openstack/tripleo-heat-templates
Code Issues Proposed changes
Files
a4631060f6d048a65060dd32bca9f2cd93aa7409
tripleo-heat-templates/docker/services/barbican-api.yaml
Jiri Stransky 85ec193403 Write readme.txt into old log directories 
This should help operators find the new log files. We do have them
documented, but not everybody reads every word in the docs :)

The readme creation has ignore_errors: true so that if the directory
isn't present at all (e.g. on deployed server environments, which
don't have openstack packages installed), we don't fail the deployment
when we're not able to create the readme.

Change-Id: I6b36db7b7ce8b3e4da566eb7828d0c3b8646a14f
Partial-Bug: #1730957
2017-11-14 10:35:11 +01:00

173 lines
6.1 KiB
YAML
Raw Blame History

heat_template_version: pike
description: >
OpenStack containerized Barbican API service
parameters:
DockerBarbicanApiImage:
description: image
type: string
DockerBarbicanConfigImage:
description: The container image to use for the barbican config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
BarbicanApiBase:
type: ../../puppet/services/barbican-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Barbican API role.
value:
service_name: {get_attr: [BarbicanApiBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [BarbicanApiBase, role_data, config_settings]
- apache::default_vhost: false
logging_source: {get_attr: [BarbicanApiBase, role_data, logging_source]}
logging_groups: {get_attr: [BarbicanApiBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [BarbicanApiBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [BarbicanApiBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: barbican
puppet_tags: barbican_api_paste_ini,barbican_config
step_config: *step_config
config_image: {get_param: DockerBarbicanConfigImage}
kolla_config:
/var/lib/kolla/config_files/barbican_api.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
# db sync runs before permissions set by kolla_config
step_2:
barbican_init_logs:
image: &barbican_api_image {get_param: DockerBarbicanApiImage}
privileged: false
user: root
volumes:
- /var/log/containers/barbican:/var/log/barbican
command: ['/bin/bash', '-c', 'chown -R barbican:barbican /var/log/barbican']
step_3:
barbican_api_db_sync:
start_order: 0
image: *barbican_api_image
net: host
detach: false
user: root
volumes: &barbican_api_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/barbican/etc/barbican/:/etc/barbican/:ro
- /var/log/containers/barbican:/var/log/barbican
command: "/usr/bin/bootstrap_host_exec barbican_api su barbican -s /bin/bash -c '/usr/bin/barbican-manage db upgrade'"
step_4:
barbican_api:
image: *barbican_api_image
net: host
privileged: false
restart: always
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/barbican_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/log/containers/barbican:/var/log/barbican
- /var/lib/config-data/puppet-generated/barbican/:/var/lib/kolla/config_files/src:ro
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/barbican
state: directory
- name: barbican logs readme
copy:
dest: /var/log/barbican/readme.txt
content: |
Log files from barbican containers can be found under
/var/log/containers/barbican.
ignore_errors: true
upgrade_tasks:
- name: Stop and disable barbican_api service
tags: step2
service: name=openstack-barbican-api state=stopped enabled=no
- name: Remove openstack-barbican-api package if operator requests it
yum: name=openstack-barbican-api state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
metadata_settings:
get_attr: [BarbicanApiBase, role_data, metadata_settings]
View Git Blame Copy Permalink