heat_template_version: rocky description: > OpenStack containerized Tacker service parameters: DockerTackerImage: description: image type: string DockerTackerConfigImage: description: The container image to use for the tacker config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json TackerPassword: description: The password for the tacker service account. type: string hidden: true Debug: type: boolean default: false description: Set to True to enable debugging on all services. TackerDebug: default: '' description: Set to True to enable debugging Tacker service. type: string constraints: - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE'] KeystoneRegion: type: string default: 'regionOne' description: Keystone region for endpoint TackerPolicies: description: | A hash of policies to configure for Tacker. e.g. { tacker-context_is_admin: { key: context_is_admin, value: 'role:admin' } } default: {} type: json NotificationDriver: type: string default: 'messagingv2' description: Driver or drivers to handle sending notifications. RpcPort: default: 5672 description: The network port for messaging backend type: number RpcUserName: default: guest description: The username for messaging backend type: string RpcPassword: description: The password for messaging backend type: string hidden: true RpcUseSSL: default: false description: > Messaging client subscriber parameter to specify an SSL connection to the messaging host. type: string parameter_groups: - label: deprecated description: | The following parameters are deprecated and will be removed. They should not be relied on for new deployments. If you have concerns regarding deprecated parameters, please contact the TripleO development team on IRC or the OpenStack mailing list. parameters: - RpcPort - RpcUserName - RpcPassword - RpcUseSSL conditions: service_debug_unset: {equals : [{get_param: TackerDebug}, '']} resources: ContainersCommon: type: ../containers-common.yaml MySQLClient: type: ../database/mysql-client.yaml outputs: role_data: description: Role data for the Tacker role. value: service_name: tacker config_settings: tacker_password: {get_param: TackerPassword} tacker::db::database_connection: make_url: scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} username: tacker password: {get_param: TackerPassword} host: {get_param: [EndpointMap, MysqlInternal, host]} path: /tacker query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo tacker::logging::debug: if: - service_debug_unset - {get_param: Debug } - {get_param: TackerDebug } tacker::notification_driver: {get_param: NotificationDriver} tacker::server::bind_host: str_replace: template: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, TackerApiNetwork]} tacker::keystone::authtoken::project_name: 'service' tacker::keystone::authtoken::user_domain_name: 'Default' tacker::keystone::authtoken::project_domain_name: 'Default' tacker::keystone::authtoken::password: {get_param: TackerPassword} tacker::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} tacker::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} tacker::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} tacker::db::mysql::password: {get_param: TackerPassword} tacker::db::mysql::user: tacker tacker::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} tacker::db::mysql::dbname: tacker tacker::db::mysql::allowed_hosts: - '%' - {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} tacker::policy::policies: {get_param: TackerPolicies} tripleo::tacker::firewall_rules: '113 tacker': dport: - 9890 - 13989 service_config_settings: keystone: tacker::keystone::auth::tenant: 'service' tacker::keystone::auth::region: {get_param: KeystoneRegion} tacker::keystone::auth::password: {get_param: TackerPassword} tacker::keystone::auth::public_url: {get_param: [EndpointMap, TackerPublic, uri]} tacker::keystone::auth::internal_url: {get_param: [EndpointMap, TackerInternal, uri]} tacker::keystone::auth::admin_url: {get_param: [EndpointMap, TackerAdmin, uri]} # BEGIN DOCKER SETTINGS puppet_config: config_volume: tacker puppet_tags: tacker_config step_config: list_join: - "\n" - - "include ::tripleo::profile::base::tacker" - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_param: DockerTackerConfigImage} kolla_config: /var/lib/kolla/config_files/tacker_api.json: command: /usr/bin/tacker-server --config-file=/etc/tacker/tacker.conf --log-file=/var/log/tacker/api.log config_files: - source: "/var/lib/kolla/config_files/src/*" dest: "/" merge: true preserve_properties: true permissions: - path: /var/log/tacker owner: tacker:tacker recurse: true docker_config: # db sync runs before permissions set by kolla_config step_2: tacker_init_logs: image: &tacker_image {get_param: DockerTackerImage} net: none privileged: false user: root volumes: - /var/log/containers/tacker:/var/log/tacker command: ['/bin/bash', '-c', 'chown -R tacker:tacker /var/log/tacker'] step_3: tacker_db_sync: image: *tacker_image net: host privileged: false detach: false user: root volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - # FIXME(mandre) mounting /etc rw to workaround LP1696283 # This should go away anyway and mount the exact files it # needs or use kolla set_configs.py - /var/lib/config-data/tacker/etc/:/etc/ - /var/log/containers/tacker:/var/log/tacker command: "/usr/bin/bootstrap_host_exec tacker su tacker -s /bin/bash -c 'tacker-db-manage --config-file /etc/tacker/tacker.conf upgrade head'" step_4: tacker_api: image: *tacker_image net: host privileged: false restart: always healthcheck: test: /openstack/healthcheck volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/tacker_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/tacker/:/var/lib/kolla/config_files/src:ro - /var/log/containers/tacker:/var/log/tacker environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - name: create persistent directories file: path: "{{ item.path }}" state: directory setype: "{{ item.setype }}" with_items: - { 'path': /var/log/tacker, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/containers/tacker, 'setype': svirt_sandbox_file_t } - name: tacker logs readme copy: dest: /var/log/tacker/readme.txt content: | Log files from tacker containers can be found under /var/log/containers/tacker. ignore_errors: true upgrade_tasks: [] post_upgrade_tasks: - when: step|int == 1 import_role: name: tripleo-docker-rm vars: containers_to_rm: - tacker_api