging::PankoApi + +outputs: + role_data: + description: Role data for the Panko API role. + value: + service_name: panko_api + monitoring_subscription: {get_param: MonitoringSubscriptionPankoApi} + config_settings: + map_merge: + - get_attr: [ApacheServiceBase, role_data, config_settings] + - get_attr: [PankoApiLogging, config_settings] + - apache::default_vhost: false + panko::wsgi::apache::ssl: {get_param: EnableInternalTLS} + panko::wsgi::apache::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} + panko::policy::policies: {get_param: PankoApiPolicies} + panko::api::service_name: 'httpd' + panko::api::enable_proxy_headers_parsing: true + panko::api::event_time_to_live: {get_param: PankoEventTTL} + tripleo::panko_api::firewall_rules: + '140 panko-api': + dport: + - 8977 + - 13977 + panko::api::host: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} + # NOTE: bind IP is found in hiera replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + panko::wsgi::apache::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} + enable_panko_expirer: {get_param: EnablePankoExpirer} + panko::db::database_connection: + make_url: + scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} + username: panko + password: {get_param: PankoPassword} + host: {get_param: [EndpointMap, MysqlInternal, host]} + path: /panko + query: + read_default_file: /etc/my.cnf.d/tripleo.cnf + read_default_group: tripleo + panko::logging::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: PankoDebug } + panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + panko::keystone::authtoken::project_name: 'service' + panko::keystone::authtoken::user_domain_name: 'Default' + panko::keystone::authtoken::project_domain_name: 'Default' + panko::keystone::authtoken::password: {get_param: PankoPassword} + panko::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + panko::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + panko::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + panko::auth::auth_password: {get_param: PankoPassword} + panko::auth::auth_region: {get_param: KeystoneRegion} + panko::auth::auth_tenant_name: 'service' + panko::expirer::minute: {get_param: PankoExpirerMinute} + panko::expirer::hour: {get_param: PankoExpirerHour} + panko::expirer::monthday: {get_param: PankoExpirerMonthday} + panko::expirer::month: {get_param: PankoExpirerMonth} + panko::expirer::weekday: {get_param: PankoExpirerWeekday} + service_config_settings: + keystone: + panko::keystone::auth::public_url: {get_param: [EndpointMap, PankoPublic, uri]} + panko::keystone::auth::internal_url: {get_param: [EndpointMap, PankoInternal, uri]} + panko::keystone::auth::admin_url: {get_param: [EndpointMap, PankoAdmin, uri]} + panko::keystone::auth::password: {get_param: PankoPassword} + panko::keystone::auth::region: {get_param: KeystoneRegion} + panko::keystone::auth::tenant: 'service' + mysql: + panko::db::mysql::user: panko + panko::db::mysql::password: {get_param: PankoPassword} + panko::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + panko::db::mysql::dbname: panko + panko::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: panko + puppet_tags: panko_api_paste_ini,panko_config + step_config: + list_join: + - "\n" + - - "include tripleo::profile::base::panko::api" + - {get_attr: [MySQLClient, role_data, step_config]} + config_image: {get_param: DockerPankoConfigImage} + kolla_config: + /var/lib/kolla/config_files/panko_api.json: + command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d" + dest: "/etc/httpd/conf.d" + merge: false + preserve_properties: true + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/panko + owner: panko:panko + recurse: true + docker_config: + step_2: + get_attr: [PankoApiLogging, docker_config, step_2] + step_3: + panko_db_sync: + image: &panko_api_image {get_param: DockerPankoApiImage} + net: host + detach: false + privileged: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - {get_attr: [PankoApiLogging, volumes]} + - + - /var/lib/config-data/panko/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro + - /var/lib/config-data/panko/etc/panko:/etc/panko:ro + command: + # NOTE(jaosorior): When providing extra arguments, we need to make sure that they're part + # of the bash -c invocation, so we include them in the quoted db sync command. Hence the + # final single quote that's part of the list_join. + list_join: + - ' ' + - - "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync" + - {get_attr: [PankoApiLogging, cmd_extra_args]} + - "'" + step_4: + panko_api: + start_order: 2 + image: *panko_api_image + net: host + privileged: false + restart: always + healthcheck: + test: /openstack/healthcheck + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - {get_attr: [PankoApiLogging, volumes]} + - + - /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/panko/:/var/lib/kolla/config_files/src:ro + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: {get_attr: [PankoApiLogging, host_prep_tasks]} + metadata_settings: + get_attr: [ApacheServiceBase, role_data, metadata_settings] + post_upgrade_tasks: + - when: step|int == 1 + import_role: + name: tripleo-docker-rm + vars: + containers_to_rm: + - panko_api diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml deleted file mode 100644 index 4acbc6ad48..0000000000 --- a/docker/services/panko-api.yaml +++ /dev/null @@ -1,170 +0,0 @@ -heat_template_version: rocky - -description: > - OpenStack Panko service configured with docker. - Note, this service is deprecated in Pike release and - will be disabled in future releases. - -parameters: - DockerPankoApiImage: - description: image - type: string - DockerPankoConfigImage: - description: The container image to use for the panko config_volume - type: string - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EnableInternalTLS: - type: boolean - default: false - -conditions: - - internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} - -resources: - - ContainersCommon: - type: ./containers-common.yaml - - MySQLClient: - type: ../../deployment/database/mysql-client.yaml - - PankoApiPuppetBase: - type: ../../puppet/services/panko-api.yaml - properties: - EndpointMap: {get_param: EndpointMap} - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - - PankoApiLogging: - type: OS::TripleO::Services::Logging::PankoApi - -outputs: - role_data: - description: Role data for the Panko API role. - value: - service_name: {get_attr: [PankoApiPuppetBase, role_data, service_name]} - config_settings: - map_merge: - - get_attr: [PankoApiPuppetBase, role_data, config_settings] - - get_attr: [PankoApiLogging, config_settings] - - apache::default_vhost: false - service_config_settings: {get_attr: [PankoApiPuppetBase, role_data, service_config_settings]} - # BEGIN DOCKER SETTINGS # - puppet_config: - config_volume: panko - puppet_tags: panko_api_paste_ini,panko_config - step_config: - list_join: - - "\n" - - - {get_attr: [PankoApiPuppetBase, role_data, step_config]} - - {get_attr: [MySQLClient, role_data, step_config]} - config_image: {get_param: DockerPankoConfigImage} - kolla_config: - /var/lib/kolla/config_files/panko_api.json: - command: /usr/sbin/httpd -DFOREGROUND - config_files: - - source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d" - dest: "/etc/httpd/conf.d" - merge: false - preserve_properties: true - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - permissions: - - path: /var/log/panko - owner: panko:panko - recurse: true - docker_config: - step_2: - get_attr: [PankoApiLogging, docker_config, step_2] - step_3: - panko_db_sync: - image: &panko_api_image {get_param: DockerPankoApiImage} - net: host - detach: false - privileged: false - user: root - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - {get_attr: [PankoApiLogging, volumes]} - - - - /var/lib/config-data/panko/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro - - /var/lib/config-data/panko/etc/panko:/etc/panko:ro - command: - # NOTE(jaosorior): When providing extra arguments, we need to make sure that they're part - # of the bash -c invocation, so we include them in the quoted db sync command. Hence the - # final single quote that's part of the list_join. - list_join: - - ' ' - - - "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync" - - {get_attr: [PankoApiLogging, cmd_extra_args]} - - "'" - step_4: - panko_api: - start_order: 2 - image: *panko_api_image - net: host - privileged: false - restart: always - healthcheck: - test: /openstack/healthcheck - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - {get_attr: [PankoApiLogging, volumes]} - - - - /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/puppet-generated/panko/:/var/lib/kolla/config_files/src:ro - - - if: - - internal_tls_enabled - - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro - - '' - - - if: - - internal_tls_enabled - - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro - - '' - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - host_prep_tasks: {get_attr: [PankoApiLogging, host_prep_tasks]} - metadata_settings: - get_attr: [PankoApiPuppetBase, role_data, metadata_settings] - post_upgrade_tasks: - - when: step|int == 1 - import_role: - name: tripleo-docker-rm - vars: - containers_to_rm: - - panko_api diff --git a/environments/baremetal-services.yaml b/environments/baremetal-services.yaml index a1cbe567a5..6643bf7052 100644 --- a/environments/baremetal-services.yaml +++ b/environments/baremetal-services.yaml @@ -47,7 +47,7 @@ resource_registry: OS::TripleO::Services::NovaPlacement: ../puppet/services/nova-placement.yaml OS::TripleO::Services::NovaScheduler: ../puppet/services/nova-scheduler.yaml OS::TripleO::Services::NovaVncProxy: ../puppet/services/nova-vnc-proxy.yaml - OS::TripleO::Services::PankoApi: ../puppet/services/panko-api.yaml + OS::TripleO::Services::PankoApi: ../deployment/panko/panko-api-container-puppet.yaml OS::TripleO::Services::Qdr: OS::Heat::None OS::TripleO::Services::RabbitMQ: ../puppet/services/rabbitmq.yaml OS::TripleO::Services::Redis: ../puppet/services/database/redis.yaml diff --git a/environments/services-baremetal/undercloud-panko.yaml b/environments/services-baremetal/undercloud-panko.yaml index da34ab0de0..4da782b59a 100644 --- a/environments/services-baremetal/undercloud-panko.yaml +++ b/environments/services-baremetal/undercloud-panko.yaml @@ -1,2 +1,2 @@ resource_registry: - OS::TripleO::Services::UndercloudPankoApi: ../../puppet/services/panko-api.yaml + OS::TripleO::Services::UndercloudPankoApi: ../../deployment/panko/panko-api-container-puppet.yaml diff --git a/environments/services/undercloud-panko.yaml b/environments/services/undercloud-panko.yaml index a19faa74dc..9d75a6e83c 100644 --- a/environments/services/undercloud-panko.yaml +++ b/environments/services/undercloud-panko.yaml @@ -1,4 +1,4 @@ # DEPRECATED. This file will be removed in the Stein release as it is no longer # needed resource_registry: - OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml + OS::TripleO::Services::PankoApi: ../../deployment/panko/panko-api-container-puppet.yaml diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 25d5091d75..0872106028 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -264,7 +264,7 @@ resource_registry: OS::TripleO::Services::AodhEvaluator: deployment/aodh/aodh-evaluator-container-puppet.yaml OS::TripleO::Services::AodhListener: deployment/aodh/aodh-listener-container-puppet.yaml OS::TripleO::Services::AodhNotifier: deployment/aodh/aodh-notifier-container-puppet.yaml - OS::TripleO::Services::PankoApi: docker/services/panko-api.yaml + OS::TripleO::Services::PankoApi: deployment/panko/panko-api-container-puppet.yaml OS::TripleO::Services::MetricsQdr: OS::Heat::None OS::TripleO::Services::MistralEngine: OS::Heat::None OS::TripleO::Services::MistralApi: OS::Heat::None diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml deleted file mode 100644 index 04fb392f19..0000000000 --- a/puppet/services/panko-api.yaml +++ /dev/null @@ -1,124 +0,0 @@ -heat_template_version: rocky - -description: > - OpenStack Panko API service configured with Puppet. - Note, This service is deprecated in Pike release and will - be disabled in future releases. - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - MonitoringSubscriptionPankoApi: - default: 'overcloud-ceilometer-panko-api' - type: string - EnableInternalTLS: - type: boolean - default: false - PankoApiPolicies: - description: | - A hash of policies to configure for Panko API. - e.g. { panko-context_is_admin: { key: context_is_admin, value: 'role:admin' } } - default: {} - type: json - PankoEventTTL: - description: Number of seconds that events are kept in the database - default: '86400' - type: string - -resources: - PankoBase: - type: ./panko-base.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - - ApacheServiceBase: - type: ./apache.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - EnableInternalTLS: {get_param: EnableInternalTLS} - -outputs: - role_data: - description: Role data for the Panko API service. - value: - service_name: panko_api - monitoring_subscription: {get_param: MonitoringSubscriptionPankoApi} - config_settings: - map_merge: - - get_attr: [PankoBase, role_data, config_settings] - - get_attr: [ApacheServiceBase, role_data, config_settings] - - panko::wsgi::apache::ssl: {get_param: EnableInternalTLS} - panko::wsgi::apache::servername: - str_replace: - template: - "%{hiera('fqdn_$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} - panko::policy::policies: {get_param: PankoApiPolicies} - panko::api::service_name: 'httpd' - panko::api::enable_proxy_headers_parsing: true - panko::api::event_time_to_live: {get_param: PankoEventTTL} - tripleo::panko_api::firewall_rules: - '140 panko-api': - dport: - - 8977 - - 13977 - panko::api::host: - str_replace: - template: - "%{hiera('fqdn_$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} - # NOTE: bind IP is found in hiera replacing the network name with the - # local node IP for the given network; replacement examples - # (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - panko::wsgi::apache::bind_host: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} - service_config_settings: - get_attr: [PankoBase, role_data, service_config_settings] - step_config: | - include tripleo::profile::base::panko::api - metadata_settings: - get_attr: [ApacheServiceBase, role_data, metadata_settings] - upgrade_tasks: [] diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml deleted file mode 100644 index 7bbb4ba8e8..0000000000 --- a/puppet/services/panko-base.yaml +++ /dev/null @@ -1,137 +0,0 @@ -heat_template_version: rocky - -description: > - OpenStack Panko service configured with Puppet - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - PankoPassword: - description: The password for the panko services. - type: string - hidden: true - Debug: - default: false - description: Set to True to enable debugging on all services. - type: boolean - PankoDebug: - default: '' - description: Set to True to enable debugging Panko services. - type: string - constraints: - - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE'] - KeystoneRegion: - type: string - default: 'regionOne' - description: Keystone region for endpoint - EnablePankoExpirer: - type: boolean - default: true - description: Enable panko expirer to periodically delete events from db - PankoExpirerMinute: - type: string - description: > - Cron to delete events data from db - Minute - default: '1' - PankoExpirerHour: - type: string - description: > - Cron to delete events data from db - Hour - default: '0' - PankoExpirerMonthday: - type: string - description: > - Cron to delete events data from db - Month Day - default: '*' - PankoExpirerMonth: - type: string - description: > - Cron to delete events data from db - Month - default: '*' - PankoExpirerWeekday: - type: string - description: > - Cron to delete events from db - Week Day - default: '*' - -conditions: - service_debug_unset: {equals : [{get_param: PankoDebug}, '']} - -outputs: - role_data: - description: Role data for the Panko role. - value: - service_name: panko_base - config_settings: - enable_panko_expirer: {get_param: EnablePankoExpirer} - panko::db::database_connection: - make_url: - scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} - username: panko - password: {get_param: PankoPassword} - host: {get_param: [EndpointMap, MysqlInternal, host]} - path: /panko - query: - read_default_file: /etc/my.cnf.d/tripleo.cnf - read_default_group: tripleo - panko::logging::debug: - if: - - service_debug_unset - - {get_param: Debug } - - {get_param: PankoDebug } - panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } - panko::keystone::authtoken::project_name: 'service' - panko::keystone::authtoken::user_domain_name: 'Default' - panko::keystone::authtoken::project_domain_name: 'Default' - panko::keystone::authtoken::password: {get_param: PankoPassword} - panko::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } - panko::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } - panko::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } - panko::auth::auth_password: {get_param: PankoPassword} - panko::auth::auth_region: {get_param: KeystoneRegion} - panko::auth::auth_tenant_name: 'service' - panko::expirer::minute: {get_param: PankoExpirerMinute} - panko::expirer::hour: {get_param: PankoExpirerHour} - panko::expirer::monthday: {get_param: PankoExpirerMonthday} - panko::expirer::month: {get_param: PankoExpirerMonth} - panko::expirer::weekday: {get_param: PankoExpirerWeekday} - service_config_settings: - keystone: - panko::keystone::auth::public_url: {get_param: [EndpointMap, PankoPublic, uri]} - panko::keystone::auth::internal_url: {get_param: [EndpointMap, PankoInternal, uri]} - panko::keystone::auth::admin_url: {get_param: [EndpointMap, PankoAdmin, uri]} - panko::keystone::auth::password: {get_param: PankoPassword} - panko::keystone::auth::region: {get_param: KeystoneRegion} - panko::keystone::auth::tenant: 'service' - mysql: - panko::db::mysql::user: panko - panko::db::mysql::password: {get_param: PankoPassword} - panko::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - panko::db::mysql::dbname: panko - panko::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}"