heat_template_version: wallaby

description: >
  OpenStack Octavia worker service configured with Puppet

parameters:
  ContainerOctaviaWorkerImage:
    description: image
    type: string
  ContainerOctaviaConfigImage:
    description: The container image to use for the octavia config_volume
    type: string
  OctaviaWorkerLoggingSource:
    type: json
    default:
      tag: openstack.octavia.worker
      file: /var/log/containers/octavia/worker.log
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  ServiceData:
    default: {}
    description: Dictionary packing service data
    type: json
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json
  EnablePackageInstall:
    default: 'false'
    description: Set to true to enable package installation at deploy time
    type: boolean
  MonitoringSubscriptionOctaviaWorker:
    default: 'overcloud-octavia-worker'
    type: string

resources:

  ContainersCommon:
    type: ../containers-common.yaml

  MySQLClient:
    type: ../database/mysql-client.yaml

  OctaviaBase:
    type: ./octavia-base.yaml
    properties:
      EndpointMap: {get_param: EndpointMap}
      ServiceData: {get_param: ServiceData}
      ServiceNetMap: {get_param: ServiceNetMap}
      RoleName: {get_param: RoleName}
      RoleParameters: {get_param: RoleParameters}

outputs:
  role_data:
    description: Role data for the Octavia worker role.
    value:
      service_name: octavia_worker
      monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaWorker}
      config_settings: {get_attr: [OctaviaBase, role_data, config_settings]}
      service_config_settings:
        rsyslog:
          tripleo_logging_sources_octavia_worker:
            - {get_param: OctaviaWorkerLoggingSource}
      # BEGIN DOCKER SETTINGS #
      puppet_config:
        config_volume: octavia
        puppet_tags: octavia_config
        step_config:
          list_join:
            - "\n"
            - - "['nova_flavor'].each |String $val| { noop_resource($val) }"
              - "include tripleo::profile::base::octavia::worker"
              - {get_attr: [MySQLClient, role_data, step_config]}
        config_image: {get_param: ContainerOctaviaConfigImage}
      kolla_config:
        /var/lib/kolla/config_files/octavia_worker.json:
          command: /usr/bin/octavia-worker --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --config-file /etc/octavia/post-deploy.conf --log-file /var/log/octavia/worker.log --config-dir /etc/octavia/conf.d/octavia-worker
          config_files:
            - source: "/var/lib/kolla/config_files/src/*"
              dest: "/"
              merge: true
              preserve_properties: true
          permissions:
            - path: /var/log/octavia
              owner: octavia:octavia
              recurse: true
      docker_config:
        step_2:
          octavia_worker_init_dirs:
            start_order: 0
            image: &octavia_worker_image {get_param: ContainerOctaviaWorkerImage}
            user: root
            net: none
            volumes:
              # NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d
              # It is normally created as part of the RPM install, but it is
              # missing here because we use the same config_volume for all
              # octavia services, hence the same container image to generate
              # configuration.
              - /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/:z
            command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-worker; chown -R octavia:octavia /etc/octavia/conf.d/octavia-worker']
        step_5:
          octavia_worker:
            start_order: 2
            stop_grace_period: 300
            image: *octavia_worker_image
            net: host
            privileged: false
            restart: always
            healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]}
            volumes:
              list_concat:
                - {get_attr: [ContainersCommon, volumes]}
                -
                  - /var/lib/kolla/config_files/octavia_worker.json:/var/lib/kolla/config_files/config.json:ro
                  - /var/lib/config-data/puppet-generated/octavia:/var/lib/kolla/config_files/src:ro
                  - /var/log/containers/octavia:/var/log/octavia:z
            environment:
              KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
      host_prep_tasks:
        - name: create persistent directories
          file:
            path: "{{ item.path }}"
            state: directory
            setype: "{{ item.setype }}"
            mode: "{{ item.mode }}"
          with_items:
            - { 'path': /var/log/containers/octavia, 'setype': container_file_t, 'mode': '0750' }
        - block:
            - name: Ensure packages required for configuring octavia are present for CentOS 7
              package:
                name:
                  - python2-neutronclient
                  - python2-openstackclient
                  - openssl
                state: present
              when: ansible_facts['distribution_major_version'] is version(8, '<')

            - name: Ensure packages required for configuring octavia are present for CentOS/RHEL 8
              package:
                name:
                  - python3-neutronclient
                  - python3-openstackclient
                  - openssl
                state: present
              when: ansible_facts['distribution_major_version'] is version(8, '>=')
          when: {get_param: EnablePackageInstall}
        - name: enable virt_sandbox_use_netlink for healthcheck
          seboolean:
            name: virt_sandbox_use_netlink
            persistent: yes
            state: yes
      update_tasks: {get_attr: [OctaviaBase, role_data, update_tasks]}
      upgrade_tasks: {get_attr: [OctaviaBase, role_data, upgrade_tasks]}
      external_upgrade_tasks:
        - when:
            - step|int == 1
          tags:
            - never
            - system_upgrade_transfer_data
            - system_upgrade_stop_services
          block:
            - name: Stop octavia api container
              import_role:
                name: tripleo_container_stop
              vars:
                tripleo_containers_to_stop:
                  - octavia_worker
                tripleo_delegate_to: "{{ groups['octavia_worker'] | default([]) }}"