heat_template_version: rocky description: > MongoDB service deployment using puppet and docker parameters: DockerMongodbImage: description: image type: string DockerMongodbConfigImage: description: The container image to use for the mongodb config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json EnableInternalTLS: type: boolean default: false InternalTLSCAFile: default: '/etc/ipa/ca.crt' type: string description: Specifies the default CA cert to use if TLS is used for services in the internal network. conditions: internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: MongodbPuppetBase: type: ../../../puppet/services/database/mongodb.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} outputs: role_data: description: Containerized service Mongodb using composable services. value: service_name: {get_attr: [MongodbPuppetBase, role_data, service_name]} config_settings: map_merge: - get_attr: [MongodbPuppetBase, role_data, config_settings] - mongodb::server::fork: false # BEGIN DOCKER SETTINGS # puppet_config: config_volume: mongodb puppet_tags: file # set this even though file is the default step_config: list_join: - "\n" - - "['Mongodb_database', 'Mongodb_user', 'Mongodb_replset'].each |String $val| { noop_resource($val) }" - {get_attr: [MongodbPuppetBase, role_data, step_config]} config_image: &mongodb_config_image {get_param: DockerMongodbConfigImage} kolla_config: /var/lib/kolla/config_files/mongodb.json: command: /usr/bin/mongod --unixSocketPrefix=/var/run/mongodb --config /etc/mongod.conf run config_files: - source: "/var/lib/kolla/config_files/src/*" dest: "/" merge: true preserve_properties: true - source: "/var/lib/kolla/config_files/src-tls/*" dest: "/" merge: true preserve_properties: true permissions: - path: /var/lib/mongodb owner: mongodb:mongodb recurse: true - path: /var/log/mongodb owner: mongodb:mongodb recurse: true - path: /etc/pki/tls/certs/mongodb.pem owner: mongodb:mongodb docker_config: step_2: mongodb: image: {get_param: DockerMongodbImage} net: host privileged: false volumes: &mongodb_volumes list_concat: - - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json - /var/lib/config-data/puppet-generated/mongodb/:/var/lib/kolla/config_files/src:ro - /etc/localtime:/etc/localtime:ro - /var/log/containers/mongodb:/var/log/mongodb:z - /var/lib/mongodb:/var/lib/mongodb:z - if: - internal_tls_enabled - - list_join: - ':' - - {get_param: InternalTLSCAFile} - {get_param: InternalTLSCAFile} - 'ro' - /etc/pki/tls/certs/mongodb.pem:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mongodb.pem:ro - null environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS docker_puppet_tasks: # MySQL database initialization occurs only on single node step_2: config_volume: 'mongodb_init_tasks' puppet_tags: 'mongodb_database,mongodb_user,mongodb_replset' step_config: 'include ::tripleo::profile::base::database::mongodb' config_image: *mongodb_config_image volumes: list_concat: - - /var/lib/mongodb:/var/lib/mongodb:z - /var/log/containers/mongodb:/var/log/mongodb:z - if: - internal_tls_enabled - - list_join: - ':' - - {get_param: InternalTLSCAFile} - {get_param: InternalTLSCAFile} - 'ro' - /etc/pki/tls/certs/mongodb.pem:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mongodb.pem:ro - null host_prep_tasks: - name: create persistent directories file: path: "{{ item.path }}" state: directory setype: "{{ item.setype }}" with_items: - { 'path': /var/log/containers/mongodb, 'setype': svirt_sandbox_file_t } - { 'path': /var/lib/mongodb, 'setype': svirt_sandbox_file_t } - name: mongodb logs readme copy: dest: /var/log/mongodb/readme.txt content: | Log files from mongodb containers can be found under /var/log/containers/mongodb. ignore_errors: true metadata_settings: get_attr: [MongodbPuppetBase, role_data, metadata_settings] upgrade_tasks: - when: step|int == 0 tags: common block: - name: Check for mongodb service command: systemctl is-enabled --quiet mongod ignore_errors: True register: mongod_enabled_result - name: Set fact mongod_enabled set_fact: mongod_enabled: "{{ mongod_enabled_result.rc == 0 }}" - name: "PreUpgrade step0,validation: Check if mongod is running" command: systemctl is-active --quiet mongod when: mongod_enabled|bool tags: validation - when: step|int == 2 block: - name: Stop and disable mongodb service when: mongod_enabled|bool service: name=mongod state=stopped enabled=no fast_forward_upgrade_tasks: - when: - step|int == 0 - release == 'ocata' block: - name: Check for mongodb service command: systemctl is-enabled --quiet mongod tags: common ignore_errors: True register: mongod_enabled_result - name: Set fact mongod_enabled set_fact: mongod_enabled: "{{ mongod_enabled_result.rc == 0 }}" - name: Stop and disable mongodb service when: - step|int == 1 - release == 'ocata' - mongod_enabled|bool service: name=mongod state=stopped enabled=no