openstack/tripleo-heat-templates
Code Issues Proposed changes
4dca2a4834
tripleo-heat-templates/deployment/heat/heat-engine-container-puppet.yaml
Alex Schultz 8e052715c8 Use kolla_config for other actions 
Today for some services we mount in /var/lib/config-data/<service>/etc
which is actually an output from the container-puppet process. We should
be using kolla to ensure that we properly create the configurations
based on the puppet generated configurations and things in the
container.  Some services correctly leverage the kolla_config that the
associated api/service uses when running their db sync. This patch
aligns the rest to follow the similar pattern.

Change-Id: I0e3d5748a50937880a55413b75fe6eca479c9160
2021-06-02 08:34:05 -06:00

309 lines
11 KiB
YAML
Raw Blame History

heat_template_version: wallaby
description: >
OpenStack containerized Heat Engine service
parameters:
ContainerHeatEngineImage:
description: image
type: string
ContainerHeatConfigImage:
description: The container image to use for the heat config_volume
type: string
HeatEngineLoggingSource:
type: json
default:
tag: openstack.heat.engine
file: /var/log/containers/heat/heat-engine.log
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. Use
parameter_merge_strategies to merge it with the defaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
DeployIdentifier:
default: ''
type: string
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
HeatEngineOptVolumes:
default: []
description: list of optional volumes to be mounted
type: comma_delimited_list
HeatEngineOptEnvVars:
default: {}
description: hash of optional environment variables
type: json
HeatEnableDBPurge:
type: boolean
default: true
description: |
Whether to create cron job for purging soft deleted rows in the Heat database.
EnableSQLAlchemyCollectd:
type: boolean
description: >
Set to true to enable the SQLAlchemy-collectd server plugin
default: false
HeatWorkers:
default: 0
description: Number of workers for Heat service.
type: number
HeatMaxNestedStackDepth:
default: 6
description: Maximum number of nested stack depth.
type: number
HeatReauthenticationAuthMethod:
description: Allow reauthentication on token expiry, such that long-running tasks
may complete. Note this defeats the expiry of any provided user tokens.
type: string
default: ''
constraints:
- allowed_values: [ '', 'trusts' ]
HeatPassword:
description: The password for the Heat service and db account, used by the Heat services.
type: string
hidden: true
HeatStackDomainAdminPassword:
description: Password for heat_stack_domain_admin user.
type: string
hidden: true
HeatAuthEncryptionKey:
description: Auth encryption key for heat-engine
type: string
hidden: true
default: ''
MonitoringSubscriptionHeatEngine:
default: 'overcloud-heat-engine'
type: string
HeatConvergenceEngine:
type: boolean
default: true
description: Enables the heat engine with the convergence architecture.
HeatMaxResourcesPerStack:
type: number
default: 1000
description: Maximum resources allowed per top-level stack. -1 stands for unlimited.
HeatEnginePluginDirs:
type: comma_delimited_list
default: []
description: An array of directories to search for plug-ins.
HeatConfigureDelegatedRoles:
type: boolean
default: false
description: Create delegated roles
ClientRetryLimit:
type: number
default: 2
description: Client retries for transient errors.
conditions:
heat_workers_set:
not: {equals : [{get_param: HeatWorkers}, 0]}
resources:
ContainersCommon:
type: ../containers-common.yaml
MySQLClient:
type: ../database/mysql-client.yaml
HeatBase:
type: ./heat-base-puppet.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
HeatEngineLogging:
type: OS::TripleO::Services::Logging::HeatEngine
outputs:
role_data:
description: Role data for the Heat Engine role.
value:
service_name: heat_engine
monitoring_subscription: {get_param: MonitoringSubscriptionHeatEngine}
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- apache::default_vhost: false
heat::engine::configure_delegated_roles: {get_param: HeatConfigureDelegatedRoles}
heat::engine::trusts_delegated_roles: []
heat::engine::max_nested_stack_depth: {get_param: HeatMaxNestedStackDepth}
heat::engine::max_resources_per_stack: {get_param: HeatMaxResourcesPerStack}
heat::engine::reauthentication_auth_method: {get_param: HeatReauthenticationAuthMethod}
heat::engine::heat_metadata_server_url:
make_url:
scheme: {get_param: [EndpointMap, HeatCfnPublic, protocol]}
host: {get_param: [EndpointMap, HeatCfnPublic, host]}
port: {get_param: [EndpointMap, HeatCfnPublic, port]}
heat::engine::heat_waitcondition_server_url:
make_url:
scheme: {get_param: [EndpointMap, HeatCfnPublic, protocol]}
host: {get_param: [EndpointMap, HeatCfnPublic, host]}
port: {get_param: [EndpointMap, HeatCfnPublic, port]}
path: /v1/waitcondition
heat::engine::convergence_engine: {get_param: HeatConvergenceEngine}
heat::engine::client_retry_limit: {get_param: ClientRetryLimit}
tripleo::profile::base::heat::manage_db_purge: {get_param: HeatEnableDBPurge}
heat::database_connection:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
username: heat
password: {get_param: HeatPassword}
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /heat
query:
if:
- {get_param: EnableSQLAlchemyCollectd}
- read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
plugin: collectd
collectd_program_name: heat
collectd_host: localhost
- read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
heat::keystone_ec2_uri:
list_join:
- ''
- - {get_param: [EndpointMap, KeystoneV3Internal, uri]}
- '/ec2tokens'
heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword}
heat::engine::auth_encryption_key: {get_param: HeatAuthEncryptionKey}
heat::engine::plugin_dirs: {get_param: HeatEnginePluginDirs}
- if:
- heat_workers_set
- heat::engine::num_engine_workers: {get_param: HeatWorkers}
service_config_settings:
rsyslog:
tripleo_logging_sources_heat_engine:
- {get_param: HeatEngineLoggingSource}
mysql:
heat::db::mysql::password: {get_param: HeatPassword}
heat::db::mysql::user: heat
heat::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
heat::db::mysql::dbname: heat
heat::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: heat
puppet_tags: heat_config,file,concat,file_line
step_config:
list_join:
- "\n"
- - include tripleo::profile::base::heat::engine
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: ContainerHeatConfigImage}
kolla_config:
/var/lib/kolla/config_files/heat_engine.json:
command:
list_join:
- ' '
- - /usr/bin/heat-engine --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf
- get_attr: [HeatEngineLogging, cmd_extra_args]
config_files: &heat_engine_config_files
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions: &heat_engine_permissions
- path: /var/log/heat
owner: heat:heat
recurse: true
/var/lib/kolla/config_files/heat_engine_db_sync.json:
command: "/usr/bin/bootstrap_host_exec heat_engine su heat -s /bin/bash -c 'heat-manage db_sync'"
config_files: *heat_engine_config_files
permissions: *heat_engine_permissions
docker_config:
# db sync runs before permissions set by kolla_config
step_2:
get_attr: [HeatEngineLogging, docker_config, step_2]
step_3:
heat_engine_db_sync:
image: &heat_engine_image {get_param: ContainerHeatEngineImage}
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [HeatEngineLogging, volumes]}
- {get_param: HeatEngineOptVolumes}
-
- /var/lib/kolla/config_files/heat_engine_db_sync.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/heat:/var/lib/kolla/config_files/src:ro
environment:
map_merge:
- {get_param: HeatEngineOptEnvVars}
- KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
step_4:
heat_engine:
image: *heat_engine_image
net: host
privileged: false
stop_grace_period: 60
restart: always
healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]}
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [HeatEngineLogging, volumes]}
- {get_param: HeatEngineOptVolumes}
-
- /var/lib/kolla/config_files/heat_engine.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/heat:/var/lib/kolla/config_files/src:ro
environment:
map_merge:
- {get_param: HeatEngineOptEnvVars}
- KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
host_prep_tasks:
list_concat:
- {get_attr: [HeatEngineLogging, host_prep_tasks]}
- - name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink
persistent: yes
state: yes
upgrade_tasks: []
external_upgrade_tasks:
- when:
- step|int == 1
tags:
- never
- system_upgrade_transfer_data
- system_upgrade_stop_services
block:
- name: Stop heat engine container
import_role:
name: tripleo_container_stop
vars:
tripleo_containers_to_stop:
- heat_engine
tripleo_delegate_to: "{{ groups['heat_engine'] | default([]) }}"
View Git Blame Copy Permalink