heat_template_version: rocky description: > OpenStack containerized Mistral Executor service parameters: ContainerMistralExecutorImage: description: image type: string DockerMistralExecutorUlimit: default: ['nofile=1024'] description: ulimit for Mistral Executor Container type: comma_delimited_list ContainerMistralConfigImage: description: The container image to use for the mistral config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json MistralExecutorVolumes: default: [] description: List of additional volumes to mount into the mistral-executor container type: comma_delimited_list MistralExecutorExtraVolumes: default: [] description: List of user-provided additional volumes to mount into the mistral-executor container type: comma_delimited_list UndercloudConfigFilePath: default: '' description: Configuration file for Undercloud, needed by TripleO Validations. type: string ContainerCli: type: string default: 'podman' description: CLI tool used to manage containers. constraints: - allowed_values: ['docker', 'podman'] MistralDockerGroup: default: false description: Add the mistral user to the docker group to allow actions to perform docker operations. type: boolean TripleoAdminUser: default: 'tripleo-admin' description: Name of user which manages the hosts type: string MountBackupFilesystemPaths: default: false description: Set to True to mount all directories stated in BackupFilesystemPaths type: boolean BackupBaseMountpoint: default: '/backup' description: Absolute paths to directory, which will use as a base directory for all mounted directories marked for backup type: string BackupFilesystemPaths: description: Absolute paths to directories, which should be included during filesystem backup on undercloud type: json default: - /etc/hiera.yaml - /etc/puppet/ - /var/lib/config-data/ conditions: docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']} mount_backup_filesystem: {equals : [{get_param: MountBackupFilesystemPaths}, true]} resources: ContainersCommon: type: ../containers-common.yaml MySQLClient: type: ../database/mysql-client.yaml MistralBase: type: ./mistral-base.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} outputs: role_data: description: Role data for the Mistral Executor role. value: service_name: mistral_executor config_settings: map_merge: - get_attr: [MistralBase, role_data, config_settings] # Note: the hiera parameter will only work if the TripleO validations # are run from Mistral Executor container. If the parameter is # needed on the host, it'll have to be defined somewhere else too. # The hiera param is set to the same value as the bind mound location # of the file inside the container. - tripleo_undercloud_conf_file: '/var/lib/mistral/undercloud.conf' tripleo::profile::base::mistral::executor::docker_group: {get_param: MistralDockerGroup} service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: config_volume: mistral puppet_tags: mistral_config,user,group step_config: list_join: - "\n" - - include tripleo::profile::base::mistral::executor - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_param: ContainerMistralConfigImage} volumes: list_concat: - if: - docker_enabled - - /run/docker.sock:/run/docker.sock:rw - null kolla_config: /var/lib/kolla/config_files/mistral_executor.json: command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor config_files: list_concat: - - source: "/var/lib/kolla/config_files/src/*" dest: "/" merge: true preserve_properties: true permissions: - path: /var/log/mistral owner: mistral:mistral recurse: true - path: /var/lib/mistral owner: mistral:mistral recurse: true docker_config: step_4: mistral_executor: image: {get_param: ContainerMistralExecutorImage} ulimit: {get_param: DockerMistralExecutorUlimit} net: host privileged: false restart: always healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]} volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/mistral:/var/lib/kolla/config_files/src:ro - /var/log/containers/mistral:/var/log/mistral:z - /var/lib/mistral:/var/lib/mistral:z - /usr/share/ansible/:/usr/share/ansible/:ro - /var/lib/config-data/puppet-generated:/var/lib/config-data/puppet-generated:ro - /usr/share/openstack-tripleo-validations:/usr/share/openstack-tripleo-validations:ro - /usr/share/openstack-tripleo-heat-templates:/usr/share/openstack-tripleo-heat-templates:ro - {get_param: MistralExecutorVolumes} - {get_param: MistralExecutorExtraVolumes} - - str_replace: template: '/home/tripleo-admin:/home/tripleo-admin' params: tripleo-admin: {get_param: TripleoAdminUser} - if: - mount_backup_filesystem - repeat: for_each: PATH: {get_param: BackupFilesystemPaths} template: list_join: - ':' - - 'PATH' - list_join: - '/' - - {get_param: BackupBaseMountpoint} - 'PATH' - 'ro' expression: > ($.data.paths + $.data.extra_plugins) .flatten().distinct() - null environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS env_file: /etc/environment host_prep_tasks: - set_fact: tripleo_admin_user: {get_param: TripleoAdminUser} undercloud_cfg_file: {get_param: UndercloudConfigFilePath} - import_role: name: tripleo_create_admin tasks_from: create_user.yml vars: tripleo_admin_generate_key: true - name: create persistent directories file: path: "{{ item.path }}" state: directory setype: "{{ item.setype }}" mode: "{{ item.mode|default(omit) }}" with_items: - { 'path': /var/log/containers/mistral, 'setype': container_file_t, 'mode': '0750' } - { 'path': /var/lib/mistral, 'setype': container_file_t, 'mode': '0751' } - name: create mistral/.ssh directory file: path: /var/lib/mistral/.ssh state: directory mode: 0700 - name: copy tripleo-admin private key to /var/lib/mistral/.ssh copy: remote_src: yes src: /home/{{ tripleo_admin_user }}/.ssh/id_rsa dest: /var/lib/mistral/.ssh/{{ tripleo_admin_user }}-rsa mode: 0600 - name: copy undercloud.conf to /var/lib/mistral/ when: undercloud_cfg_file != '' copy: src: "{{ undercloud_cfg_file }}" dest: /var/lib/mistral/undercloud.conf mode: 0444 setype: container_file_t local_follow: true - name: create ceph-ansible source directory file: path: /usr/share/ceph-ansible state: directory setype: container_file_t - name: create octavia-amphora-images directory file: path: /usr/share/openstack-octavia-amphora-images state: directory setype: container_file_t - name: enable virt_sandbox_use_netlink for healthcheck seboolean: name: virt_sandbox_use_netlink persistent: yes state: yes