openstack/tripleo-heat-templates
Code Issues Proposed changes
7d48e49301
tripleo-heat-templates/deployment/deprecated/mistral/mistral-api-container-puppet.yaml
ramishra 7f195ff9a8 Remove DefaultPasswords interface 
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.

Reduces a number of heat resources.

Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
2021-02-12 11:38:44 +05:30

259 lines
9.6 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
OpenStack containerized Mistral API service
parameters:
ContainerMistralApiImage:
description: image
type: string
ContainerMistralConfigImage:
description: The container image to use for the mistral config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
DeployIdentifier:
default: ''
type: string
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
MistralWorkers:
default: 1
description: The number of workers for the mistral-api.
type: number
MistralApiPolicies:
description: |
A hash of policies to configure for Mistral API.
e.g. { mistral-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
EnableInternalTLS:
type: boolean
default: false
MistralExecutionInterval:
default: 600
description: This setting defines how frequently Mistral checks for cron
triggers that need execution. The default is 10 minutes and
reduces the load that is has on the system.
type: number
MistralCorsAllowedOrigin:
type: string
default: ''
description: Indicate whether this resource may be shared with the domain received in the request
"origin" header.
MistralPassword:
description: The password for the Mistral service and db account, used by the Mistral services.
type: string
hidden: true
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
conditions:
mistral_workers_zero: {equals : [{get_param: MistralWorkers}, 0]}
cors_allowed_origin_unset: {equals : [{get_param: MistralCorsAllowedOrigin}, '']}
resources:
ContainersCommon:
type: ../../containers-common.yaml
MySQLClient:
type: ../../database/mysql-client.yaml
MistralBase:
type: ./mistral-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Mistral API role.
value:
service_name: mistral_api
firewall_rules:
'133 mistral':
dport:
- 8989
- 13989
keystone_resources:
mistral:
endpoints:
public: {get_param: [EndpointMap, MistralPublic, uri]}
internal: {get_param: [EndpointMap, MistralInternal, uri]}
admin: {get_param: [EndpointMap, MistralAdmin, uri]}
users:
mistral:
password: {get_param: MistralPassword}
region: {get_param: KeystoneRegion}
service: 'workflowv2'
config_settings:
map_merge:
- get_attr: [MistralBase, role_data, config_settings]
-
if:
- cors_allowed_origin_unset
- {}
- mistral::cors::allowed_origin: {get_param: MistralCorsAllowedOrigin}
- mistral::api::api_workers: {get_param: MistralWorkers}
mistral::api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
mistral::wsgi::apache::ssl: {get_param: EnableInternalTLS}
mistral::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
mistral::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
mistral::policy::policies: {get_param: MistralApiPolicies}
mistral::cron_trigger::execution_interval: {get_param: MistralExecutionInterval}
mistral::api::allow_action_execution_deletion: true
mistral::api::service_name: 'httpd'
mistral::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
mistral::wsgi::apache::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
- if:
- mistral_workers_zero
- {}
- mistral::wsgi::apache::workers: {get_param: MistralWorkers}
service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: mistral
puppet_tags: mistral_config
step_config:
list_join:
- "\n"
- - include tripleo::profile::base::mistral::api
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: ContainerMistralConfigImage}
kolla_config:
/var/lib/kolla/config_files/mistral_api.json:
command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/api.log --server=api
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/mistral
owner: mistral:mistral
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
step_2:
mistral_init_logs:
image: &mistral_api_image {get_param: ContainerMistralApiImage}
net: none
privileged: false
user: root
volumes:
- /var/log/containers/mistral:/var/log/mistral:z
command: ['/bin/bash', '-c', 'chown -R mistral:mistral /var/log/mistral']
step_3:
mistral_db_sync:
start_order: 0
image: *mistral_api_image
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- /var/log/containers/mistral:/var/log/mistral:z
command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf --openstack_actions_mapping_path=/etc/mistral/mapping.json upgrade head'"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
step_4:
mistral_api:
start_order: 15
image: *mistral_api_image
net: host
privileged: false
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/mistral:/var/lib/kolla/config_files/src:ro
- /var/log/containers/mistral:/var/log/mistral:z
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
step_5:
mistral_db_populate:
start_order: 1
image: *mistral_api_image
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- /var/log/containers/mistral:/var/log/mistral:z
# NOTE: dprince this requires that we install openstack-tripleo-common into
# the Mistral API image so that we get tripleo* actions
command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf --openstack_actions_mapping_path=/etc/mistral/mapping.json populate'"
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
mode: "{{ item.mode|default(omit) }}"
with_items:
- { 'path': /var/log/containers/mistral, 'setype': container_file_t, 'mode': '0750' }
deploy_steps_tasks:
- name: Copy in action mapping file
when: step|int == 3
copy:
content: {get_file: ./mapping.json}
dest: '/var/lib/config-data/mistral/etc/mistral/mapping.json'
setype: container_file_t
force: yes
mode: '0755'
View Git Blame Copy Permalink