heat_template_version: wallaby

description: >
  OpenStack containerized Manila Share service

parameters:
  ContainerManilaShareImage:
    description: image
    type: string
  ContainerManilaConfigImage:
    description: image
    type: string
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  ServiceData:
    default: {}
    description: Dictionary packing service data
    type: json
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry. Use
                 parameter_merge_strategies to merge it with the defaults.
    type: json
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json
  ManilaCephClientUserName:
    default: manila
    type: string
  CephClusterName:
    type: string
    default: ceph
    description: The Ceph cluster name.
    constraints:
    - allowed_pattern: "[a-zA-Z0-9]+"
      description: >
        The Ceph cluster name must be at least 1 character and contain only
        letters and numbers.
  CephConfigPath:
    type: string
    default: "/var/lib/tripleo-config/ceph"
    description: |
      The path where the Ceph Cluster config files are stored on the host.
  MonitoringSubscriptionManilaShare:
    default: 'overcloud-manila-share'
    type: string
  ManilaPassword:
    description: The password for the manila service account.
    type: string
    hidden: true
  KeystoneRegion:
    type: string
    default: 'regionOne'
    description: Keystone region for endpoint

resources:
  ContainersCommon:
    type: ../containers-common.yaml

  MySQLClient:
    type: ../../deployment/database/mysql-client.yaml

  ManilaBase:
    type: ./manila-base.yaml
    properties:
      EndpointMap: {get_param: EndpointMap}
      ServiceData: {get_param: ServiceData}
      ServiceNetMap: {get_param: ServiceNetMap}
      RoleName: {get_param: RoleName}
      RoleParameters: {get_param: RoleParameters}

  ManilaShareCommon:
    type: ./manila-share-common.yaml

outputs:
  role_data:
    description: Role data for the Manila Share role.
    value:
      service_name: manila_share
      monitoring_subscription: {get_param: MonitoringSubscriptionManilaShare}
      config_settings:
        map_merge:
          - get_attr: [ManilaBase, role_data, config_settings]
            # keystone_authtoken
          - manila::keystone::authtoken::password: {get_param: ManilaPassword}
            manila::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
            manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
            manila::keystone::authtoken::project_name: 'service'
            manila::keystone::authtoken::user_domain_name: 'Default'
            manila::keystone::authtoken::project_domain_name: 'Default'
            manila::keystone::authtoken::region_name: {get_param: KeystoneRegion}
            manila::keystone::authtoken::interface: 'internal'
            # compute
            manila::compute::nova::username: 'manila'
            manila::compute::nova::password: {get_param: ManilaPassword}
            manila::compute::nova::auth_type: 'password'
            manila::compute::nova::project_name: 'service'
            manila::compute::nova::user_domain_name: 'Default'
            manila::compute::nova::project_domain_name: 'Default'
            manila::compute::nova::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
            manila::compute::nova::region_name: {get_param: KeystoneRegion}
            # network
            manila::network::neutron::username: 'manila'
            manila::network::neutron::password: {get_param: ManilaPassword}
            manila::network::neutron::auth_type: 'password'
            manila::network::neutron::project_name: 'service'
            manila::network::neutron::user_domain_name: 'Default'
            manila::network::neutron::project_domain_name: 'Default'
            manila::network::neutron::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
            manila::network::neutron::region_name: {get_param: KeystoneRegion}
            # volume
            manila::volume::cinder::username: 'manila'
            manila::volume::cinder::password: {get_param: ManilaPassword}
            manila::volume::cinder::auth_type: 'password'
            manila::volume::cinder::project_name: 'service'
            manila::volume::cinder::user_domain_name: 'Default'
            manila::volume::cinder::project_domain_name: 'Default'
            manila::volume::cinder::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
            manila::volume::cinder::region_name: {get_param: KeystoneRegion}
      service_config_settings:
        {get_attr: [ManilaBase, role_data, service_config_settings]}
      # BEGIN DOCKER SETTINGS
      puppet_config:
        config_volume: manila
        puppet_tags: manila_config,file,concat,file_line
        step_config:
          list_join:
            - "\n"
            - - "include tripleo::profile::base::manila::share"
              - {get_attr: [MySQLClient, role_data, step_config]}
        config_image: {get_param: ContainerManilaConfigImage}
      kolla_config:
        /var/lib/kolla/config_files/manila_share.json:
          command: /usr/bin/manila-share --config-file /etc/manila/manila.conf
          config_files:
            - source: "/var/lib/kolla/config_files/src/*"
              dest: "/"
              merge: true
              preserve_properties: true
            - source: "/var/lib/kolla/config_files/src-ceph/"
              dest: "/etc/ceph/"
              merge: true
              preserve_properties: true
          permissions:
            - path: /var/log/manila
              owner: manila:manila
              recurse: true
            - path: /var/lib/manila
              owner: manila:manila
              recurse: true
            - path:
                str_replace:
                  template: /etc/ceph/CLUSTER.client.USER.keyring
                  params:
                    CLUSTER: {get_param: CephClusterName}
                    USER: {get_param: ManilaCephClientUserName}
              owner: manila:manila
              perm: '0600'
      docker_config:
        step_4:
          manila_share:
            image: &manila_share_image {get_param: ContainerManilaShareImage}
            net: host
            ipc: host
            user: root
            restart: always
            volumes: {get_attr: [ManilaShareCommon, manila_share_volumes]}
            environment: {get_attr: [ManilaShareCommon, manila_share_environment]}
      host_prep_tasks:
        - name: create fcontext entry for manila data
          community.general.sefcontext:
            target: "/var/lib/manila(/.*)?"
            setype: container_file_t
            state: present
        - name: create persistent directories
          file:
            path: "{{ item.path }}"
            state: directory
            setype: "{{ item.setype }}"
            mode: "{{ item.mode|default(omit) }}"
          with_items:
            - { 'path': /var/log/containers/manila, 'setype': container_file_t, 'mode': '0750' }
            - { 'path': /var/lib/manila, 'setype': container_file_t }
        - name: ensure ceph configurations exist
          file:
            path: {get_param:CephConfigPath}
            state: directory
      upgrade_tasks: []
      external_upgrade_tasks:
        - when:
            - step|int == 1
          tags:
            - never
            - system_upgrade_transfer_data
            - system_upgrade_stop_services
          block:
            - name: Stop manila share container
              import_role:
                name: tripleo_container_stop
              vars:
                tripleo_containers_to_stop:
                  - manila_share
                tripleo_delegate_to: "{{ groups['manila_share'] | default([]) }}"