56bec75c02
To not to redefine variable multiple times in each service we run check only once and we set fact. To increase readability of generated playbook we add block per strep in services. Change-Id: I2399a72709d240f84e3463c5c3b56942462d1e5c
241 lines
8.7 KiB
YAML
241 lines
8.7 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack containerized Nova Vncproxy service
|
|
|
|
parameters:
|
|
DockerNovaVncProxyImage:
|
|
description: image
|
|
type: string
|
|
DockerNovaConfigImage:
|
|
description: The container image to use for the nova config_volume
|
|
type: string
|
|
NovaVncproxyLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: openstack.nova.vncproxy
|
|
path: /var/log/containers/nova/nova-vncproxy.log
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
UpgradeRemoveUnusedPackages:
|
|
default: false
|
|
description: Remove package if the service is being disabled during upgrade
|
|
type: boolean
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
UseTLSTransportForVnc:
|
|
type: boolean
|
|
default: true
|
|
description: If set to true and if EnableInternalTLS is enabled, it will
|
|
enable TLS transaport for libvirt VNC and configure the
|
|
relevant keys for libvirt.
|
|
InternalTLSVncCAFile:
|
|
default: '/etc/pki/CA/certs/vnc.crt'
|
|
type: string
|
|
description: Specifies the CA cert to use for VNC TLS.
|
|
LibvirtVncCACert:
|
|
type: string
|
|
default: ''
|
|
description: This specifies the CA certificate to use for VNC TLS.
|
|
This file will be symlinked to the default CA path,
|
|
which is /etc/pki/libvirt-vnc/ca-cert.pem.
|
|
This parameter should be used if the default (which comes from
|
|
the InternalTLSVncCAFile parameter) is not desired. The current
|
|
default reflects TripleO's default CA, which is FreeIPA.
|
|
It will only be used if internal TLS is enabled.
|
|
|
|
|
|
conditions:
|
|
|
|
use_tls_for_vnc:
|
|
and:
|
|
- equals:
|
|
- {get_param: EnableInternalTLS}
|
|
- true
|
|
- equals:
|
|
- {get_param: UseTLSTransportForVnc}
|
|
- true
|
|
|
|
libvirt_vnc_specific_ca_unset:
|
|
equals:
|
|
- {get_param: LibvirtVncCACert}
|
|
- ''
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ./containers-common.yaml
|
|
|
|
MySQLClient:
|
|
type: ../../puppet/services/database/mysql-client.yaml
|
|
|
|
NovaVncProxyPuppetBase:
|
|
type: ../../puppet/services/nova-vnc-proxy.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
NovaLogging:
|
|
type: OS::TripleO::Services::Logging::NovaCommon
|
|
properties:
|
|
DockerNovaImage: {get_param: DockerNovaVncProxyImage}
|
|
NovaServiceName: 'vncproxy'
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Nova Vncproxy service.
|
|
value:
|
|
service_name: {get_attr: [NovaVncProxyPuppetBase, role_data, service_name]}
|
|
config_settings:
|
|
map_merge:
|
|
- {get_attr: [NovaVncProxyPuppetBase, role_data, config_settings]}
|
|
- {get_attr: [NovaLogging, config_settings]}
|
|
logging_source: {get_attr: [NovaVncProxyPuppetBase, role_data, logging_source]}
|
|
logging_groups: {get_attr: [NovaVncProxyPuppetBase, role_data, logging_groups]}
|
|
service_config_settings:
|
|
map_merge:
|
|
- get_attr: [NovaVncProxyPuppetBase, role_data, service_config_settings]
|
|
- fluentd:
|
|
tripleo_fluentd_groups_nova_vnc_proxy:
|
|
- nova
|
|
tripleo_fluentd_sources_nova_vnc_proxy:
|
|
- {get_param: NovaVncproxyLoggingSource}
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: nova
|
|
puppet_tags: nova_config
|
|
step_config:
|
|
list_join:
|
|
- "\n"
|
|
- - {get_attr: [NovaVncProxyPuppetBase, role_data, step_config]}
|
|
- {get_attr: [MySQLClient, role_data, step_config]}
|
|
config_image: {get_param: DockerNovaConfigImage}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/nova_vnc_proxy.json:
|
|
command:
|
|
list_join:
|
|
- ' '
|
|
- - /usr/bin/nova-novncproxy --web /usr/share/novnc/
|
|
- get_attr: [NovaLogging, cmd_extra_args]
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/log/nova
|
|
owner: nova:nova
|
|
recurse: true
|
|
docker_config:
|
|
step_4:
|
|
nova_vnc_proxy:
|
|
image: {get_param: DockerNovaVncProxyImage}
|
|
net: host
|
|
privileged: false
|
|
restart: always
|
|
healthcheck:
|
|
test: /openstack/healthcheck
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- {get_attr: [NovaLogging, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/nova_vnc_proxy.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
|
|
-
|
|
if:
|
|
- use_tls_for_vnc
|
|
-
|
|
- str_replace:
|
|
template: "CACERT:/etc/pki/libvirt-vnc/ca-cert.pem:ro"
|
|
params:
|
|
CACERT:
|
|
if:
|
|
- libvirt_vnc_specific_ca_unset
|
|
- get_param: InternalTLSVncCAFile
|
|
- get_param: LibvirtVncCACert
|
|
- /etc/pki/libvirt-vnc/client-cert.pem:/etc/pki/libvirt-vnc/client-cert.pem:ro
|
|
- /etc/pki/libvirt-vnc/client-key.pem:/etc/pki/libvirt-vnc/client-key.pem:ro
|
|
- null
|
|
environment:
|
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
|
metadata_settings:
|
|
get_attr: [NovaVncProxyPuppetBase, role_data, metadata_settings]
|
|
host_prep_tasks: {get_attr: [NovaLogging, host_prep_tasks]}
|
|
upgrade_tasks:
|
|
- when: step|int == 0
|
|
tags: common
|
|
block:
|
|
- name: Check if nova vncproxy is deployed
|
|
command: systemctl is-enabled --quiet openstack-nova-novncproxy
|
|
ignore_errors: True
|
|
register: nova_vncproxy_enabled_result
|
|
- name: Set fact nova_vncproxy_enabled
|
|
set_fact:
|
|
nova_vncproxy_enabled: "{{ nova_vncproxy_enabled_result.rc == 0 }}"
|
|
- name: "PreUpgrade step0,validation: Check service openstack-nova-novncproxy is running"
|
|
command: systemctl is-active --quiet openstack-nova-novncproxy
|
|
tags: validation
|
|
when: nova_vncproxy_enabled|bool
|
|
- when: step|int == 2
|
|
block:
|
|
- name: Stop and disable nova_vnc_proxy service
|
|
when: nova_vncproxy_enabled|bool
|
|
service: name=openstack-nova-novncproxy state=stopped enabled=no
|
|
- name: Set fact for removal of openstack-nova-novncproxy package
|
|
set_fact:
|
|
remove_nova_novncproxy_package: {get_param: UpgradeRemoveUnusedPackages}
|
|
- name: Remove openstack-nova-novncproxy package if operator requests it
|
|
yum: name=openstack-nova-novncproxy state=removed
|
|
ignore_errors: True
|
|
when: remove_nova_novncproxy_package|bool
|
|
fast_forward_upgrade_tasks:
|
|
- name: Check if nova vncproxy is deployed
|
|
command: systemctl is-enabled --quiet openstack-nova-novncproxy
|
|
ignore_errors: True
|
|
register: nova_vncproxy_enabled_result
|
|
when:
|
|
- step|int == 0
|
|
- release == 'ocata'
|
|
- name: Set fact nova_vncproxy_enabled
|
|
set_fact:
|
|
nova_vncproxy_enabled: "{{ nova_vncproxy_enabled_result.rc == 0 }}"
|
|
when:
|
|
- step|int == 0
|
|
- release == 'ocata'
|
|
- name: Stop and disable nova-novncproxy service
|
|
service: name=openstack-nova-novncproxy state=stopped
|
|
when:
|
|
- step|int == 1
|
|
- release == 'ocata'
|
|
- nova_vncproxy_enabled|bool
|