Code Review / apex-tripleo-heat-templates.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Merge "TLS everywhere: configure mongodb's TLS settings"
[apex-tripleo-heat-templates.git] / docker / docker-steps.j2
1 # certain initialization steps (run in a container) will occur
2 # on the role marked as primary controller or the first role listed
3 {%- set primary_role = [roles[0]] -%}
4 {%- for role in roles -%}
5   {%- if 'primary' in role.tags and 'controller' in role.tags -%}
6     {%- set _ = primary_role.pop() -%}
7     {%- set _ = primary_role.append(role) -%}
8   {%- endif -%}
9 {%- endfor -%}
10 {%- set primary_role_name = primary_role[0].name -%}
11 # primary role is: {{primary_role_name}}
12 {% set deploy_steps_max = 6 -%}
13
14 heat_template_version: pike
15
16 description: >
17   Post-deploy configuration steps via puppet for all roles,
18   as defined in ../roles_data.yaml
19
20 parameters:
21   servers:
22     type: json
23     description: Mapping of Role name e.g Controller to a list of servers
24   role_data:
25     type: json
26     description: Mapping of Role name e.g Controller to the per-role data
27   DeployIdentifier:
28     default: ''
29     type: string
30     description: >
31       Setting this to a unique value will re-run any deployment tasks which
32       perform configuration on a Heat stack-update.
33   EndpointMap:
34     default: {}
35     description: Mapping of service endpoint -> protocol. Typically set
36                  via parameter_defaults in the resource registry.
37     type: json
38
39 resources:
40
41   # These utility tasks use docker-puppet.py to execute tasks via puppet
42   # We only execute these on the first node in the primary role
43   {{primary_role_name}}DockerPuppetTasks:
44     type: OS::Heat::Value
45     properties:
46       type: json
47       value:
48         yaql:
49           expression:
50             $.data.default_tasks + dict($.data.docker_puppet_tasks.where($1 != null).selectMany($.items()).groupBy($[0], $[1]))
51           data:
52             docker_puppet_tasks: {get_param: [role_data, {{primary_role_name}}, docker_puppet_tasks]}
53             default_tasks:
54 {%- for step in range(1, deploy_steps_max) %}
55               step_{{step}}: {}
56 {%- endfor %}
57
58 # BEGIN primary_role_name docker-puppet-tasks (run only on a single node)
59 {% for step in range(1, deploy_steps_max) %}
60
61   {{primary_role_name}}DockerPuppetTasksConfig{{step}}:
62     type: OS::Heat::SoftwareConfig
63     properties:
64       group: script
65       config: {get_file: docker-puppet.py}
66       inputs:
67         - name: CONFIG
68         - name: NET_HOST
69         - name: NO_ARCHIVE
70         - name: STEP
71
72   {{primary_role_name}}DockerPuppetTasksDeployment{{step}}:
73     type: OS::Heat::SoftwareDeployment
74     depends_on:
75       {% for dep in roles %}
76       - {{dep.name}}Deployment_Step{{step}}
77       - {{dep.name}}ContainersDeployment_Step{{step}}
78       {% endfor %}
79     properties:
80       name: {{primary_role_name}}DockerPuppetTasksDeployment{{step}}
81       server: {get_param: [servers, {{primary_role_name}}, '0']}
82       config: {get_resource: {{primary_role_name}}DockerPuppetTasksConfig{{step}}}
83       input_values:
84         CONFIG: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json
85         NET_HOST: 'true'
86         NO_ARCHIVE: 'true'
87         STEP: {{step}}
88
89 {% endfor %}
90 # END primary_role_name docker-puppet-tasks
91
92 {% for role in roles %}
93   # Post deployment steps for all roles
94   # A single config is re-applied with an incrementing step number
95   # {{role.name}} Role steps
96   {{role.name}}ArtifactsConfig:
97     type: ../puppet/deploy-artifacts.yaml
98
99   {{role.name}}ArtifactsDeploy:
100     type: OS::Heat::StructuredDeploymentGroup
101     properties:
102       servers:  {get_param: [servers, {{role.name}}]}
103       config: {get_resource: {{role.name}}ArtifactsConfig}
104
105   {{role.name}}PreConfig:
106     type: OS::TripleO::Tasks::{{role.name}}PreConfig
107     properties:
108       servers: {get_param: [servers, {{role.name}}]}
109       input_values:
110         update_identifier: {get_param: DeployIdentifier}
111
112   {{role.name}}HostPrepConfig:
113     type: OS::Heat::SoftwareConfig
114     properties:
115       group: ansible
116       options:
117         modulepath: /usr/share/ansible-modules
118       config:
119         str_replace:
120           template: _PLAYBOOK
121           params:
122             _PLAYBOOK:
123               - hosts: localhost
124                 connection: local
125                 vars:
126                   puppet_config: {get_param: [role_data, {{role.name}}, puppet_config]}
127                   docker_puppet_script: {get_file: docker-puppet.py}
128                   docker_puppet_tasks: {get_attr: [{{primary_role_name}}DockerPuppetTasks, value]}
129                   docker_startup_configs: {get_attr: [{{role.name}}DockerConfig, value]}
130                   kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]}
131                   bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']}
132                 tasks:
133                   # Join host_prep_tasks with the other per-host configuration
134                   yaql:
135                     expression: $.data.host_prep_tasks + $.data.template_tasks
136                     data:
137                       host_prep_tasks: {get_param: [role_data, {{role.name}}, host_prep_tasks]}
138                       template_tasks:
139 {%- raw %}
140                         # This is where we stack puppet configuration (for now)...
141                         - name: Create /var/lib/config-data
142                           file: path=/var/lib/config-data state=directory
143                         # This is the docker-puppet configs end in
144                         - name: Create /var/lib/docker-puppet
145                           file: path=/var/lib/docker-puppet state=directory
146                         # this creates a JSON config file for our docker-puppet.py script
147                         - name: Write docker-puppet-tasks json files
148                           copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes
149                         # FIXME: can we move docker-puppet somewhere so it's installed via a package?
150                         - name: Write docker-puppet.py
151                           copy: content="{{docker_puppet_script}}" dest=/var/lib/docker-puppet/docker-puppet.py force=yes
152                         # Here we are dumping all the docker container startup configuration data
153                         # so that we can have access to how they are started outside of heat
154                         # and docker-cmd.  This lets us create command line tools to test containers.
155                         - name: Write docker-container-startup-configs
156                           copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes
157                         - name: Create /var/lib/kolla/config_files directory
158                           file: path=/var/lib/kolla/config_files state=directory
159                         - name: Write kolla config json files
160                           copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes
161                           with_dict: "{{kolla_config}}"
162                         ########################################################
163                         # Bootstrap tasks, only performed on bootstrap_server_id
164                         ########################################################
165                         - name: Write docker-puppet-tasks json files
166                           copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes
167                           with_dict: "{{docker_puppet_tasks}}"
168                           when: deploy_server_id == bootstrap_server_id
169 {%- endraw %}
170
171   {{role.name}}HostPrepDeployment:
172     type: OS::Heat::SoftwareDeploymentGroup
173     properties:
174       servers: {get_param: [servers, {{role.name}}]}
175       config: {get_resource: {{role.name}}HostPrepConfig}
176
177   {{role.name}}GenerateConfig:
178     type: OS::Heat::SoftwareConfig
179     properties:
180       group: script
181       config: {get_file: docker-puppet.py}
182       inputs:
183         - name: NET_HOST
184
185   {{role.name}}GenerateConfigDeployment:
186     type: OS::Heat::SoftwareDeploymentGroup
187     depends_on: [{{role.name}}ArtifactsDeploy, {{role.name}}HostPrepDeployment]
188     properties:
189       name: {{role.name}}GenerateConfigDeployment
190       servers: {get_param: [servers, {{role.name}}]}
191       config: {get_resource: {{role.name}}GenerateConfig}
192       input_values:
193         NET_HOST: 'true'
194
195   {{role.name}}PuppetStepConfig:
196     type: OS::Heat::Value
197     properties:
198       type: string
199       value:
200         yaql:
201           expression:
202             # select 'step_config' only from services that do not have a docker_config
203             $.data.service_names.zip($.data.step_config, $.data.docker_config).where($[2] = null).where($[1] != null).select($[1]).join("\n")
204           data:
205             service_names: {get_param: [role_data, {{role.name}}, service_names]}
206             step_config: {get_param: [role_data, {{role.name}}, step_config]}
207             docker_config: {get_param: [role_data, {{role.name}}, docker_config]}
208
209   {{role.name}}DockerConfig:
210     type: OS::Heat::Value
211     properties:
212       type: json
213       value:
214         yaql:
215           expression:
216             # select 'docker_config' only from services that have it
217             $.data.service_names.zip($.data.docker_config).where($[1] != null).select($[1]).reduce($1.mergeWith($2), {})
218           data:
219             service_names: {get_param: [role_data, {{role.name}}, service_names]}
220             docker_config: {get_param: [role_data, {{role.name}}, docker_config]}
221
222   # BEGIN BAREMETAL CONFIG STEPS
223
224   {{role.name}}PreConfig:
225     type: OS::TripleO::Tasks::{{role.name}}PreConfig
226     properties:
227       servers: {get_param: [servers, {{role.name}}]}
228       input_values:
229         update_identifier: {get_param: DeployIdentifier}
230
231   {{role.name}}Config:
232     type: OS::TripleO::{{role.name}}Config
233     properties:
234       StepConfig: {get_attr: [{{role.name}}PuppetStepConfig, value]}
235
236   {% for step in range(1, deploy_steps_max) %}
237
238   {{role.name}}Deployment_Step{{step}}:
239     type: OS::Heat::StructuredDeploymentGroup
240   {% if step == 1 %}
241     depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy]
242   {% else %}
243     depends_on:
244       {% for dep in roles %}
245       - {{dep.name}}Deployment_Step{{step -1}}
246       - {{dep.name}}ContainersDeployment_Step{{step -1}}
247       {% endfor %}
248       - {{primary_role_name}}DockerPuppetTasksDeployment{{step -1}}
249   {% endif %}
250     properties:
251       name: {{role.name}}Deployment_Step{{step}}
252       servers: {get_param: [servers, {{role.name}}]}
253       config: {get_resource: {{role.name}}Config}
254       input_values:
255         step: {{step}}
256         update_identifier: {get_param: DeployIdentifier}
257
258   {% endfor %}
259   # END BAREMETAL CONFIG STEPS
260
261   # BEGIN CONTAINER CONFIG STEPS
262   {% for step in range(1, deploy_steps_max) %}
263
264   {{role.name}}ContainersConfig_Step{{step}}:
265     type: OS::Heat::StructuredConfig
266     properties:
267       group: docker-cmd
268       config:
269         {get_attr: [{{role.name}}DockerConfig, value, step_{{step}}]}
270
271   {{role.name}}ContainersDeployment_Step{{step}}:
272     type: OS::Heat::StructuredDeploymentGroup
273   {% if step == 1 %}
274     depends_on:
275         {%- for dep in roles %}
276       - {{dep.name}}Deployment_Step{{step}} # baremetal steps of the same level run first
277         {%- endfor %}
278       - {{role.name}}PreConfig
279       - {{role.name}}HostPrepDeployment
280   {% else %}
281     depends_on:
282         {% for dep in roles %}
283         - {{dep.name}}ContainersDeployment_Step{{step -1}}
284         - {{dep.name}}Deployment_Step{{step}} # baremetal steps of the same level run first
285         - {{dep.name}}Deployment_Step{{step -1}}
286         {% endfor %}
287         - {{primary_role_name}}DockerPuppetTasksDeployment{{step -1}}
288   {% endif %}
289     properties:
290       name: {{role.name}}ContainersDeployment_Step{{step}}
291       servers: {get_param: [servers, {{role.name}}]}
292       config: {get_resource: {{role.name}}ContainersConfig_Step{{step}}}
293
294   {% endfor %}
295   # END CONTAINER CONFIG STEPS
296
297   {{role.name}}PostConfig:
298     type: OS::TripleO::Tasks::{{role.name}}PostConfig
299     depends_on:
300   {% for dep in roles %}
301       - {{dep.name}}Deployment_Step5
302       - {{primary_role_name}}DockerPuppetTasksDeployment5
303   {% endfor %}
304     properties:
305       servers:  {get_param: servers}
306       input_values:
307         update_identifier: {get_param: DeployIdentifier}
308
309   # Note, this should come last, so use depends_on to ensure
310   # this is created after any other resources.
311   {{role.name}}ExtraConfigPost:
312     depends_on:
313   {% for dep in roles %}
314       - {{dep.name}}PostConfig
315   {% endfor %}
316     type: OS::TripleO::NodeExtraConfigPost
317     properties:
318         servers: {get_param: [servers, {{role.name}}]}
319
320 {% endfor %}