openstack/tripleo-heat-templates
Code Issues Proposed changes
13d70f6bf8
tripleo-heat-templates/deployment/heat/heat-api-cfn-container-puppet.yaml
Alex Schultz 096fa87741 Explicitly manage http configs 
Previously the kolla config is merging the existing apache configuration
files in the container with our generated ones. This can lead to extra
configurations in the containers that we are not expecting. This change
updates the kolla configs to not merge the httpd conf.d folder so we only
end up with our expected configurations.

Change-Id: Ibb9bbeb12e73b2cf8887554f461873e42532edd7
Related-Bug: 1813084
2019-01-24 11:08:28 -07:00

244 lines
8.7 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
OpenStack containerized Heat API CFN service
parameters:
DockerHeatApiCfnImage:
description: image
type: string
# puppet needs the heat-wsgi-api-cfn binary from centos-binary-heat-api-cfn
DockerHeatApiCfnConfigImage:
description: The container image to use for the heat_api_cfn config_volume
type: string
HeatApiCfnLoggingSource:
type: json
default:
tag: openstack.heat.api.cfn
path: /var/log/containers/heat/heat_api_cfn.log
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
HeatWorkers:
default: 0
description: Number of workers for Heat service.
type: number
HeatPassword:
description: The password for the Heat service and db account, used by the Heat services.
type: string
hidden: true
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
MonitoringSubscriptionHeatApiCnf:
default: 'overcloud-heat-api-cfn'
type: string
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]}
resources:
ContainersCommon:
type: ../../docker/services/containers-common.yaml
ApacheServiceBase:
type: ../../puppet/services/apache.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
EnableInternalTLS: {get_param: EnableInternalTLS}
HeatBase:
type: ./heat-base-puppet.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
HeatApiCfnLogging:
type: OS::TripleO::Services::Logging::HeatApiCfn
outputs:
role_data:
description: Role data for the Heat API CFN role.
value:
service_name: heat_api_cfn
monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCnf}
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- get_attr: [HeatApiCfnLogging, config_settings]
- apache::default_vhost: false
tripleo::heat_api_cfn::firewall_rules:
'125 heat_cfn':
dport:
- 8000
- 13800
heat::api_cfn::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
heat::wsgi::apache_api_cfn::ssl: {get_param: EnableInternalTLS}
heat::api_cfn::service_name: 'httpd'
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
heat::wsgi::apache_api_cfn::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
heat::wsgi::apache_api_cfn::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
-
if:
- heat_workers_zero
- {}
- heat::wsgi::apache_api_cfn::workers: {get_param: HeatWorkers}
service_config_settings:
fluentd:
tripleo_fluentd_groups_heat_api_cfn:
- heat
tripleo_fluentd_sources_heat_api_cfn:
- {get_param: HeatApiCfnLoggingSource}
keystone:
map_merge:
- get_attr: [HeatBase, role_data, service_config_settings, keystone]
- heat::keystone::auth_cfn::tenant: 'service'
heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]}
heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]}
heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
heat::keystone::auth_cfn::password: {get_param: HeatPassword}
heat::keystone::auth_cfn::region: {get_param: KeystoneRegion}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: heat_api_cfn
puppet_tags: heat_config,file,concat,file_line
step_config: |
include ::tripleo::profile::base::heat::api_cfn
config_image: {get_param: DockerHeatApiCfnConfigImage}
kolla_config:
/var/lib/kolla/config_files/heat_api_cfn.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d"
dest: "/etc/httpd/conf.d"
merge: false
preserve_properties: true
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/heat
owner: heat:heat
recurse: true
docker_config:
step_2:
get_attr: [HeatApiCfnLogging, docker_config, step_2]
step_4:
heat_api_cfn:
image: {get_param: DockerHeatApiCfnImage}
net: host
privileged: false
restart: always
# NOTE(mandre) kolla image changes the user to 'heat', we need it
# to be root to run httpd
user: root
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [HeatApiCfnLogging, volumes]}
-
- /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/heat_api_cfn/:/var/lib/kolla/config_files/src:ro
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks: {get_attr: [HeatApiCfnLogging, host_prep_tasks]}
upgrade_tasks: []
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- heat_api_cfn
fast_forward_upgrade_tasks:
- when:
- step|int == 0
- release == 'ocata'
block:
- name: FFU check if openstack-heat-api-cfn service is enabled
command: systemctl is-enabled openstack-heat-api-cfn
ignore_errors: True
register: heat_api_cfn_enabled_result
- name: Set fact heat_api_cfn_enabled
set_fact:
heat_api_cfn_enabled: "{{ heat_api_cfn_enabled_result.rc == 0 }}"
- name: FFU stop and disable openstack-heat-api-cfn service
when:
- step|int == 1
- release == 'ocata'
- heat_api_cfn_enabled|bool
service: name=openstack-heat-api-cfn state=stopped enabled=no
View Git Blame Copy Permalink