openstack/tripleo-heat-templates
Code Issues Proposed changes
a8393fa8a4
tripleo-heat-templates/docker/services/mistral-executor.yaml
Steve Baker 9104980524 Allow a containerized mistral-executor to access docker 
This is required for a containerized undercloud to perform workflow
driven container image prepare during overcloud deployment.

This moves the MistralDockerGroup parameter out of mistral-base since
this is only required for the executor.

Further changes will be needed to puppet-tripleo to use 'group' and
'user' instead of ensure_resource, and also to ensure that the created
docker group inside the executor container has the same gid as the
docker group on the host, but these can depend on this change for
testing.

Change-Id: I429c72c0334a177d1ec37c3d9c13b7ba983de734
Blueprint: container-prepare-workflow
2018-06-20 10:17:01 +12:00

165 lines
6.2 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
OpenStack containerized Mistral Executor service
parameters:
DockerMistralExecutorImage:
description: image
type: string
DockerMistralConfigImage:
description: The container image to use for the mistral config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
MistralBase:
type: ../../puppet/services/mistral-executor.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Mistral Executor role.
value:
service_name: {get_attr: [MistralBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [MistralBase, role_data, config_settings]
logging_source: {get_attr: [MistralBase, role_data, logging_source]}
logging_groups: {get_attr: [MistralBase, role_data, logging_groups]}
service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: mistral
puppet_tags: mistral_config,user,group
step_config:
list_join:
- "\n"
- - {get_attr: [MistralBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerMistralConfigImage}
volumes:
- /var/run/docker.sock:/var/run/docker.sock:rw
kolla_config:
/var/lib/kolla/config_files/mistral_executor.json:
command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/mistral
owner: mistral:mistral
recurse: true
- path: /var/lib/mistral
owner: mistral:mistral
recurse: true
docker_config:
step_4:
mistral_executor:
image: {get_param: DockerMistralExecutorImage}
net: host
privileged: false
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro
- /run:/run
# FIXME: this is required in order for Nova cells
# initialization workflows on the Undercloud. Need to
# exclude this on the overcloud for security reasons.
- /var/run/docker.sock:/var/run/docker.sock:rw
- /var/lib/config-data/nova/etc/nova:/etc/nova:ro
- /var/log/containers/mistral:/var/log/mistral
- /var/lib/mistral:/var/lib/mistral
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/mistral
state: directory
- name: mistral logs readme
copy:
dest: /var/log/mistral/readme.txt
content: |
Log files from mistral containers can be found under
/var/log/containers/mistral.
ignore_errors: true
upgrade_tasks:
- when: step|int == 0
tags: common
block:
- name: Check if mistral executor is deployed
command: systemctl is-enabled --quiet openstack-mistral-executor
ignore_errors: True
register: mistral_executor_enabled_result
- name: Set fact mistral_executor_enabled
set_fact:
mistral_executor_enabled: "{{ mistral_executor_enabled_result.rc == 0 }}"
- name: "PreUpgrade step0,validation: Check if openstack-mistral-executor is running"
command: systemctl is-active --quiet openstack-mistral-executor
when: mistral_executor_enabled|bool
tags: validation
- when: step|int == 2
block:
- name: Stop and disable mistral_executor service
when: mistral_executor_enabled|bool
service: name=openstack-mistral-executor state=stopped enabled=no
- name: Set fact for removal of openstack-mistral-executor package
set_fact:
remove_mistral_executor_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-mistral-executor package if operator requests it
yum: name=openstack-mistral-executor state=removed
ignore_errors: True
when: remove_mistral_executor_package|bool
View Git Blame Copy Permalink