1 heat_template_version: pike
4 OpenStack containerized HAproxy service
10 DockerHAProxyConfigImage:
11 description: The container image to use for the haproxy config_volume
15 description: Dictionary packing service data
19 description: Mapping of service_name -> network name. Typically set
20 via parameter_defaults in the resource registry. This
21 mapping overrides those in ServiceNetMapDefaults.
28 description: Mapping of service endpoint -> protocol. Typically set
29 via parameter_defaults in the resource registry.
32 description: Password for HAProxy stats endpoint
36 description: User for HAProxy stats endpoint
41 description: Syslog address where HAproxy will send its log
43 DeployedSSLCertificatePath:
44 default: '/etc/pki/tls/private/overcloud_endpoint.pem'
46 The filepath of the certificate as it will be stored in the controller.
49 description: The password for Redis
52 MonitoringSubscriptionHaproxy:
53 default: 'overcloud-haproxy'
57 description: Role name on which the service is applied
61 description: Parameters specific to the role
67 type: ./containers-common.yaml
70 type: ../../puppet/services/haproxy.yaml
72 EndpointMap: {get_param: EndpointMap}
73 ServiceData: {get_param: ServiceData}
74 ServiceNetMap: {get_param: ServiceNetMap}
75 DefaultPasswords: {get_param: DefaultPasswords}
76 RoleName: {get_param: RoleName}
77 RoleParameters: {get_param: RoleParameters}
81 description: Role data for the HAproxy role.
83 service_name: {get_attr: [HAProxyBase, role_data, service_name]}
86 - get_attr: [HAProxyBase, role_data, config_settings]
87 - tripleo::haproxy::haproxy_daemon: false
88 tripleo::haproxy::haproxy_service_manage: false
89 step_config: &step_config
90 get_attr: [HAProxyBase, role_data, step_config]
91 service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
92 # BEGIN DOCKER SETTINGS
94 config_volume: haproxy
95 puppet_tags: haproxy_config
97 "class {'::tripleo::profile::base::haproxy': manage_firewall => false}"
98 config_image: {get_param: DockerHAProxyConfigImage}
99 volumes: &deployed_cert_mount
102 - - {get_param: DeployedSSLCertificatePath}
103 - {get_param: DeployedSSLCertificatePath}
106 /var/lib/kolla/config_files/haproxy.json:
107 command: haproxy -f /etc/haproxy/haproxy.cfg
109 - source: "/var/lib/kolla/config_files/src/*"
112 preserve_properties: true
117 image: {get_param: DockerHAProxyImage}
128 - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 1}' > /etc/puppet/hieradata/docker.json"
129 - "FACTER_uuid=docker puppet apply --tags TAGS -v -e 'CONFIG'"
131 TAGS: 'tripleo::firewall::rule'
135 - {get_attr: [ContainersCommon, volumes]}
136 - *deployed_cert_mount
138 - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro
139 - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro
140 # puppet saves iptables rules in /etc/sysconfig
141 - /etc/sysconfig:/etc/sysconfig:rw
142 # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount
143 # the necessary bit and prevent systemd to try to reload the service in the container
144 - /usr/libexec/iptables:/usr/libexec/iptables:ro
145 - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro
146 - /etc/puppet:/tmp/puppet-etc:ro
147 - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
149 - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
151 image: {get_param: DockerHAProxyImage}
156 - {get_attr: [ContainersCommon, volumes]}
157 - *deployed_cert_mount
159 - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro
160 - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro
162 - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
164 get_attr: [HAProxyBase, role_data, metadata_settings]