d4ea8e6864
This defines the interface to specify the authentication credentials for container image registries which require them. It is separate from the ContainerImagePrepare parameter so that the credentials only need to be stated once, and so the secrets can be flagged as hidden parameters. Change-Id: I3b2743cd48b2083468acb83a4ddeb98a93d795a2 Partial-Bug: #1823579
152 lines
5.5 KiB
YAML
152 lines
5.5 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
Prepare container images
|
|
|
|
parameters:
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
ContainerImagePrepare:
|
|
default: {}
|
|
description: Used to run "openstack tripleo container image prepare".
|
|
This is run after the registry is installed to populate
|
|
the registry with images.
|
|
type: json
|
|
ContainerImagePrepareLogFile:
|
|
default: '/var/log/tripleo-container-image-prepare.log'
|
|
type: string
|
|
description: Used to store outputs of "openstack tripleo container image prepare".
|
|
DockerInsecureRegistryAddress:
|
|
description: Optional. The IP Address and Port of an insecure docker
|
|
namespace that will be configured in /etc/sysconfig/docker.
|
|
The value can be multiple addresses separated by commas.
|
|
type: comma_delimited_list
|
|
default: []
|
|
|
|
NeutronMechanismDrivers:
|
|
default: 'ovn'
|
|
description: |
|
|
The mechanism drivers for the Neutron tenant network.
|
|
type: comma_delimited_list
|
|
|
|
DockerRegistryMirror:
|
|
description: Optional. Mirror to use for registry docker.io
|
|
default: ''
|
|
type: string
|
|
ContainerImagePrepareDebug:
|
|
default: false
|
|
description: Whether or not we want to activate --debug in tripleo container image prepare.
|
|
type: boolean
|
|
ContainerImageRegistryCredentials:
|
|
type: json
|
|
hidden: true
|
|
default: {}
|
|
description: |
|
|
Mapping of image registry hosts to login credentials. Must be in the following example format
|
|
|
|
docker.io:
|
|
username: pa55word
|
|
'192.0.2.1:8787':
|
|
registry_username: password
|
|
|
|
{% for role in roles %}
|
|
# Parameters generated for {{role.name}} Role
|
|
{{role.name}}Services:
|
|
description: A list of service resources (configured in the Heat
|
|
resource_registry) which represent nested stacks
|
|
for each service that should get installed on the {{role.name}} role.
|
|
type: comma_delimited_list
|
|
|
|
{{role.name}}Count:
|
|
description: Number of {{role.name}} nodes to deploy
|
|
type: number
|
|
default: {{role.CountDefault|default(0)}}
|
|
{% endfor %}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for container image prepare
|
|
value:
|
|
service_name: container_image_prepare
|
|
external_deploy_tasks:
|
|
- name: Container image prepare
|
|
when: step|int == 1
|
|
tags: container_image_prepare
|
|
block:
|
|
- set_fact:
|
|
log_file: {get_param: ContainerImagePrepareLogFile}
|
|
container_image_prepare_debug: {get_param: ContainerImagePrepareDebug}
|
|
- name: Create temp file for prepare parameter
|
|
tempfile:
|
|
state: file
|
|
suffix: -prepare-param
|
|
register: prepare_param
|
|
check_mode: no
|
|
- name: Create temp file for role data
|
|
tempfile:
|
|
state: file
|
|
suffix: -role-data
|
|
register: role_data
|
|
check_mode: no
|
|
- name: Write ContainerImagePrepare parameter file
|
|
copy:
|
|
dest: "{{ '{{' }} prepare_param.path {{ '}}' }}"
|
|
content:
|
|
parameter_defaults:
|
|
ContainerImagePrepare: {get_param: ContainerImagePrepare}
|
|
DockerInsecureRegistryAddress: {get_param: DockerInsecureRegistryAddress}
|
|
NeutronMechanismDrivers: {get_param: NeutronMechanismDrivers}
|
|
DockerRegistryMirror: {get_param: DockerRegistryMirror}
|
|
ContainerImageRegistryCredentials: {get_param: ContainerImageRegistryCredentials}
|
|
{% for role in roles %}
|
|
{{role.name}}Services: {get_param: {{role.name}}Services}
|
|
{{role.name}}Count: {get_param: {{role.name}}Count}
|
|
{% endfor %}
|
|
- name: Write role data file
|
|
copy:
|
|
dest: "{{ '{{' }} role_data.path {{ '}}' }}"
|
|
content: {{ roles }}
|
|
- name: Run tripleo-container-image-prepare logged to {{ '{{' }} log_file {{ '}}' }}
|
|
shell: |
|
|
sudo /usr/bin/tripleo-container-image-prepare \
|
|
--roles-file {{ '{{' }} role_data.path {{ '}}' }} \
|
|
--environment-file {{ '{{' }} prepare_param.path {{ '}}' }} \
|
|
--cleanup partial \
|
|
--log-file {{ '{{' }} log_file {{ '}}' }}{{ '{' }}% if container_image_prepare_debug|default(false) %{{ '}' }} \
|
|
--debug > {{ '{{' }} log_file {{ '}}' }} 2>&1{{ '{' }}% endif %{{ '}' }}
|
|
no_log: True
|
|
- name: Delete param file
|
|
file:
|
|
dest: "{{ '{{' }} prepare_param.path {{ '}}' }}"
|
|
state: absent
|
|
check_mode: no
|
|
- name: Delete role file
|
|
file:
|
|
dest: "{{ '{{' }} role_data.path {{ '}}' }}"
|
|
state: absent
|
|
check_mode: no
|