openstack/tripleo-heat-templates
Code Issues Proposed changes
1a4ee4ee0e
tripleo-heat-templates/docker/services/containers-common.yaml
Alex Schultz a6408f0c09 Add python shim for docker config scripts 
Unfortunately we may not necessarily know what version of python is
available in the containers when we run some python config scripts. In
order to work around this we have a pyshim which will try and find an
existing version of python available to run the script under. The
pyshim.sh will try python3 then python2 then python.

Depends-On: https://review.openstack.org/#/c/617716/
Change-Id: Ie08481722e9b22bb67d5282828df0941f37a140a
Closes-Bug: #1803411
2018-11-15 15:06:56 +00:00

131 lines
4.1 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
Contains a static list of common things necessary for containers
parameters:
# Required parameters
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
outputs:
docker_config_scripts:
description: Shared docker config scripts
value:
docker_puppet_apply.sh:
mode: "0700"
content: |
#!/bin/bash
set -eux
STEP=$1
TAGS=$2
CONFIG=$3
EXTRA_ARGS=${4:-''}
if [ -d /tmp/puppet-etc ]; then
# ignore copy failures as these may be the same file depending on docker mounts
cp -a /tmp/puppet-etc/* /etc/puppet || true
fi
echo "{\"step\": ${STEP}}" > /etc/puppet/hieradata/docker_puppet.json
# $::deployment_type in puppet-tripleo
export FACTER_deployment_type=containers
set +e
puppet apply $EXTRA_ARGS \
--verbose \
--detailed-exitcodes \
--summarize \
--color=false \
--modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules \
--tags $TAGS \
-e "${CONFIG}"
rc=$?
set -e
set +ux
if [ $rc -eq 2 -o $rc -eq 0 ]; then
exit 0
fi
exit $rc
pyshim.sh:
mode: "0700"
content: { get_file: ../../docker_config_scripts/pyshim.sh }
volumes_base:
description: Base volume list
value: &volumes_base
list_concat:
- - /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
# OpenSSL trusted CAs
- /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro
- /etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro
- /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro
- /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro
- /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro
# Syslog socket
- /dev/log:/dev/log
- if:
- internal_tls_enabled
- - list_join:
- ':'
- - {get_param: InternalTLSCAFile}
- {get_param: InternalTLSCAFile}
- 'ro'
- null
volumes:
description: Common volumes for the containers.
value:
list_concat:
- *volumes_base
- - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
# required for bootstrap_host_exec
- /etc/puppet:/etc/puppet:ro
docker_puppet_apply_volumes:
description: Common volumes needed to run the docker_puppet_apply.sh from docker_config_scripts
value:
list_concat:
- *volumes_base
- - /var/lib/docker-config-scripts/docker_puppet_apply.sh:/docker_puppet_apply.sh:ro
# docker_puppet_apply.sh will copy this to /etc/puppet in the container
- /etc/puppet:/tmp/puppet-etc:ro
- /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
View Git Blame Copy Permalink