tripleo-heat-templates/deployment/panko/panko-api-container-puppet.yaml
Dan Prince edf4e9e739 flatten the panko service
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration
for the panko service.

Change-Id: I0c9010145550507e1145131f5a8b1fde5153bea4
Related-Blueprint: services-yaml-flattening
2019-02-01 10:01:32 -05:00

313 lines
12 KiB
YAML

heat_template_version: rocky
description: >
OpenStack Panko service configured with docker.
Note, this service is deprecated in Pike release and
will be disabled in future releases.
parameters:
DockerPankoApiImage:
description: image
type: string
DockerPankoConfigImage:
description: The container image to use for the panko config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
MonitoringSubscriptionPankoApi:
default: 'overcloud-ceilometer-panko-api'
type: string
PankoApiPolicies:
description: |
A hash of policies to configure for Panko API.
e.g. { panko-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
PankoEventTTL:
description: Number of seconds that events are kept in the database
default: '86400'
type: string
PankoPassword:
description: The password for the panko services.
type: string
hidden: true
Debug:
default: false
description: Set to True to enable debugging on all services.
type: boolean
PankoDebug:
default: ''
description: Set to True to enable debugging Panko services.
type: string
constraints:
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
EnablePankoExpirer:
type: boolean
default: true
description: Enable panko expirer to periodically delete events from db
PankoExpirerMinute:
type: string
description: >
Cron to delete events data from db - Minute
default: '1'
PankoExpirerHour:
type: string
description: >
Cron to delete events data from db - Hour
default: '0'
PankoExpirerMonthday:
type: string
description: >
Cron to delete events data from db - Month Day
default: '*'
PankoExpirerMonth:
type: string
description: >
Cron to delete events data from db - Month
default: '*'
PankoExpirerWeekday:
type: string
description: >
Cron to delete events from db - Week Day
default: '*'
conditions:
service_debug_unset: {equals : [{get_param: PankoDebug}, '']}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ../../docker/services/containers-common.yaml
MySQLClient:
type: ../database/mysql-client.yaml
ApacheServiceBase:
type: ../../puppet/services/apache.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
PankoApiLogging:
type: OS::TripleO::Services::Logging::PankoApi
outputs:
role_data:
description: Role data for the Panko API role.
value:
service_name: panko_api
monitoring_subscription: {get_param: MonitoringSubscriptionPankoApi}
config_settings:
map_merge:
- get_attr: [ApacheServiceBase, role_data, config_settings]
- get_attr: [PankoApiLogging, config_settings]
- apache::default_vhost: false
panko::wsgi::apache::ssl: {get_param: EnableInternalTLS}
panko::wsgi::apache::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
panko::policy::policies: {get_param: PankoApiPolicies}
panko::api::service_name: 'httpd'
panko::api::enable_proxy_headers_parsing: true
panko::api::event_time_to_live: {get_param: PankoEventTTL}
tripleo::panko_api::firewall_rules:
'140 panko-api':
dport:
- 8977
- 13977
panko::api::host:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
panko::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
enable_panko_expirer: {get_param: EnablePankoExpirer}
panko::db::database_connection:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
username: panko
password: {get_param: PankoPassword}
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /panko
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
panko::logging::debug:
if:
- service_debug_unset
- {get_param: Debug }
- {get_param: PankoDebug }
panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::keystone::authtoken::project_name: 'service'
panko::keystone::authtoken::user_domain_name: 'Default'
panko::keystone::authtoken::project_domain_name: 'Default'
panko::keystone::authtoken::password: {get_param: PankoPassword}
panko::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::auth::auth_password: {get_param: PankoPassword}
panko::auth::auth_region: {get_param: KeystoneRegion}
panko::auth::auth_tenant_name: 'service'
panko::expirer::minute: {get_param: PankoExpirerMinute}
panko::expirer::hour: {get_param: PankoExpirerHour}
panko::expirer::monthday: {get_param: PankoExpirerMonthday}
panko::expirer::month: {get_param: PankoExpirerMonth}
panko::expirer::weekday: {get_param: PankoExpirerWeekday}
service_config_settings:
keystone:
panko::keystone::auth::public_url: {get_param: [EndpointMap, PankoPublic, uri]}
panko::keystone::auth::internal_url: {get_param: [EndpointMap, PankoInternal, uri]}
panko::keystone::auth::admin_url: {get_param: [EndpointMap, PankoAdmin, uri]}
panko::keystone::auth::password: {get_param: PankoPassword}
panko::keystone::auth::region: {get_param: KeystoneRegion}
panko::keystone::auth::tenant: 'service'
mysql:
panko::db::mysql::user: panko
panko::db::mysql::password: {get_param: PankoPassword}
panko::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
panko::db::mysql::dbname: panko
panko::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
# BEGIN DOCKER SETTINGS #
puppet_config:
config_volume: panko
puppet_tags: panko_api_paste_ini,panko_config
step_config:
list_join:
- "\n"
- - "include tripleo::profile::base::panko::api"
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerPankoConfigImage}
kolla_config:
/var/lib/kolla/config_files/panko_api.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d"
dest: "/etc/httpd/conf.d"
merge: false
preserve_properties: true
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/panko
owner: panko:panko
recurse: true
docker_config:
step_2:
get_attr: [PankoApiLogging, docker_config, step_2]
step_3:
panko_db_sync:
image: &panko_api_image {get_param: DockerPankoApiImage}
net: host
detach: false
privileged: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [PankoApiLogging, volumes]}
-
- /var/lib/config-data/panko/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/panko/etc/panko:/etc/panko:ro
command:
# NOTE(jaosorior): When providing extra arguments, we need to make sure that they're part
# of the bash -c invocation, so we include them in the quoted db sync command. Hence the
# final single quote that's part of the list_join.
list_join:
- ' '
- - "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync"
- {get_attr: [PankoApiLogging, cmd_extra_args]}
- "'"
step_4:
panko_api:
start_order: 2
image: *panko_api_image
net: host
privileged: false
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [PankoApiLogging, volumes]}
-
- /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/panko/:/var/lib/kolla/config_files/src:ro
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks: {get_attr: [PankoApiLogging, host_prep_tasks]}
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- panko_api