openstack/tripleo-heat-templates
Code Issues Proposed changes
cba00abb75
tripleo-heat-templates/docker/services/gnocchi-api.yaml
Damien Ciabrini 5144634d9b Bind mount tripleo.cnf in transient bootstrap containers 
Various containerized services (e.g. nova, neutron, heat) run initial set up
steps with some ephemeral containers that don't use kolla_start. The
tripleo.cnf file is not copied in /etc/my.cnf.d and this can break some
deployments (e.g. when using internal TLS, service lack SSL settings).

Fix the configuration of transient containers by bind mounting of the
tripleo.cnf file when kolla_start is not used.

Change-Id: I5246f9d52fcf8c8af81de7a0dd8281169c971577
Closes-Bug: #1710127
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
2017-08-14 10:53:16 +00:00

169 lines
5.8 KiB
YAML
Raw Blame History

heat_template_version: pike
description: >
OpenStack containerized gnocchi service
parameters:
DockerGnocchiApiImage:
description: image
type: string
DockerGnocchiConfigImage:
description: The container image to use for the gnocchi config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
NumberOfStorageSacks:
default: 128
description: Number of storage sacks to create.
type: number
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
GnocchiApiPuppetBase:
type: ../../puppet/services/gnocchi-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the gnocchi API role.
value:
service_name: {get_attr: [GnocchiApiPuppetBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [GnocchiApiPuppetBase, role_data, config_settings]
- apache::default_vhost: false
step_config: &step_config
get_attr: [GnocchiApiPuppetBase, role_data, step_config]
service_config_settings: {get_attr: [GnocchiApiPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: gnocchi
puppet_tags: gnocchi_api_paste_ini,gnocchi_config
step_config: *step_config
config_image: {get_param: DockerGnocchiConfigImage}
kolla_config:
/var/lib/kolla/config_files/gnocchi_api.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/gnocchi
owner: gnocchi:gnocchi
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
step_2:
gnocchi_init_log:
image: &gnocchi_api_image {get_param: DockerGnocchiApiImage}
user: root
volumes:
- /var/log/containers/gnocchi:/var/log/gnocchi
command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R gnocchi:gnocchi /var/log/gnocchi']
step_4:
gnocchi_db_sync:
image: *gnocchi_api_image
net: host
detach: false
privileged: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/gnocchi/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
- /etc/ceph:/etc/ceph:ro
command:
str_replace:
template: /usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --sacks-number=SACK_NUM'
params:
SACK_NUM: {get_param: NumberOfStorageSacks}
step_5:
gnocchi_api:
image: *gnocchi_api_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/gnocchi
state: directory
- name: ensure ceph configurations exist
file:
path: /etc/ceph
state: directory
upgrade_tasks:
- name: Stop and disable httpd service
tags: step2
service: name=httpd state=stopped enabled=no
metadata_settings:
get_attr: [GnocchiApiPuppetBase, role_data, metadata_settings]
View Git Blame Copy Permalink