d493845b1f
The ansible async directory needs to be defined as something other that ~/.ansible_async to ensure we're not running into selinux violations when executing tasks with async and become. Bug: #1861302 Change-Id: I2052aa8861025f8385c0817566fbc37bf6984ac0 Signed-off-by: Kevin Carter <kecarter@redhat.com>
416 lines
16 KiB
YAML
416 lines
16 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
Utility stack to convert an array of services into a set of combined
|
|
role configs.
|
|
|
|
parameters:
|
|
Services:
|
|
default: []
|
|
description: |
|
|
List nested stack service templates.
|
|
type: comma_delimited_list
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
description: Mapping of service -> default password. Used to help
|
|
pass top level passwords managed by Heat into services.
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
description: Parameters specific to the role
|
|
default: {}
|
|
type: json
|
|
|
|
resources:
|
|
|
|
ServiceChain:
|
|
type: OS::Heat::ResourceChain
|
|
properties:
|
|
resources: {get_param: Services}
|
|
concurrent: true
|
|
resource_properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
ServiceServerMetadataHook:
|
|
type: OS::TripleO::{{role.name}}ServiceServerMetadataHook
|
|
properties:
|
|
RoleData: {get_attr: [ServiceChain, role_data]}
|
|
|
|
PuppetStepConfig:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: string
|
|
value:
|
|
list_join:
|
|
- "\n"
|
|
- - str_replace:
|
|
template: {get_file: ../../puppet/manifests/overcloud_common.pp}
|
|
params:
|
|
__ROLE__: {get_param: RoleName}
|
|
- yaql:
|
|
expression:
|
|
# select 'step_config' only from services that do not have a docker_config
|
|
coalesce($.data.service_names, []).zip(coalesce($.data.step_config, []), coalesce($.data.docker_config, [])).where($[2] = null).where($[1] != null).select($[1]).join("\n")
|
|
data:
|
|
service_names: {get_attr: [ServiceChain, role_data, service_name]}
|
|
step_config: {get_attr: [ServiceChain, role_data, step_config]}
|
|
docker_config: {get_attr: [ServiceChain, role_data, docker_config]}
|
|
|
|
DockerConfig:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
yaql:
|
|
expression:
|
|
# select 'docker_config' only from services that have it
|
|
coalesce($.data.service_names, []).zip(coalesce($.data.docker_config, [])).where($[1] != null).select($[1]).reduce($1.mergeWith($2), {})
|
|
data:
|
|
service_names: {get_attr: [ServiceChain, role_data, service_names]}
|
|
docker_config: {get_attr: [ServiceChain, role_data, docker_config]}
|
|
|
|
DockerConfigScripts:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
yaql:
|
|
expression:
|
|
# select 'container_config_scripts' only from services that have it
|
|
coalesce($.data.service_names, []).zip(coalesce($.data.container_config_scripts, [])).where($[1] != null).select($[1]).reduce($1.mergeWith($2), {})
|
|
data:
|
|
service_names: {get_attr: [ServiceChain, role_data, service_names]}
|
|
container_config_scripts: {get_attr: [ServiceChain, role_data, container_config_scripts]}
|
|
|
|
MonitoringSubscriptionsConfig:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: comma_delimited_list
|
|
value:
|
|
yaql:
|
|
expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('monitoring_subscription')).where($ != null))
|
|
data: {role_data: {get_attr: [ServiceChain, role_data]}}
|
|
|
|
ServiceNames:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: comma_delimited_list
|
|
value:
|
|
filter:
|
|
- [null]
|
|
- {get_attr: [ServiceChain, role_data, service_name]}
|
|
|
|
GlobalConfigSettings:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
map_merge:
|
|
yaql:
|
|
expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('global_config_settings')).where($ != null))
|
|
data: {role_data: {get_attr: [ServiceChain, role_data]}}
|
|
|
|
KeystoneResourcesConfigs:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
map_merge:
|
|
yaql:
|
|
expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('keystone_resources')).where($ != null))
|
|
data: {role_data: {get_attr: [ServiceChain, role_data]}}
|
|
|
|
ServiceConfigSettings:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
yaql:
|
|
expression: coalesce($.data.role_data, []).where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {})
|
|
data: {role_data: {get_attr: [ServiceChain, role_data]}}
|
|
|
|
DeployStepsTasks:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: comma_delimited_list
|
|
value:
|
|
yaql:
|
|
# Note we use distinct() here to filter any identical tasks, e.g yum update for all services
|
|
expression: coalesce($.data, []).where($ != null).select($.get('deploy_steps_tasks')).where($ != null).flatten().distinct()
|
|
data: {get_attr: [ServiceChain, role_data]}
|
|
|
|
ExternalDeployTasks:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: comma_delimited_list
|
|
value:
|
|
yaql:
|
|
# Note we use distinct() here to filter any identical tasks, e.g yum update for all services
|
|
expression: coalesce($.data, []).where($ != null).select($.get('external_deploy_tasks')).where($ != null).flatten().distinct()
|
|
data: {get_attr: [ServiceChain, role_data]}
|
|
|
|
ExternalPostDeployTasks:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: comma_delimited_list
|
|
value:
|
|
yaql:
|
|
# Note we use distinct() here to filter any identical tasks, e.g yum update for all services
|
|
expression: coalesce($.data, []).where($ != null).select($.get('external_post_deploy_tasks')).where($ != null).flatten().distinct()
|
|
data: {get_attr: [ServiceChain, role_data]}
|
|
|
|
ScaleTasks:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: comma_delimited_list
|
|
value:
|
|
yaql:
|
|
# Note we use distinct() here to filter any identical tasks, e.g yum update for all services
|
|
expression: coalesce($.data, []).where($ != null).select($.get('scale_tasks')).where($ != null).flatten().distinct()
|
|
data: {get_attr: [ServiceChain, role_data]}
|
|
|
|
ExternalUpdateTasks:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: comma_delimited_list
|
|
value:
|
|
yaql:
|
|
# Note we use distinct() here to filter any identical tasks, e.g yum update for all services
|
|
expression: coalesce($.data, []).where($ != null).select($.get('external_update_tasks')).where($ != null).flatten().distinct()
|
|
data: {get_attr: [ServiceChain, role_data]}
|
|
|
|
ExternalUpgradeTasks:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: comma_delimited_list
|
|
value:
|
|
yaql:
|
|
# Note we use distinct() here to filter any identical tasks, e.g yum update for all services
|
|
expression: coalesce($.data, []).where($ != null).select($.get('external_upgrade_tasks')).where($ != null).flatten().distinct()
|
|
data: {get_attr: [ServiceChain, role_data]}
|
|
|
|
FastForwardUpgradeTasks:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: comma_delimited_list
|
|
value:
|
|
yaql:
|
|
expression: coalesce($.data, []).where($ != null).select($.get('fast_forward_upgrade_tasks')).where($ != null).flatten().distinct()
|
|
data: {get_attr: [ServiceChain, role_data]}
|
|
|
|
FastForwardPostUpgradeTasks:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: comma_delimited_list
|
|
value:
|
|
yaql:
|
|
expression: coalesce($.data, []).where($ != null).select($.get('fast_forward_post_upgrade_tasks')).where($ != null).flatten().distinct()
|
|
data: {get_attr: [ServiceChain, role_data]}
|
|
|
|
PreUpgradeRollingTasks:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: comma_delimited_list
|
|
value:
|
|
yaql:
|
|
expression: coalesce($.data, []).where($ != null).select($.get('pre_upgrade_rolling_tasks')).where($ != null).flatten().distinct()
|
|
data: {get_attr: [ServiceChain, role_data]}
|
|
|
|
UpgradeTasks:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: comma_delimited_list
|
|
value:
|
|
yaql:
|
|
# Note we use distinct() here to filter any identical tasks, e.g yum update for all services
|
|
expression: coalesce($.data, []).where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct()
|
|
data: {get_attr: [ServiceChain, role_data]}
|
|
|
|
PostUpgradeTasks:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: comma_delimited_list
|
|
value:
|
|
yaql:
|
|
# Note we use distinct() here to filter any identical tasks, e.g yum update for all services
|
|
expression: coalesce($.data, []).where($ != null).select($.get('post_upgrade_tasks')).where($ != null).flatten().distinct()
|
|
data: {get_attr: [ServiceChain, role_data]}
|
|
|
|
UpdateTasks:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: comma_delimited_list
|
|
value:
|
|
yaql:
|
|
# Note we use distinct() here to filter any identical tasks, e.g yum update for all services
|
|
expression: coalesce($.data, []).where($ != null).select($.get('update_tasks')).where($ != null).flatten().distinct()
|
|
data: {get_attr: [ServiceChain, role_data]}
|
|
|
|
PostUpdateTasks:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: comma_delimited_list
|
|
value:
|
|
yaql:
|
|
# Note we use distinct() here to filter any identical tasks, e.g yum update for all services
|
|
expression: coalesce($.data, []).where($ != null).select($.get('post_update_tasks')).where($ != null).flatten().distinct()
|
|
data: {get_attr: [ServiceChain, role_data]}
|
|
|
|
UpgradeBatchTasks:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: comma_delimited_list
|
|
value:
|
|
yaql:
|
|
expression: coalesce($.data, []).where($ != null).select($.get('upgrade_batch_tasks')).where($ != null).flatten().distinct()
|
|
data: {get_attr: [ServiceChain, role_data]}
|
|
|
|
PuppetConfig:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: comma_delimited_list
|
|
value:
|
|
yaql:
|
|
expression: coalesce($.data, []).where($ != null).select($.get('puppet_config')).where($ != null).distinct()
|
|
data: {get_attr: [ServiceChain, role_data]}
|
|
|
|
KollaConfig:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
yaql:
|
|
expression: coalesce($.data.role_data, []).where($ != null).select($.get('kolla_config')).where($ != null).reduce($1.mergeWith($2), {})
|
|
data: {role_data: {get_attr: [ServiceChain, role_data]}}
|
|
|
|
# DEPRECATED in favor of ContainerPuppetTasks.
|
|
DockerPuppetTasks:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
yaql:
|
|
# This extracts docker_puppet_tasks for each step,
|
|
# and merges {service_name: the_service} for each item, so we
|
|
# can later filter based on the bootstrap hostname for the service
|
|
expression: dict(coalesce($.data, []).where($ != null).select([$.get('docker_puppet_tasks'), $.get('service_name')]).where($[0] != null).select([$[0], dict($[0].keys().zip(dict(service_name=>$[1]).repeat(len($[0].keys()))))]).select($[0].mergeWith($[1])).selectMany($.items()).groupBy($[0], $[1]))
|
|
data: {get_attr: [ServiceChain, role_data]}
|
|
|
|
ContainerPuppetTasks:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
yaql:
|
|
# This extracts container_puppet_tasks for each step,
|
|
# and merges {service_name: the_service} for each item, so we
|
|
# can later filter based on the bootstrap hostname for the service
|
|
expression: dict(coalesce($.data, []).where($ != null).select([$.get('container_puppet_tasks'), $.get('service_name')]).where($[0] != null).select([$[0], dict($[0].keys().zip(dict(service_name=>$[1]).repeat(len($[0].keys()))))]).select($[0].mergeWith($[1])).selectMany($.items()).groupBy($[0], $[1]))
|
|
data: {get_attr: [ServiceChain, role_data]}
|
|
|
|
HostPrepTasks:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: comma_delimited_list
|
|
value:
|
|
yaql:
|
|
# Note we use distinct() here to filter any identical tasks
|
|
expression: coalesce($.data, []).where($ != null).select($.get('host_prep_tasks')).where($ != null).flatten().distinct()
|
|
data: {get_attr: [ServiceChain, role_data]}
|
|
|
|
AnsibleGroupVars:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
map_merge:
|
|
yaql:
|
|
expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('ansible_group_vars')).where($ != null))
|
|
data: {role_data: {get_attr: [ServiceChain, role_data]}}
|
|
|
|
FirewallRules:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
map_merge:
|
|
yaql:
|
|
expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('firewall_rules')).where($ != null))
|
|
data: {role_data: {get_attr: [ServiceChain, role_data]}}
|
|
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Combined Role data for this set of services.
|
|
value:
|
|
service_names: {get_attr: [ServiceNames, value]}
|
|
monitoring_subscriptions: {get_attr: [MonitoringSubscriptionsConfig, value]}
|
|
config_settings:
|
|
yaql:
|
|
expression: $.data.where($ != null).reduce($1.mergeWith($2), {})
|
|
data: {get_attr: [ServiceChain, role_data, config_settings]}
|
|
global_config_settings: {get_attr: [GlobalConfigSettings, value]}
|
|
service_config_settings: {get_attr: [ServiceConfigSettings, value]}
|
|
step_config: {get_attr: [PuppetStepConfig, value]}
|
|
deploy_steps_tasks: {get_attr: [DeployStepsTasks, value]}
|
|
external_deploy_tasks: {get_attr: [ExternalDeployTasks, value]}
|
|
external_post_deploy_tasks: {get_attr: [ExternalPostDeployTasks, value]}
|
|
external_update_tasks: {get_attr: [ExternalUpdateTasks, value]}
|
|
external_upgrade_tasks: {get_attr: [ExternalUpgradeTasks, value]}
|
|
scale_tasks: {get_attr: [ScaleTasks, value]}
|
|
fast_forward_upgrade_tasks: {get_attr: [FastForwardUpgradeTasks, value]}
|
|
fast_forward_post_upgrade_tasks: {get_attr: [FastForwardPostUpgradeTasks, value]}
|
|
pre_upgrade_rolling_tasks: {get_attr: [PreUpgradeRollingTasks, value]}
|
|
upgrade_tasks: {get_attr: [UpgradeTasks, value]}
|
|
post_upgrade_tasks: {get_attr: [PostUpgradeTasks, value]}
|
|
update_tasks: {get_attr: [UpdateTasks, value]}
|
|
post_update_tasks: {get_attr: [PostUpdateTasks, value]}
|
|
upgrade_batch_tasks: {get_attr: [UpgradeBatchTasks, value]}
|
|
service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]}
|
|
ansible_group_vars:
|
|
map_merge:
|
|
- ansible_async_dir: "/tmp/.ansible_async"
|
|
- {get_attr: [AnsibleGroupVars, value]}
|
|
keystone_resources: {get_attr: [KeystoneResourcesConfigs, value]}
|
|
|
|
# Keys to support docker/services
|
|
puppet_config: {get_attr: [PuppetConfig, value]}
|
|
kolla_config: {get_attr: [KollaConfig, value]}
|
|
docker_config: {get_attr: [DockerConfig, value]}
|
|
container_config_scripts: {get_attr: [DockerConfigScripts, value]}
|
|
container_puppet_tasks:
|
|
map_merge:
|
|
- {get_attr: [ContainerPuppetTasks, value]}
|
|
- {get_attr: [DockerPuppetTasks, value]}
|
|
host_prep_tasks:
|
|
list_concat:
|
|
- - name: Run firewall role
|
|
include_role:
|
|
name: tripleo_firewall
|
|
vars:
|
|
tripleo_firewall_rules: {get_attr: [FirewallRules, value]}
|
|
- {get_attr: [HostPrepTasks, value]}
|