Steve Baker 9104980524 Allow a containerized mistral-executor to access docker
This is required for a containerized undercloud to perform workflow
driven container image prepare during overcloud deployment.

This moves the MistralDockerGroup parameter out of mistral-base since
this is only required for the executor.

Further changes will be needed to puppet-tripleo to use 'group' and
'user' instead of ensure_resource, and also to ensure that the created
docker group inside the executor container has the same gid as the
docker group on the host, but these can depend on this change for
testing.

Change-Id: I429c72c0334a177d1ec37c3d9c13b7ba983de734
Blueprint: container-prepare-workflow
2018-06-20 10:17:01 +12:00

136 lines
4.9 KiB
YAML

heat_template_version: rocky
description: >
Openstack Mistral base service. Shared for all Mistral services.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
Debug:
default: false
description: Set to True to enable debugging on all services.
type: boolean
MistralDebug:
default: ''
description: Set to True to enable debugging Mistral services.
type: string
constraints:
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
MistralPassword:
description: The password for the Mistral service and db account, used by the Mistral services.
type: string
hidden: true
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
NotificationDriver:
type: string
default: 'messagingv2'
description: Driver or drivers to handle sending notifications.
constraints:
- allowed_values: [ 'messagingv2', 'noop' ]
RpcPort:
default: 5672
description: The network port for messaging backend
type: number
RpcUserName:
default: guest
description: The username for messaging backend
type: string
RpcPassword:
description: The password for messaging backend
type: string
hidden: true
RpcUseSSL:
default: false
description: >
Messaging client subscriber parameter to specify
an SSL connection to the messaging host.
type: string
conditions:
service_debug_unset: {equals : [{get_param: MistralDebug}, '']}
outputs:
role_data:
description: Shared role data for the Mistral services.
value:
service_name: mistral_base
config_settings:
mistral::database_connection:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
username: mistral
password: {get_param: MistralPassword}
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /mistral
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
mistral::notification_driver: {get_param: NotificationDriver}
# TODO(ansmith): remove once p-t-o switches to oslo params
mistral::rabbit_userid: {get_param: RpcUserName}
mistral::rabbit_password: {get_param: RpcPassword}
mistral::rabbit_use_ssl: {get_param: RpcUseSSL}
mistral::rabbit_port: {get_param: RpcPort}
mistral::debug:
if:
- service_debug_unset
- {get_param: Debug }
- {get_param: MistralDebug }
mistral::rpc_response_timeout: 120
mistral::keystone::authtoken::project_name: 'service'
mistral::keystone::authtoken::user_domain_name: 'Default'
mistral::keystone::authtoken::project_domain_name: 'Default'
mistral::keystone::authtoken::password: {get_param: MistralPassword}
mistral::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
mistral::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
mistral::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
mistral::keystone_ec2_uri:
list_join:
- ''
- - {get_param: [EndpointMap, KeystoneV3Internal, uri]}
- '/ec2tokens'
service_config_settings:
keystone:
mistral::keystone::auth::tenant: 'service'
mistral::keystone::auth::public_url: {get_param: [EndpointMap, MistralPublic, uri]}
mistral::keystone::auth::internal_url: {get_param: [EndpointMap, MistralInternal, uri]}
mistral::keystone::auth::admin_url: {get_param: [EndpointMap, MistralAdmin, uri]}
mistral::keystone::auth::password: {get_param: MistralPassword}
mistral::keystone::auth::region: {get_param: KeystoneRegion}
mysql:
mistral::db::mysql::user: mistral
mistral::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
mistral::db::mysql::dbname: mistral
mistral::db::mysql::password: {get_param: MistralPassword}
mistral::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"