cc4b7f4634
When upgrading from Rocky to Stein we moved also from using the docker
container engine into Podman. To ensure that every single docker container
was removed after the upgrade a post_upgrade task was added which made
use of the tripleo-docker-rm role that removed the container. In this cycle,
from Stein to Train both the Undercloud and Overcloud work with Podman, so
there is no need to remove any docker container anymore.
This patch removes all the tripleo-docker-rm post-upgrade task and in those
services which only included a single task, the post-upgrade-tasks section
is also erased.
Change-Id: I5c9ab55ec6ff332056a426a76e150ea3c9063c6e
(cherry picked from commit 4cbae84c75
)
369 lines
15 KiB
YAML
369 lines
15 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack containerized Zaqar services
|
|
|
|
parameters:
|
|
ContainerZaqarImage:
|
|
description: image
|
|
type: string
|
|
ContainerZaqarConfigImage:
|
|
description: The container image to use for the zaqar config_volume
|
|
type: string
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
Debug:
|
|
type: boolean
|
|
description: Set to True to enable debugging on all services.
|
|
default: false
|
|
ZaqarDebug:
|
|
default: ''
|
|
description: Set to True to enable debugging Zaqar service.
|
|
type: string
|
|
constraints:
|
|
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
|
|
ZaqarPassword:
|
|
description: The password for Zaqar
|
|
type: string
|
|
hidden: true
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
ZaqarPolicies:
|
|
description: |
|
|
A hash of policies to configure for Zaqar.
|
|
e.g. { zaqar-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
|
default: {}
|
|
type: json
|
|
ZaqarWorkers:
|
|
type: string
|
|
description: Set the number of workers for zaqar::wsgi::apache
|
|
default: '%{::os_workers}'
|
|
ZaqarMessageStore:
|
|
type: string
|
|
description: The messaging store for Zaqar
|
|
default: redis
|
|
ZaqarManagementStore:
|
|
type: string
|
|
description: The management store for Zaqar
|
|
default: redis
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
RedisPassword:
|
|
description: The password for the redis service account.
|
|
type: string
|
|
hidden: true
|
|
|
|
conditions:
|
|
internal_tls_enabled: {get_param: EnableInternalTLS}
|
|
service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']}
|
|
zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']}
|
|
zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]}
|
|
zaqar_messaging_store_swift: {equals : [{get_param: ZaqarMessageStore}, 'swift']}
|
|
zaqar_messaging_store_redis: {equals : [{get_param: ZaqarMessageStore}, 'redis']}
|
|
|
|
resources:
|
|
|
|
ApacheServiceBase:
|
|
type: ../../deployment/apache/apache-baremetal-puppet.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
EnableInternalTLS: {get_param: EnableInternalTLS}
|
|
|
|
ContainersCommon:
|
|
type: ../containers-common.yaml
|
|
|
|
MySQLClient:
|
|
type: ../database/mysql-client.yaml
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Zaqar API role.
|
|
value:
|
|
service_name: zaqar_api
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
|
- zaqar::policy::policies: {get_param: ZaqarPolicies}
|
|
zaqar::keystone::authtoken::password: {get_param: ZaqarPassword}
|
|
zaqar::keystone::authtoken::project_name: 'service'
|
|
zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
zaqar::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
|
zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
|
zaqar::keystone::trust::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
zaqar::logging::debug:
|
|
if:
|
|
- service_debug_unset
|
|
- {get_param: Debug }
|
|
- {get_param: ZaqarDebug }
|
|
zaqar::server::service_name: 'httpd'
|
|
zaqar::transport::websocket::bind:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
|
zaqar::transport::websocket::notification_bind:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
|
zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
|
zaqar::wsgi::apache::bind_host:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
|
zaqar::message_pipeline: 'zaqar.notification.notifier'
|
|
zaqar::max_messages_post_size: 1048576
|
|
zaqar::unreliable: true
|
|
zaqar::wsgi::apache::servername:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('fqdn_$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
|
zaqar::message_store: {get_param: ZaqarMessageStore}
|
|
zaqar::management_store: {get_param: ZaqarManagementStore}
|
|
-
|
|
if:
|
|
- zaqar_messaging_store_swift
|
|
-
|
|
zaqar::messaging::swift::uri:
|
|
list_join:
|
|
- ''
|
|
- ['swift://zaqar:', {get_param: ZaqarPassword}, '@/service']
|
|
zaqar::messaging::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
|
tripleo::profile::base::zaqar::messaging_store: 'swift'
|
|
- {}
|
|
-
|
|
if:
|
|
- zaqar_messaging_store_redis
|
|
-
|
|
zaqar_redis_password: {get_param: RedisPassword}
|
|
tripleo::profile::base::zaqar::messaging_store: 'redis'
|
|
- {}
|
|
-
|
|
if:
|
|
- zaqar_management_store_sqlalchemy
|
|
-
|
|
tripleo::profile::base::zaqar::management_store: 'sqlalchemy'
|
|
zaqar::management::sqlalchemy::uri:
|
|
make_url:
|
|
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
|
|
username: zaqar
|
|
password: {get_param: ZaqarPassword}
|
|
host: {get_param: [EndpointMap, MysqlInternal, host]}
|
|
path: /zaqar
|
|
query:
|
|
read_default_file: /etc/my.cnf.d/tripleo.cnf
|
|
read_default_group: tripleo
|
|
- {}
|
|
-
|
|
if:
|
|
- zaqar_workers_zero
|
|
- {}
|
|
- zaqar::wsgi::apache::workers: {get_param: ZaqarWorkers}
|
|
service_config_settings:
|
|
map_merge:
|
|
- keystone:
|
|
zaqar::keystone::auth::password: {get_param: ZaqarPassword}
|
|
zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]}
|
|
zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]}
|
|
zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]}
|
|
zaqar::keystone::auth::region: {get_param: KeystoneRegion}
|
|
zaqar::keystone::auth::tenant: 'service'
|
|
zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword}
|
|
zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]}
|
|
zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]}
|
|
zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
|
|
zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion}
|
|
zaqar::keystone::auth_websocket::tenant: 'service'
|
|
zaqar::keystone::trust::password: {get_param: ZaqarPassword}
|
|
zaqar::keystone::trust::user_domain_name: 'Default'
|
|
tripleo::zaqar_api::firewall_rules:
|
|
'113 zaqar_api':
|
|
dport:
|
|
- 9000
|
|
- 8888
|
|
- 3000 #SSL for websocket
|
|
- 13888 #SSL for api
|
|
-
|
|
if:
|
|
- zaqar_management_store_sqlalchemy
|
|
- mysql:
|
|
zaqar::db::mysql::user: zaqar
|
|
zaqar::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
|
zaqar::db::mysql::dbname: zaqar
|
|
zaqar::db::mysql::password: {get_param: ZaqarPassword}
|
|
zaqar::db::mysql::allowed_hosts:
|
|
- '%'
|
|
- "%{hiera('mysql_bind_host')}"
|
|
- {}
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: zaqar
|
|
puppet_tags: zaqar_config
|
|
step_config:
|
|
list_join:
|
|
- "\n"
|
|
- - include ::tripleo::profile::base::zaqar
|
|
- {get_attr: [MySQLClient, role_data, step_config]}
|
|
config_image: {get_param: ContainerZaqarConfigImage}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/zaqar.json:
|
|
command: /usr/sbin/httpd -DFOREGROUND
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d"
|
|
dest: "/etc/httpd/conf.d"
|
|
merge: false
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
/var/lib/kolla/config_files/zaqar_websocket.json:
|
|
command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf --config-file /etc/zaqar/1.conf
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/log/zaqar
|
|
owner: zaqar:zaqar
|
|
recurse: true
|
|
docker_config:
|
|
map_merge:
|
|
-
|
|
if:
|
|
- zaqar_management_store_sqlalchemy
|
|
-
|
|
step_2:
|
|
zaqar_init_log:
|
|
image: &zaqar_image {get_param: ContainerZaqarImage}
|
|
net: none
|
|
user: root
|
|
volumes:
|
|
- /var/log/containers/zaqar:/var/log/zaqar
|
|
- /var/log/containers/httpd/zaqar:/var/log/httpd
|
|
command: ['/bin/bash', '-c', 'chmod 2755 /var/log/zaqar; touch /var/log/zaqar/zaqar-server.log; chown -R zaqar:zaqar /var/log/zaqar']
|
|
step_3:
|
|
zaqar_db_sync:
|
|
image: *zaqar_image
|
|
net: host
|
|
privileged: false
|
|
detach: false
|
|
user: root
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro
|
|
- /var/log/containers/zaqar:/var/log/zaqar
|
|
- /var/log/containers/httpd/zaqar:/var/log/httpd
|
|
command: "/usr/bin/bootstrap_host_exec zaqar_api su zaqar -s /bin/bash -c 'zaqar-sql-db-manage upgrade head'"
|
|
- {}
|
|
- step_4:
|
|
zaqar:
|
|
image: *zaqar_image
|
|
net: host
|
|
privileged: false
|
|
restart: always
|
|
# NOTE(mandre) kolla image changes the user to 'zaqar', we need it
|
|
# to be root to run httpd
|
|
user: root
|
|
healthcheck:
|
|
test: /usr/share/openstack-tripleo-common/healthcheck/zaqar-api
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro
|
|
- /var/log/containers/zaqar:/var/log/zaqar
|
|
- /var/log/containers/httpd/zaqar:/var/log/httpd
|
|
-
|
|
if:
|
|
- internal_tls_enabled
|
|
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
|
- ''
|
|
-
|
|
if:
|
|
- internal_tls_enabled
|
|
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
|
- ''
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
zaqar_websocket:
|
|
image: *zaqar_image
|
|
net: host
|
|
privileged: false
|
|
restart: always
|
|
healthcheck:
|
|
test:
|
|
list_join:
|
|
- ' '
|
|
- - '/usr/share/openstack-tripleo-common/healthcheck/zaqar-api'
|
|
- {get_param: [EndpointMap, ZaqarWebSocketInternal, port]}
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro
|
|
- /var/log/containers/zaqar:/var/log/zaqar
|
|
- /var/log/containers/httpd/zaqar:/var/log/httpd
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
host_prep_tasks:
|
|
- name: create persistent directories
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: directory
|
|
setype: "{{ item.setype }}"
|
|
with_items:
|
|
- { 'path': /var/log/containers/zaqar, 'setype': svirt_sandbox_file_t }
|
|
- { 'path': /var/log/containers/httpd/zaqar, 'setype': svirt_sandbox_file_t }
|
|
- { 'path': /var/log/zaqar, 'setype': svirt_sandbox_file_t }
|
|
- name: zaqar logs readme
|
|
copy:
|
|
dest: /var/log/zaqar/readme.txt
|
|
content: |
|
|
Log files from zaqar containers can be found under
|
|
/var/log/containers/zaqar and /var/log/containers/httpd/zaqar.
|
|
ignore_errors: true
|
|
metadata_settings:
|
|
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|