Containarise Barbican API

[apex-tripleo-heat-templates.git] / docker / services / database / mongodb.yaml

heat_template_version: pike

description: >
  MongoDB service deployment using puppet and docker

parameters:
  DockerMongodbImage:
    description: image
    type: string
  DockerMongodbConfigImage:
    description: The container image to use for the mongodb config_volume
    type: string
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  ServiceData:
    default: {}
    description: Dictionary packing service data
    type: json
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json
  EnableInternalTLS:
    type: boolean
    default: false
  InternalTLSCAFile:
    default: '/etc/ipa/ca.crt'
    type: string
    description: Specifies the default CA cert to use if TLS is used for
                 services in the internal network.

conditions:

  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}

resources:

  MongodbPuppetBase:
    type: ../../../puppet/services/database/mongodb.yaml
    properties:
      EndpointMap: {get_param: EndpointMap}
      ServiceData: {get_param: ServiceData}
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      RoleName: {get_param: RoleName}
      RoleParameters: {get_param: RoleParameters}

outputs:
  role_data:
    description: Containerized service Mongodb using composable services.
    value:
      service_name: {get_attr: [MongodbPuppetBase, role_data, service_name]}
      config_settings:
        map_merge:
          - get_attr: [MongodbPuppetBase, role_data, config_settings]
          - mongodb::server::fork: false
      step_config: &step_config
        list_join:
          - "\n"
          - - "['Mongodb_database', 'Mongodb_user', 'Mongodb_replset'].each |String $val| { noop_resource($val) }"
            - {get_attr: [MongodbPuppetBase, role_data, step_config]}
      # BEGIN DOCKER SETTINGS #
      puppet_config:
        config_volume: mongodb
        puppet_tags: file # set this even though file is the default
        step_config: *step_config
        config_image: &mongodb_config_image {get_param: DockerMongodbConfigImage}
      kolla_config:
        /var/lib/kolla/config_files/mongodb.json:
          command: /usr/bin/mongod --unixSocketPrefix=/var/run/mongodb --config /etc/mongod.conf run
          config_files:
            - source: "/var/lib/kolla/config_files/src/*"
              dest: "/"
              merge: true
              preserve_properties: true
            - source: "/var/lib/kolla/config_files/src-tls/*"
              dest: "/"
              merge: true
              preserve_properties: true
          permissions:
            - path: /var/lib/mongodb
              owner: mongodb:mongodb
              recurse: true
            - path: /var/log/mongodb
              owner: mongodb:mongodb
              recurse: true
            - path: /etc/pki/tls/certs/mongodb.pem
              owner: mongodb:mongodb
      docker_config:
        step_2:
          mongodb:
            image: {get_param: DockerMongodbImage}
            net: host
            privileged: false
            volumes: &mongodb_volumes
              list_concat:
                - - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json
                  - /var/lib/config-data/puppet-generated/mongodb/:/var/lib/kolla/config_files/src:ro
                  - /etc/localtime:/etc/localtime:ro
                  - /var/log/containers/mongodb:/var/log/mongodb
                  - /var/lib/mongodb:/var/lib/mongodb
                - if:
                  - internal_tls_enabled
                  - - list_join:
                      - ':'
                      - - {get_param: InternalTLSCAFile}
                        - {get_param: InternalTLSCAFile}
                        - 'ro'
                    - /etc/pki/tls/certs/mongodb.pem:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mongodb.pem:ro
                  - null
            environment:
              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
      docker_puppet_tasks:
        # MySQL database initialization occurs only on single node
        step_2:
          config_volume: 'mongodb_init_tasks'
          puppet_tags: 'mongodb_database,mongodb_user,mongodb_replset'
          step_config: 'include ::tripleo::profile::base::database::mongodb'
          config_image: *mongodb_config_image
          volumes:
            list_concat:
              - - /var/lib/mongodb:/var/lib/mongodb
                - /var/log/containers/mongodb:/var/log/mongodb
              - if:
                - internal_tls_enabled
                - - list_join:
                    - ':'
                    - - {get_param: InternalTLSCAFile}
                      - {get_param: InternalTLSCAFile}
                      - 'ro'
                  - /etc/pki/tls/certs/mongodb.pem:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mongodb.pem:ro
                - null
      host_prep_tasks:
        - name: create persistent directories
          file:
            path: "{{ item }}"
            state: directory
          with_items:
            - /var/log/containers/mongodb
            - /var/lib/mongodb
      metadata_settings:
        get_attr: [MongodbPuppetBase, role_data, metadata_settings]
      upgrade_tasks:
        - name: Stop and disable mongodb service
          tags: step2
          service: name=mongod state=stopped enabled=no