heat_template_version: rocky description: > OpenStack containerized Zaqar services parameters: ContainerZaqarImage: description: image type: string ContainerZaqarConfigImage: description: The container image to use for the zaqar config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json DeployIdentifier: default: '' type: string description: > Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. Debug: type: boolean description: Set to True to enable debugging on all services. default: false ZaqarDebug: default: '' description: Set to True to enable debugging Zaqar service. type: string constraints: - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE'] EnableSQLAlchemyCollectd: type: boolean description: > Set to true to enable the SQLAlchemy-collectd server plugin default: false ZaqarPassword: description: The password for Zaqar type: string hidden: true KeystoneRegion: type: string default: 'regionOne' description: Keystone region for endpoint ZaqarPolicies: description: | A hash of policies to configure for Zaqar. e.g. { zaqar-context_is_admin: { key: context_is_admin, value: 'role:admin' } } default: {} type: json ZaqarWorkers: type: string description: Set the number of workers for zaqar::wsgi::apache default: '%{::os_workers}' ZaqarMessageStore: type: string description: The messaging store for Zaqar default: redis ZaqarManagementStore: type: string description: The management store for Zaqar default: redis EnableInternalTLS: type: boolean default: false RedisPassword: description: The password for the redis service account. type: string hidden: true conditions: internal_tls_enabled: {get_param: EnableInternalTLS} service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']} zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']} zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]} zaqar_messaging_store_swift: {equals : [{get_param: ZaqarMessageStore}, 'swift']} zaqar_messaging_store_redis: {equals : [{get_param: ZaqarMessageStore}, 'redis']} enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]} resources: ApacheServiceBase: type: ../../deployment/apache/apache-baremetal-puppet.yaml properties: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} EnableInternalTLS: {get_param: EnableInternalTLS} ContainersCommon: type: ../containers-common.yaml MySQLClient: type: ../database/mysql-client.yaml outputs: role_data: description: Role data for the Zaqar API role. value: service_name: zaqar_api firewall_rules: '113 zaqar_api': dport: - 9000 - 8888 - 3000 #SSL for websocket - 13888 #SSL for api keystone_resources: zaqar: endpoints: public: {get_param: [EndpointMap, ZaqarPublic, uri]} internal: {get_param: [EndpointMap, ZaqarInternal, uri]} admin: {get_param: [EndpointMap, ZaqarAdmin, uri]} users: zaqar: password: {get_param: ZaqarPassword} region: {get_param: KeystoneRegion} service: 'messaging' zaqar-websocket: endpoints: public: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]} internal: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]} admin: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]} users: zaqar-websocket: password: {get_param: ZaqarPassword} region: {get_param: KeystoneRegion} service: 'messaging-websocket' config_settings: map_merge: - get_attr: [ApacheServiceBase, role_data, config_settings] - zaqar::policy::policies: {get_param: ZaqarPolicies} zaqar::keystone::authtoken::password: {get_param: ZaqarPassword} zaqar::keystone::authtoken::project_name: 'service' zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} zaqar::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} zaqar::keystone::authtoken::region_name: {get_param: KeystoneRegion} zaqar::keystone::authtoken::interface: 'internal' zaqar::keystone::trust::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} zaqar::logging::debug: if: - service_debug_unset - {get_param: Debug } - {get_param: ZaqarDebug } zaqar::server::service_name: 'httpd' zaqar::transport::websocket::bind: str_replace: template: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]} zaqar::transport::websocket::notification_bind: str_replace: template: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]} zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS} zaqar::wsgi::apache::bind_host: str_replace: template: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]} zaqar::message_pipeline: 'zaqar.notification.notifier' zaqar::max_messages_post_size: 2097152 zaqar::unreliable: true zaqar::wsgi::apache::servername: str_replace: template: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]} zaqar::message_store: {get_param: ZaqarMessageStore} zaqar::management_store: {get_param: ZaqarManagementStore} - if: - zaqar_messaging_store_swift - zaqar::messaging::swift::uri: list_join: - '' - ['swift://zaqar:', {get_param: ZaqarPassword}, '@/service'] zaqar::messaging::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } tripleo::profile::base::zaqar::messaging_store: 'swift' - {} - if: - zaqar_messaging_store_redis - zaqar_redis_password: {get_param: RedisPassword} tripleo::profile::base::zaqar::messaging_store: 'redis' - {} - if: - zaqar_management_store_sqlalchemy - tripleo::profile::base::zaqar::management_store: 'sqlalchemy' zaqar::management::sqlalchemy::uri: make_url: scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} username: zaqar password: {get_param: ZaqarPassword} host: {get_param: [EndpointMap, MysqlInternal, host]} path: /zaqar query: if: - enable_sqlalchemy_collectd - read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo plugin: collectd collectd_program_name: zaqar collectd_host: localhost - read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - {} - if: - zaqar_workers_zero - {} - zaqar::wsgi::apache::workers: {get_param: ZaqarWorkers} service_config_settings: map_merge: - keystone: zaqar::keystone::trust::password: {get_param: ZaqarPassword} zaqar::keystone::trust::user_domain_name: 'Default' - if: - zaqar_management_store_sqlalchemy - mysql: zaqar::db::mysql::user: zaqar zaqar::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} zaqar::db::mysql::dbname: zaqar zaqar::db::mysql::password: {get_param: ZaqarPassword} zaqar::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" - {} # BEGIN DOCKER SETTINGS puppet_config: config_volume: zaqar puppet_tags: zaqar_config step_config: list_join: - "\n" - - include tripleo::profile::base::zaqar - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_param: ContainerZaqarConfigImage} kolla_config: /var/lib/kolla/config_files/zaqar.json: command: /usr/sbin/httpd -DFOREGROUND config_files: - source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d" dest: "/etc/httpd/conf.d" merge: false preserve_properties: true - source: "/var/lib/kolla/config_files/src/etc/httpd/conf.modules.d" dest: "/etc/httpd/conf.modules.d" # TODO(emilien) remove optional flag once we get a promotion # https://launchpad.net/bugs/1884115 optional: true merge: false preserve_properties: true - source: "/var/lib/kolla/config_files/src/*" dest: "/" merge: true preserve_properties: true /var/lib/kolla/config_files/zaqar_websocket.json: command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf --config-file /etc/zaqar/1.conf config_files: - source: "/var/lib/kolla/config_files/src/*" dest: "/" merge: true preserve_properties: true permissions: - path: /var/log/zaqar owner: zaqar:zaqar recurse: true docker_config: map_merge: - if: - zaqar_management_store_sqlalchemy - step_2: zaqar_init_log: image: &zaqar_image {get_param: ContainerZaqarImage} net: none user: root volumes: - /var/log/containers/zaqar:/var/log/zaqar - /var/log/containers/httpd/zaqar:/var/log/httpd command: ['/bin/bash', '-c', 'chmod 2755 /var/log/zaqar; touch /var/log/zaqar/zaqar-server.log; chown -R zaqar:zaqar /var/log/zaqar'] step_3: zaqar_db_sync: image: *zaqar_image net: host privileged: false detach: false user: root volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro - /var/log/containers/zaqar:/var/log/zaqar - /var/log/containers/httpd/zaqar:/var/log/httpd command: "/usr/bin/bootstrap_host_exec zaqar_api su zaqar -s /bin/bash -c 'zaqar-sql-db-manage upgrade head'" environment: TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier} - {} - step_4: zaqar: image: *zaqar_image net: host privileged: false restart: always # NOTE(mandre) kolla image changes the user to 'zaqar', we need it # to be root to run httpd user: root healthcheck: test: /usr/share/openstack-tripleo-common/healthcheck/zaqar-api volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/zaqar:/var/lib/kolla/config_files/src:ro - /var/log/containers/zaqar:/var/log/zaqar - /var/log/containers/httpd/zaqar:/var/log/httpd - if: - internal_tls_enabled - - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro - [] - if: - internal_tls_enabled - - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro - [] environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS zaqar_websocket: image: *zaqar_image net: host privileged: false restart: always healthcheck: test: list_join: - ' ' - - '/usr/share/openstack-tripleo-common/healthcheck/zaqar-api' - {get_param: [EndpointMap, ZaqarWebSocketInternal, port]} volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/zaqar:/var/lib/kolla/config_files/src:ro - /var/log/containers/zaqar:/var/log/zaqar - /var/log/containers/httpd/zaqar:/var/log/httpd environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS host_prep_tasks: - name: create persistent directories file: path: "{{ item.path }}" state: directory setype: "{{ item.setype }}" mode: "{{ item.mode }}" with_items: - { 'path': /var/log/containers/zaqar, 'setype': container_file_t, 'mode': '0750' } - { 'path': /var/log/containers/httpd/zaqar, 'setype': container_file_t, 'mode': '0750' } metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings]