tripleo-heat-templates/puppet/services/docker.yaml

174 lines
6.3 KiB
YAML

heat_template_version: rocky
description: >
Configures docker on the host
parameters:
DockerInsecureRegistryAddress:
description: Optional. The IP Address and Port of an insecure docker
namespace that will be configured in /etc/sysconfig/docker.
The value can be multiple addresses separated by commas.
type: comma_delimited_list
default: []
DockerRegistryMirror:
description: Optional. Mirror to use for registry docker.io
default: ''
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
Debug:
type: boolean
default: false
description: Set to True to enable debugging on all services.
DockerDebug:
default: ''
description: Set to True to enable debugging Docker services.
type: string
constraints:
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
DockerOptions:
default: '--log-driver=journald --signature-verification=false --iptables=false --live-restore'
description: Options that are used to startup the docker service.
type: string
DockerAdditionalSockets:
default: ['/var/lib/openstack/docker.sock']
description: Additional domain sockets for the docker daemon to bind to (useful for mounting
into containers that launch other containers)
type: comma_delimited_list
DockerNetworkOptions:
default: '--bip=172.31.0.1/24'
description: More startup options, like CIDR for the default docker0 bridge (useful for the
network configuration conflicts resolution)
type: string
DeploymentUser:
default: ''
description: User added to the docker group in order to use container commands.
type: string
DockerSkipUpdateReconfiguration:
default: false
type: boolean
description: Flag to disable docker reconfiguration during stack update.
tags:
- role_specific
SELinuxMode:
default: 'enforcing'
description: Configures SELinux mode
type: string
constraints:
- allowed_values: [ 'enforcing', 'permissive', 'disabled' ]
parameter_groups:
- label: deprecated
description: |
The following parameters are deprecated and will be removed. They should not
be relied on for new deployments. If you have concerns regarding deprecated
parameters, please contact the TripleO development team on IRC or the
OpenStack mailing list.
parameters:
- DockerAdditionalSockets
resources:
# Merging role-specific parameters (RoleParameters) with the default parameters.
# RoleParameters will have the precedence over the default parameters.
RoleParametersValue:
type: OS::Heat::Value
properties:
type: json
value:
map_replace:
- map_replace:
- DockerSkipUpdateReconfiguration: DockerSkipUpdateReconfiguration
- values: {get_param: [RoleParameters]}
- values:
DockerSkipUpdateReconfiguration: {get_param: DockerSkipUpdateReconfiguration}
conditions:
insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, []]}
service_debug_unset: {equals : [{get_param: DockerDebug}, '']}
selinux_enforcing: {equals : [{get_param: SELinuxMode}, 'enforcing']}
outputs:
role_data:
description: Role data for the docker service
value:
service_name: docker
config_settings: {}
step_config: ''
host_prep_tasks:
- name: Install, Configure and Run Docker
block:
# NOTE(bogdando): w/a https://github.com/ansible/ansible/issues/42621
- set_fact: &docker_vars
container_registry_debug:
if:
- service_debug_unset
- {get_param: Debug }
- {get_param: DockerDebug}
container_registry_deployment_user: {get_param: DeploymentUser}
container_registry_docker_options: {get_param: DockerOptions}
container_registry_additional_sockets: {get_param: DockerAdditionalSockets}
container_registry_insecure_registries:
if:
- insecure_registry_is_empty
- []
- {get_param: DockerInsecureRegistryAddress}
container_registry_mirror: {get_param: DockerRegistryMirror}
container_registry_network_options: {get_param: DockerNetworkOptions}
container_registry_skip_reconfiguration: {get_attr: [RoleParametersValue, value, DockerSkipUpdateReconfiguration]}
container_registry_selinux:
if:
- selinux_enforcing
- true
- false
- include_role:
name: container-registry
tasks_from: docker
service_config_settings:
neutron_l3:
docker_additional_sockets: {get_param: DockerAdditionalSockets}
neutron_dhcp:
docker_additional_sockets: {get_param: DockerAdditionalSockets}
ovn_metadata:
docker_additional_sockets: {get_param: DockerAdditionalSockets}
upgrade_tasks:
- block:
- name: Install docker packages on upgrade if missing
package: name=docker state=latest
- set_fact: *docker_vars
- name: Reconfigure Docker if needed
include_role:
name: container-registry
tasks_from: docker
when: step|int == 3
update_tasks:
- name: Restart Docker when needed
when: step|int == 2
block:
- set_fact: *docker_vars
- include_role:
name: container-registry
tasks_from: docker-update