7e8d88afa5
This change will allow the generated playbooks to run when selinux is disabled. Presently the seboolean module will fail when a systems has selinux disabled. While selinux could be set permissive to avoid an error, the disabled setting is a valid configuration and should be respected. > seboolean will now only run when selinux is enabled. Change-Id: Ifd31adcf27902a8a77de9c68482306ec9da6d250 Signed-off-by: Kevin Carter <kecarter@redhat.com>
327 lines
12 KiB
YAML
327 lines
12 KiB
YAML
heat_template_version: wallaby
|
|
|
|
description: >
|
|
OpenStack containerized Heat Engine service
|
|
|
|
parameters:
|
|
ContainerHeatEngineImage:
|
|
description: image
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
ContainerHeatConfigImage:
|
|
description: The container image to use for the heat config_volume
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
HeatEngineLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: openstack.heat.engine
|
|
file: /var/log/containers/heat/heat-engine.log
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. Use
|
|
parameter_merge_strategies to merge it with the defaults.
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
DeployIdentifier:
|
|
default: ''
|
|
type: string
|
|
description: >
|
|
Setting this to a unique value will re-run any deployment tasks which
|
|
perform configuration on a Heat stack-update.
|
|
HeatEngineOptVolumes:
|
|
default: []
|
|
description: list of optional volumes to be mounted
|
|
type: comma_delimited_list
|
|
HeatEngineOptEnvVars:
|
|
default: {}
|
|
description: hash of optional environment variables
|
|
type: json
|
|
HeatEnableDBPurge:
|
|
type: boolean
|
|
default: true
|
|
description: |
|
|
Whether to create cron job for purging soft deleted rows in the Heat database.
|
|
EnableSQLAlchemyCollectd:
|
|
type: boolean
|
|
description: >
|
|
Set to true to enable the SQLAlchemy-collectd server plugin
|
|
default: false
|
|
HeatWorkers:
|
|
default: 0
|
|
description: Number of workers for Heat service.
|
|
type: number
|
|
HeatMaxNestedStackDepth:
|
|
default: 6
|
|
description: Maximum number of nested stack depth.
|
|
type: number
|
|
HeatReauthenticationAuthMethod:
|
|
description: Allow reauthentication on token expiry, such that long-running tasks
|
|
may complete. Note this defeats the expiry of any provided user tokens.
|
|
type: string
|
|
default: ''
|
|
constraints:
|
|
- allowed_values: [ '', 'trusts' ]
|
|
HeatPassword:
|
|
description: The password for the Heat service and db account, used by the Heat services.
|
|
type: string
|
|
hidden: true
|
|
HeatStackDomainAdminPassword:
|
|
description: Password for heat_stack_domain_admin user.
|
|
type: string
|
|
hidden: true
|
|
HeatAuthEncryptionKey:
|
|
description: Auth encryption key for heat-engine
|
|
type: string
|
|
hidden: true
|
|
default: ''
|
|
MonitoringSubscriptionHeatEngine:
|
|
default: 'overcloud-heat-engine'
|
|
type: string
|
|
HeatConvergenceEngine:
|
|
type: boolean
|
|
default: true
|
|
description: Enables the heat engine with the convergence architecture.
|
|
HeatMaxResourcesPerStack:
|
|
type: number
|
|
default: 1000
|
|
description: Maximum resources allowed per top-level stack. -1 stands for unlimited.
|
|
HeatEnginePluginDirs:
|
|
type: comma_delimited_list
|
|
default: []
|
|
description: An array of directories to search for plug-ins.
|
|
HeatConfigureDelegatedRoles:
|
|
type: boolean
|
|
default: false
|
|
description: Create delegated roles
|
|
ClientRetryLimit:
|
|
type: number
|
|
default: 2
|
|
description: Client retries for transient errors.
|
|
|
|
conditions:
|
|
heat_workers_set:
|
|
not: {equals : [{get_param: HeatWorkers}, 0]}
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ../containers-common.yaml
|
|
|
|
MySQLClient:
|
|
type: ../database/mysql-client.yaml
|
|
|
|
HeatBase:
|
|
type: ./heat-base-puppet.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
HeatEngineLogging:
|
|
type: OS::TripleO::Services::Logging::HeatEngine
|
|
|
|
RoleParametersValue:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
map_replace:
|
|
- map_replace:
|
|
- ContainerHeatEngineImage: ContainerHeatEngineImage
|
|
ContainerHeatConfigImage: ContainerHeatConfigImage
|
|
- values: {get_param: [RoleParameters]}
|
|
- values:
|
|
ContainerHeatEngineImage: {get_param: ContainerHeatEngineImage}
|
|
ContainerHeatConfigImage: {get_param: ContainerHeatConfigImage}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Heat Engine role.
|
|
value:
|
|
service_name: heat_engine
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionHeatEngine}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [HeatBase, role_data, config_settings]
|
|
- apache::default_vhost: false
|
|
heat::engine::configure_delegated_roles: {get_param: HeatConfigureDelegatedRoles}
|
|
heat::engine::trusts_delegated_roles: []
|
|
heat::engine::max_nested_stack_depth: {get_param: HeatMaxNestedStackDepth}
|
|
heat::engine::max_resources_per_stack: {get_param: HeatMaxResourcesPerStack}
|
|
heat::engine::reauthentication_auth_method: {get_param: HeatReauthenticationAuthMethod}
|
|
heat::engine::heat_metadata_server_url:
|
|
make_url:
|
|
scheme: {get_param: [EndpointMap, HeatCfnPublic, protocol]}
|
|
host: {get_param: [EndpointMap, HeatCfnPublic, host]}
|
|
port: {get_param: [EndpointMap, HeatCfnPublic, port]}
|
|
heat::engine::heat_waitcondition_server_url:
|
|
make_url:
|
|
scheme: {get_param: [EndpointMap, HeatCfnPublic, protocol]}
|
|
host: {get_param: [EndpointMap, HeatCfnPublic, host]}
|
|
port: {get_param: [EndpointMap, HeatCfnPublic, port]}
|
|
path: /v1/waitcondition
|
|
heat::engine::convergence_engine: {get_param: HeatConvergenceEngine}
|
|
heat::engine::client_retry_limit: {get_param: ClientRetryLimit}
|
|
tripleo::profile::base::heat::manage_db_purge: {get_param: HeatEnableDBPurge}
|
|
heat::db::database_connection:
|
|
make_url:
|
|
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
|
|
username: heat
|
|
password: {get_param: HeatPassword}
|
|
host: {get_param: [EndpointMap, MysqlInternal, host]}
|
|
path: /heat
|
|
query:
|
|
if:
|
|
- {get_param: EnableSQLAlchemyCollectd}
|
|
- read_default_file: /etc/my.cnf.d/tripleo.cnf
|
|
read_default_group: tripleo
|
|
plugin: collectd
|
|
collectd_program_name: heat
|
|
collectd_host: localhost
|
|
- read_default_file: /etc/my.cnf.d/tripleo.cnf
|
|
read_default_group: tripleo
|
|
|
|
heat::keystone_ec2_uri:
|
|
list_join:
|
|
- ''
|
|
- - {get_param: [EndpointMap, KeystoneV3Internal, uri]}
|
|
- '/ec2tokens'
|
|
heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword}
|
|
heat::engine::auth_encryption_key: {get_param: HeatAuthEncryptionKey}
|
|
heat::engine::plugin_dirs: {get_param: HeatEnginePluginDirs}
|
|
- if:
|
|
- heat_workers_set
|
|
- heat::engine::num_engine_workers: {get_param: HeatWorkers}
|
|
service_config_settings:
|
|
rsyslog:
|
|
tripleo_logging_sources_heat_engine:
|
|
- {get_param: HeatEngineLoggingSource}
|
|
mysql:
|
|
heat::db::mysql::password: {get_param: HeatPassword}
|
|
heat::db::mysql::user: heat
|
|
heat::db::mysql::host: '%'
|
|
heat::db::mysql::dbname: heat
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: heat
|
|
puppet_tags: heat_config,file,concat,file_line
|
|
step_config:
|
|
list_join:
|
|
- "\n"
|
|
- - include tripleo::profile::base::heat::engine
|
|
- {get_attr: [MySQLClient, role_data, step_config]}
|
|
config_image: {get_attr: [RoleParametersValue, value, ContainerHeatConfigImage]}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/heat_engine.json:
|
|
command:
|
|
list_join:
|
|
- ' '
|
|
- - /usr/bin/heat-engine --config-file /etc/heat/heat.conf
|
|
- get_attr: [HeatEngineLogging, cmd_extra_args]
|
|
config_files: &heat_engine_config_files
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions: &heat_engine_permissions
|
|
- path: /var/log/heat
|
|
owner: heat:heat
|
|
recurse: true
|
|
/var/lib/kolla/config_files/heat_engine_db_sync.json:
|
|
command: "/usr/bin/bootstrap_host_exec heat_engine su heat -s /bin/bash -c 'heat-manage db_sync'"
|
|
config_files: *heat_engine_config_files
|
|
permissions: *heat_engine_permissions
|
|
docker_config:
|
|
# db sync runs before permissions set by kolla_config
|
|
step_2:
|
|
get_attr: [HeatEngineLogging, docker_config, step_2]
|
|
step_3:
|
|
heat_engine_db_sync:
|
|
image: &heat_engine_image {get_attr: [RoleParametersValue, value, ContainerHeatEngineImage]}
|
|
net: host
|
|
privileged: false
|
|
detach: false
|
|
user: root
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- {get_attr: [HeatEngineLogging, volumes]}
|
|
- {get_param: HeatEngineOptVolumes}
|
|
-
|
|
- /var/lib/kolla/config_files/heat_engine_db_sync.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/heat:/var/lib/kolla/config_files/src:ro
|
|
environment:
|
|
map_merge:
|
|
- {get_param: HeatEngineOptEnvVars}
|
|
- KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
|
|
step_4:
|
|
heat_engine:
|
|
image: *heat_engine_image
|
|
net: host
|
|
privileged: false
|
|
stop_grace_period: 60
|
|
restart: always
|
|
healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]}
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- {get_attr: [HeatEngineLogging, volumes]}
|
|
- {get_param: HeatEngineOptVolumes}
|
|
-
|
|
- /var/lib/kolla/config_files/heat_engine.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/heat:/var/lib/kolla/config_files/src:ro
|
|
environment:
|
|
map_merge:
|
|
- {get_param: HeatEngineOptEnvVars}
|
|
- KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
host_prep_tasks:
|
|
list_concat:
|
|
- {get_attr: [HeatEngineLogging, host_prep_tasks]}
|
|
- - name: enable virt_sandbox_use_netlink for healthcheck
|
|
seboolean:
|
|
name: virt_sandbox_use_netlink
|
|
persistent: true
|
|
state: true
|
|
when:
|
|
- ansible_facts.selinux is defined
|
|
- ansible_facts.selinux.status == "enabled"
|
|
upgrade_tasks: []
|
|
external_upgrade_tasks:
|
|
- when:
|
|
- step|int == 1
|
|
tags:
|
|
- never
|
|
- system_upgrade_transfer_data
|
|
- system_upgrade_stop_services
|
|
block:
|
|
- name: Stop heat engine container
|
|
import_role:
|
|
name: tripleo_container_stop
|
|
vars:
|
|
tripleo_containers_to_stop:
|
|
- heat_engine
|
|
tripleo_delegate_to: "{{ groups['heat_engine'] | default([]) }}"
|