Code Review / apex-tripleo-heat-templates.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Merge "mysql: Only set certificate specs if TLS everywhere is enabled" into stable...
[apex-tripleo-heat-templates.git] / docker / services / glance-api.yaml
1 heat_template_version: pike
2
3 description: >
4   OpenStack Glance service configured with Puppet
5
6 parameters:
7   DockerGlanceApiImage:
8     description: image
9     type: string
10   DockerGlanceApiConfigImage:
11     description: The container image to use for the glance_api config_volume
12     type: string
13   EndpointMap:
14     default: {}
15     description: Mapping of service endpoint -> protocol. Typically set
16                  via parameter_defaults in the resource registry.
17     type: json
18   ServiceData:
19     default: {}
20     description: Dictionary packing service data
21     type: json
22   ServiceNetMap:
23     default: {}
24     description: Mapping of service_name -> network name. Typically set
25                  via parameter_defaults in the resource registry.  This
26                  mapping overrides those in ServiceNetMapDefaults.
27     type: json
28   DefaultPasswords:
29     default: {}
30     type: json
31   RoleName:
32     default: ''
33     description: Role name on which the service is applied
34     type: string
35   RoleParameters:
36     default: {}
37     description: Parameters specific to the role
38     type: json
39   EnableInternalTLS:
40     type: boolean
41     default: false
42   GlanceNfsEnabled:
43     default: false
44     description: >
45       When using GlanceBackend 'file', mount NFS share for image storage.
46     type: boolean
47   UpgradeRemoveUnusedPackages:
48     default: false
49     description: Remove package if the service is being disabled during upgrade
50     type: boolean
51   GlanceNfsShare:
52     default: ''
53     description: >
54       NFS share to mount for image storage (when GlanceNfsEnabled is true)
55     type: string
56   GlanceNfsOptions:
57     default: 'intr,context=system_u:object_r:glance_var_lib_t:s0'
58     description: >
59       NFS mount options for image storage (when GlanceNfsEnabled is true)
60     type: string
61
62 conditions:
63
64   internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
65   nfs_backend_enabled: {equals: [{get_param: GlanceNfsEnabled}, true]}
66
67
68 resources:
69
70   ContainersCommon:
71     type: ./containers-common.yaml
72
73   MySQLClient:
74     type: ../../puppet/services/database/mysql-client.yaml
75
76   GlanceApiPuppetBase:
77     type: ../../puppet/services/glance-api.yaml
78     properties:
79       EndpointMap: {get_param: EndpointMap}
80       ServiceData: {get_param: ServiceData}
81       ServiceNetMap: {get_param: ServiceNetMap}
82       DefaultPasswords: {get_param: DefaultPasswords}
83       RoleName: {get_param: RoleName}
84       RoleParameters: {get_param: RoleParameters}
85
86 outputs:
87   role_data:
88     description: Role data for the Glance API role.
89     value:
90       service_name: {get_attr: [GlanceApiPuppetBase, role_data, service_name]}
91       config_settings:
92         map_merge:
93           - get_attr: [GlanceApiPuppetBase, role_data, config_settings]
94           - glance::api::sync_db: false
95       logging_source: {get_attr: [GlanceApiPuppetBase, role_data, logging_source]}
96       logging_groups: {get_attr: [GlanceApiPuppetBase, role_data, logging_groups]}
97       step_config: &step_config
98         list_join:
99           - "\n"
100           - - {get_attr: [GlanceApiPuppetBase, role_data, step_config]}
101             - {get_attr: [MySQLClient, role_data, step_config]}
102       service_config_settings: {get_attr: [GlanceApiPuppetBase, role_data, service_config_settings]}
103       # BEGIN DOCKER SETTINGS #
104       puppet_config:
105         config_volume: glance_api
106         puppet_tags: glance_api_config,glance_api_paste_ini,glance_swift_config,glance_cache_config
107         step_config: *step_config
108         config_image: {get_param: DockerGlanceApiConfigImage}
109       kolla_config:
110         /var/lib/kolla/config_files/glance_api.json:
111           command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf
112           config_files:
113             - source: "/var/lib/kolla/config_files/src/*"
114               dest: "/"
115               merge: true
116               preserve_properties: true
117             - source: "/var/lib/kolla/config_files/src-ceph/"
118               dest: "/etc/ceph/"
119               merge: true
120               preserve_properties: true
121           permissions:
122             - path: /var/lib/glance
123               owner: glance:glance
124               recurse: true
125         /var/lib/kolla/config_files/glance_api_tls_proxy.json:
126           command: /usr/sbin/httpd -DFOREGROUND
127           config_files:
128             - source: "/var/lib/kolla/config_files/src/*"
129               dest: "/"
130               merge: true
131               preserve_properties: true
132       docker_config:
133         # Kolla_bootstrap/db_sync runs before permissions set by kolla_config
134         step_2:
135           glance_init_logs:
136             image: &glance_api_image {get_param: DockerGlanceApiImage}
137             privileged: false
138             user: root
139             volumes:
140               - /var/log/containers/glance:/var/log/glance
141               - /var/log/containers/httpd/glance-api:/var/log/httpd
142             command: ['/bin/bash', '-c', 'chown -R glance:glance /var/log/glance']
143         step_3:
144           glance_api_db_sync:
145             image: *glance_api_image
146             net: host
147             privileged: false
148             detach: false
149             user: root
150             volumes: &glance_volumes
151               list_concat:
152                 - {get_attr: [ContainersCommon, volumes]}
153                 -
154                   - /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json
155                   - /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro
156                   - /var/log/containers/glance:/var/log/glance
157                   - /var/log/containers/httpd/glance-api:/var/log/httpd
158                   - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
159                   -
160                     if:
161                       - nfs_backend_enabled
162                       - /var/lib/glance:/var/lib/glance
163                       - ''
164             environment:
165               - KOLLA_BOOTSTRAP=True
166               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
167             command: "/usr/bin/bootstrap_host_exec glance_api su glance -s /bin/bash -c '/usr/local/bin/kolla_start'"
168         step_4:
169           map_merge:
170             - glance_api:
171                 start_order: 2
172                 image: *glance_api_image
173                 net: host
174                 privileged: false
175                 restart: always
176                 volumes: *glance_volumes
177                 environment:
178                   - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
179             - if:
180                 - internal_tls_enabled
181                 - glance_api_tls_proxy:
182                     start_order: 2
183                     image: *glance_api_image
184                     net: host
185                     user: root
186                     restart: always
187                     volumes:
188                       list_concat:
189                         - {get_attr: [ContainersCommon, volumes]}
190                         -
191                           - /var/lib/kolla/config_files/glance_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
192                           - /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro
193                           - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
194                           - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
195                     environment:
196                       - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
197                 - {}
198       host_prep_tasks:
199         - name: Mount NFS on host
200           vars:
201             nfs_backend_enable: {get_param: GlanceNfsEnabled}
202           mount: name=/var/lib/glance src="{{item.NFS_SHARE}}" fstype=nfs4 opts="{{item.NFS_OPTIONS}}" state=mounted
203           with_items:
204             - NFS_SHARE: {get_param: GlanceNfsShare}
205               NFS_OPTIONS: {get_param: GlanceNfsOptions}
206           when:
207             - nfs_backend_enable
208         - name: create persistent logs directory
209           file:
210             path: "{{ item }}"
211             state: directory
212           with_items:
213             - /var/log/containers/glance
214             - /var/log/containers/httpd/glance-api
215         - name: ensure ceph configurations exist
216           file:
217             path: /etc/ceph
218             state: directory
219       upgrade_tasks:
220         - name: Stop and disable glance_api service
221           tags: step2
222           service: name=openstack-glance-api state=stopped enabled=no
223         - name: Remove openstack-glance package if operator requests it
224           yum: name=openstack-glance state=removed
225           tags: step2
226           ignore_errors: True
227           when: {get_param: UpgradeRemoveUnusedPackages}
228       metadata_settings:
229         get_attr: [GlanceApiPuppetBase, role_data, metadata_settings]