248099db8c
In many occasions we had log directory initialization containers without `detach: false`, which didn't guarantee that they'll finish before the container depending on them will start using the log directory. This is now fixed by moving the initialization container one global step earlier, so that we can keep the concurrency when creating the log dirs. (Using `detach: false` makes paunch handle just one container at a time, and as such it can have negative performance impact.) For services which have their container(s) starting in step_1, initialization cannot be moved to an earlier step, so the solution here was to just add `detach: false`. As a minor related change, cinder DB sync container now mounts the log directory from host to put cinder-manage.log into the expected location. Change-Id: I1340de4f68dd32c2412d9385cf3a8ca202b48556
148 lines
5.0 KiB
YAML
148 lines
5.0 KiB
YAML
heat_template_version: pike
|
|
|
|
description: >
|
|
OpenStack Panko service configured with docker.
|
|
Note, this service is deprecated in Pike release and
|
|
will be disabled in future releases.
|
|
|
|
parameters:
|
|
DockerNamespace:
|
|
description: namespace
|
|
default: 'tripleoupstream'
|
|
type: string
|
|
DockerPankoApiImage:
|
|
description: image
|
|
default: 'centos-binary-panko-api:latest'
|
|
type: string
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
|
|
conditions:
|
|
|
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ./containers-common.yaml
|
|
|
|
PankoApiPuppetBase:
|
|
type: ../../puppet/services/panko-api.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Panko API role.
|
|
value:
|
|
service_name: {get_attr: [PankoApiPuppetBase, role_data, service_name]}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [PankoApiPuppetBase, role_data, config_settings]
|
|
- apache::default_vhost: false
|
|
step_config: &step_config
|
|
get_attr: [PankoApiPuppetBase, role_data, step_config]
|
|
service_config_settings: {get_attr: [PankoApiPuppetBase, role_data, service_config_settings]}
|
|
# BEGIN DOCKER SETTINGS #
|
|
puppet_config:
|
|
config_volume: panko
|
|
puppet_tags: panko_api_paste_ini,panko_config
|
|
step_config: *step_config
|
|
config_image: &panko_image
|
|
list_join:
|
|
- '/'
|
|
- [ {get_param: DockerNamespace}, {get_param: DockerPankoApiImage} ]
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/panko_api.json:
|
|
command: /usr/sbin/httpd -DFOREGROUND
|
|
permissions:
|
|
- path: /var/log/panko
|
|
owner: panko:panko
|
|
recurse: true
|
|
docker_config:
|
|
step_2:
|
|
panko_init_log:
|
|
image: *panko_image
|
|
user: root
|
|
volumes:
|
|
- /var/log/containers/panko:/var/log/panko
|
|
command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R panko:panko /var/log/panko']
|
|
step_3:
|
|
panko_db_sync:
|
|
image: *panko_image
|
|
net: host
|
|
detach: false
|
|
privileged: false
|
|
user: root
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/config-data/panko/etc/panko:/etc/panko:ro
|
|
- /var/log/containers/panko:/var/log/panko
|
|
command: "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync'"
|
|
step_4:
|
|
panko_api:
|
|
start_order: 2
|
|
image: *panko_image
|
|
net: host
|
|
privileged: false
|
|
restart: always
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro
|
|
- /var/lib/config-data/panko/etc/httpd/conf/:/etc/httpd/conf/:ro
|
|
- /var/lib/config-data/panko/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
|
|
- /var/lib/config-data/panko/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
|
|
- /var/lib/config-data/panko/var/www/:/var/www/:ro
|
|
- /var/log/containers/panko:/var/log/panko
|
|
-
|
|
if:
|
|
- internal_tls_enabled
|
|
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
|
- ''
|
|
-
|
|
if:
|
|
- internal_tls_enabled
|
|
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
|
- ''
|
|
environment:
|
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
|
host_prep_tasks:
|
|
- name: create persistent logs directory
|
|
file:
|
|
path: /var/log/containers/panko
|
|
state: directory
|
|
metadata_settings:
|
|
get_attr: [PankoApiPuppetBase, role_data, metadata_settings]
|