openstack/tripleo-heat-templates
Code Issues Proposed changes
333e4f5e70
tripleo-heat-templates/deployment/zaqar/zaqar-container-puppet.yaml
Jose Luis Franco Arza cc4b7f4634 Get rid of docker removing in post_upgrade tasks. 
When upgrading from Rocky to Stein we moved also from using the docker
container engine into Podman. To ensure that every single docker container
was removed after the upgrade a post_upgrade task was added which made
use of the tripleo-docker-rm role that removed the container. In this cycle,
from Stein to Train both the Undercloud and Overcloud work with Podman, so
there is no need to remove any docker container anymore.

This patch removes all the tripleo-docker-rm post-upgrade task and in those
services which only included a single task, the post-upgrade-tasks section
is also erased.

Change-Id: I5c9ab55ec6ff332056a426a76e150ea3c9063c6e
(cherry picked from commit 4cbae84c75)
2019-11-20 14:59:58 +01:00

369 lines
15 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
OpenStack containerized Zaqar services
parameters:
ContainerZaqarImage:
description: image
type: string
ContainerZaqarConfigImage:
description: The container image to use for the zaqar config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
Debug:
type: boolean
description: Set to True to enable debugging on all services.
default: false
ZaqarDebug:
default: ''
description: Set to True to enable debugging Zaqar service.
type: string
constraints:
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
ZaqarPassword:
description: The password for Zaqar
type: string
hidden: true
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
ZaqarPolicies:
description: |
A hash of policies to configure for Zaqar.
e.g. { zaqar-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
ZaqarWorkers:
type: string
description: Set the number of workers for zaqar::wsgi::apache
default: '%{::os_workers}'
ZaqarMessageStore:
type: string
description: The messaging store for Zaqar
default: redis
ZaqarManagementStore:
type: string
description: The management store for Zaqar
default: redis
EnableInternalTLS:
type: boolean
default: false
RedisPassword:
description: The password for the redis service account.
type: string
hidden: true
conditions:
internal_tls_enabled: {get_param: EnableInternalTLS}
service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']}
zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']}
zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]}
zaqar_messaging_store_swift: {equals : [{get_param: ZaqarMessageStore}, 'swift']}
zaqar_messaging_store_redis: {equals : [{get_param: ZaqarMessageStore}, 'redis']}
resources:
ApacheServiceBase:
type: ../../deployment/apache/apache-baremetal-puppet.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
EnableInternalTLS: {get_param: EnableInternalTLS}
ContainersCommon:
type: ../containers-common.yaml
MySQLClient:
type: ../database/mysql-client.yaml
outputs:
role_data:
description: Role data for the Zaqar API role.
value:
service_name: zaqar_api
config_settings:
map_merge:
- get_attr: [ApacheServiceBase, role_data, config_settings]
- zaqar::policy::policies: {get_param: ZaqarPolicies}
zaqar::keystone::authtoken::password: {get_param: ZaqarPassword}
zaqar::keystone::authtoken::project_name: 'service'
zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
zaqar::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
zaqar::keystone::trust::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
zaqar::logging::debug:
if:
- service_debug_unset
- {get_param: Debug }
- {get_param: ZaqarDebug }
zaqar::server::service_name: 'httpd'
zaqar::transport::websocket::bind:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
zaqar::transport::websocket::notification_bind:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS}
zaqar::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
zaqar::message_pipeline: 'zaqar.notification.notifier'
zaqar::max_messages_post_size: 1048576
zaqar::unreliable: true
zaqar::wsgi::apache::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
zaqar::message_store: {get_param: ZaqarMessageStore}
zaqar::management_store: {get_param: ZaqarManagementStore}
-
if:
- zaqar_messaging_store_swift
-
zaqar::messaging::swift::uri:
list_join:
- ''
- ['swift://zaqar:', {get_param: ZaqarPassword}, '@/service']
zaqar::messaging::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
tripleo::profile::base::zaqar::messaging_store: 'swift'
- {}
-
if:
- zaqar_messaging_store_redis
-
zaqar_redis_password: {get_param: RedisPassword}
tripleo::profile::base::zaqar::messaging_store: 'redis'
- {}
-
if:
- zaqar_management_store_sqlalchemy
-
tripleo::profile::base::zaqar::management_store: 'sqlalchemy'
zaqar::management::sqlalchemy::uri:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
username: zaqar
password: {get_param: ZaqarPassword}
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /zaqar
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
- {}
-
if:
- zaqar_workers_zero
- {}
- zaqar::wsgi::apache::workers: {get_param: ZaqarWorkers}
service_config_settings:
map_merge:
- keystone:
zaqar::keystone::auth::password: {get_param: ZaqarPassword}
zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]}
zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]}
zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]}
zaqar::keystone::auth::region: {get_param: KeystoneRegion}
zaqar::keystone::auth::tenant: 'service'
zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword}
zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]}
zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]}
zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion}
zaqar::keystone::auth_websocket::tenant: 'service'
zaqar::keystone::trust::password: {get_param: ZaqarPassword}
zaqar::keystone::trust::user_domain_name: 'Default'
tripleo::zaqar_api::firewall_rules:
'113 zaqar_api':
dport:
- 9000
- 8888
- 3000 #SSL for websocket
- 13888 #SSL for api
-
if:
- zaqar_management_store_sqlalchemy
- mysql:
zaqar::db::mysql::user: zaqar
zaqar::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
zaqar::db::mysql::dbname: zaqar
zaqar::db::mysql::password: {get_param: ZaqarPassword}
zaqar::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
- {}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: zaqar
puppet_tags: zaqar_config
step_config:
list_join:
- "\n"
- - include ::tripleo::profile::base::zaqar
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: ContainerZaqarConfigImage}
kolla_config:
/var/lib/kolla/config_files/zaqar.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d"
dest: "/etc/httpd/conf.d"
merge: false
preserve_properties: true
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
/var/lib/kolla/config_files/zaqar_websocket.json:
command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf --config-file /etc/zaqar/1.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/zaqar
owner: zaqar:zaqar
recurse: true
docker_config:
map_merge:
-
if:
- zaqar_management_store_sqlalchemy
-
step_2:
zaqar_init_log:
image: &zaqar_image {get_param: ContainerZaqarImage}
net: none
user: root
volumes:
- /var/log/containers/zaqar:/var/log/zaqar
- /var/log/containers/httpd/zaqar:/var/log/httpd
command: ['/bin/bash', '-c', 'chmod 2755 /var/log/zaqar; touch /var/log/zaqar/zaqar-server.log; chown -R zaqar:zaqar /var/log/zaqar']
step_3:
zaqar_db_sync:
image: *zaqar_image
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro
- /var/log/containers/zaqar:/var/log/zaqar
- /var/log/containers/httpd/zaqar:/var/log/httpd
command: "/usr/bin/bootstrap_host_exec zaqar_api su zaqar -s /bin/bash -c 'zaqar-sql-db-manage upgrade head'"
- {}
- step_4:
zaqar:
image: *zaqar_image
net: host
privileged: false
restart: always
# NOTE(mandre) kolla image changes the user to 'zaqar', we need it
# to be root to run httpd
user: root
healthcheck:
test: /usr/share/openstack-tripleo-common/healthcheck/zaqar-api
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/zaqar:/var/log/zaqar
- /var/log/containers/httpd/zaqar:/var/log/httpd
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
zaqar_websocket:
image: *zaqar_image
net: host
privileged: false
restart: always
healthcheck:
test:
list_join:
- ' '
- - '/usr/share/openstack-tripleo-common/healthcheck/zaqar-api'
- {get_param: [EndpointMap, ZaqarWebSocketInternal, port]}
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/zaqar:/var/log/zaqar
- /var/log/containers/httpd/zaqar:/var/log/httpd
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/zaqar, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/zaqar, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/zaqar, 'setype': svirt_sandbox_file_t }
- name: zaqar logs readme
copy:
dest: /var/log/zaqar/readme.txt
content: |
Log files from zaqar containers can be found under
/var/log/containers/zaqar and /var/log/containers/httpd/zaqar.
ignore_errors: true
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
View Git Blame Copy Permalink