openstack/tripleo-heat-templates
Code Issues Proposed changes
72b60678e0
tripleo-heat-templates/deployment/database/redis-container-puppet.yaml
ramishra 7f195ff9a8 Remove DefaultPasswords interface 
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.

Reduces a number of heat resources.

Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
2021-02-12 11:38:44 +05:30

282 lines
10 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
OpenStack containerized Redis services
parameters:
ContainerRedisImage:
description: image
type: string
ContainerRedisConfigImage:
description: The container image to use for the redis config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
CertificateKeySize:
type: string
default: '2048'
description: Specifies the private key size used when creating the
certificate.
RedisCertificateKeySize:
type: string
default: ''
description: Override the private key size used when creating the
certificate for this service
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
key_size_override_unset: {equals: [{get_param: RedisCertificateKeySize}, '']}
resources:
ContainersCommon:
type: ../containers-common.yaml
RedisBase:
type: ./redis-base-puppet.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
outputs:
role_data:
description: Role data for the Redis API role.
value:
service_name: redis
firewall_rules:
'108 redis':
dport:
- 6379
- 26379
config_settings:
map_merge:
- {get_attr: [RedisBase, role_data, config_settings]}
- redis::daemonize: false
tripleo::stunnel::manage_service: false
tripleo::stunnel::foreground: 'yes'
- tripleo::profile::base::database::redis::tls_proxy_bind_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
tripleo::profile::base::database::redis::tls_proxy_fqdn:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
tripleo::profile::base::database::redis::tls_proxy_port: 6379
- if:
- internal_tls_enabled
- tripleo::redis::service_certificate: '/etc/pki/tls/certs/redis.crt'
redis_certificate_specs:
service_certificate: '/etc/pki/tls/certs/redis.crt'
service_key: '/etc/pki/tls/private/redis.key'
hostname:
str_replace:
template: "%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
dnsnames:
- str_replace:
template: "%{hiera('cloud_name_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
- str_replace:
template:
"%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
principal:
str_replace:
template: "redis/%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
postsave_cmd: "/usr/bin/certmonger-redis-refresh.sh"
key_size:
if:
- key_size_override_unset
- {get_param: CertificateKeySize}
- {get_param: RedisCertificateKeySize}
- {}
service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: 'redis'
# NOTE: we need the exec tag to copy /etc/redis.conf.puppet to
# /etc/redis.conf
# https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763
puppet_tags: 'exec'
step_config:
list_join:
- "\n"
- - include tripleo::profile::base::database::redis
- {get_attr: [RedisBase, role_data, step_config]}
config_image: {get_param: ContainerRedisConfigImage}
kolla_config:
/var/lib/kolla/config_files/redis.json:
command: /usr/bin/redis-server /etc/redis.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /run/redis
owner: redis:redis
recurse: true
/var/lib/kolla/config_files/redis_tls_proxy.json:
command: stunnel /etc/stunnel/stunnel.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
step_1:
map_merge:
- redis_init_logs:
start_order: 0
detach: false
image: &redis_image {get_param: ContainerRedisImage}
net: none
privileged: false
user: root
volumes:
- /var/log/containers/redis:/var/log/redis:z
command: ['/bin/bash', '-c', 'chown -R redis:redis /var/log/redis']
- redis:
start_order: 1
stop_grace_period: 60
image: *redis_image
net: host
privileged: false
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
- /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/redis:/var/lib/kolla/config_files/src:ro
- /etc/localtime:/etc/localtime:ro
- /var/log/containers/redis:/var/log/redis:z
- /run/redis:/run/redis:z
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
- if:
- internal_tls_enabled
- redis_tls_proxy:
start_order: 2
image: *redis_image
net: host
user: root
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/redis_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/redis:/var/lib/kolla/config_files/src:ro
- /etc/pki/tls/certs/redis.crt:/etc/pki/tls/certs/redis.crt:ro
- /etc/pki/tls/private/redis.key:/etc/pki/tls/private/redis.key:ro
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
- {}
metadata_settings:
if:
- internal_tls_enabled
-
- service: redis
network: {get_param: [ServiceNetMap, RedisNetwork]}
type: vip
- service: redis
network: {get_param: [ServiceNetMap, RedisNetwork]}
type: node
- null
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
mode: "{{ item.mode|default(omit) }}"
with_items:
- { 'path': /var/log/containers/redis, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /run/redis, 'setype': container_file_t }
- name: ensure /run/redis is present upon reboot
copy:
dest: /etc/tmpfiles.d/run-redis.conf
content: |
d /run/redis 0755 root root - -
update_tasks:
- name: redis_container_puppet_redis_pkg_clean
when: step|int == 1
block: &redis_container_puppet_redis_pkg_clean
- name: Ensure redis is uninstalled on container host
package:
name: redis
state: absent
- name: redis_container_puppet_tmpfile_cleanup
when: step|int == 1
block: &redis_container_puppet_tmpfile_cleanup
- name: remove old tmpfiles.d config
file:
path: /etc/tmpfiles.d/var-run-redis.conf
state: absent
upgrade_tasks:
- name: redis_container_puppet_redis_pkg_clean
when: step|int == 1
block: *redis_container_puppet_redis_pkg_clean
- name: redis_container_puppet_tmpfile_cleanup
when: step|int == 1
block: *redis_container_puppet_tmpfile_cleanup
external_upgrade_tasks:
- when:
- step|int == 1
tags:
- never
- system_upgrade_transfer_data
- system_upgrade_stop_services
block:
- name: Stop redis container
import_role:
name: tripleo_container_stop
vars:
tripleo_containers_to_stop:
with_items:
list_concat:
- - redis
- - if:
- internal_tls_enabled
- - redis_tls_proxy
- null
tripleo_delegate_to: "{{ groups['redis'] | default([]) }}"
View Git Blame Copy Permalink