docker/services/haproxy.yaml

   1 heat_template_version: pike
   2
   3 description: >
   4   OpenStack containerized HAproxy service
   5
   6 parameters:
   7   DockerHAProxyImage:
   8     description: image
   9     type: string
  10   DockerHAProxyConfigImage:
  11     description: The container image to use for the haproxy config_volume
  12     type: string
  13   ServiceData:
  14     default: {}
  15     description: Dictionary packing service data
  16     type: json
  17   ServiceNetMap:
  18     default: {}
  19     description: Mapping of service_name -> network name. Typically set
  20                  via parameter_defaults in the resource registry.  This
  21                  mapping overrides those in ServiceNetMapDefaults.
  22     type: json
  23   DefaultPasswords:
  24     default: {}
  25     type: json
  26   EndpointMap:
  27     default: {}
  28     description: Mapping of service endpoint -> protocol. Typically set
  29                  via parameter_defaults in the resource registry.
  30     type: json
  31   HAProxyStatsPassword:
  32     description: Password for HAProxy stats endpoint
  33     hidden: true
  34     type: string
  35   HAProxyStatsUser:
  36     description: User for HAProxy stats endpoint
  37     default: admin
  38     type: string
  39   HAProxySyslogAddress:
  40     default: /dev/log
  41     description: Syslog address where HAproxy will send its log
  42     type: string
  43   DeployedSSLCertificatePath:
  44     default: '/etc/pki/tls/private/overcloud_endpoint.pem'
  45     description: >
  46         The filepath of the certificate as it will be stored in the controller.
  47     type: string
  48   RedisPassword:
  49     description: The password for the redis service account.
  50     type: string
  51     hidden: true
  52   MonitoringSubscriptionHaproxy:
  53     default: 'overcloud-haproxy'
  54     type: string
  55   RoleName:
  56     default: ''
  57     description: Role name on which the service is applied
  58     type: string
  59   RoleParameters:
  60     default: {}
  61     description: Parameters specific to the role
  62     type: json
  63
  64 resources:
  65
  66   ContainersCommon:
  67     type: ./containers-common.yaml
  68
  69   HAProxyBase:
  70     type: ../../puppet/services/haproxy.yaml
  71     properties:
  72       EndpointMap: {get_param: EndpointMap}
  73       ServiceData: {get_param: ServiceData}
  74       ServiceNetMap: {get_param: ServiceNetMap}
  75       DefaultPasswords: {get_param: DefaultPasswords}
  76       RoleName: {get_param: RoleName}
  77       RoleParameters: {get_param: RoleParameters}
  78
  79 outputs:
  80   role_data:
  81     description: Role data for the HAproxy role.
  82     value:
  83       service_name: {get_attr: [HAProxyBase, role_data, service_name]}
  84       config_settings:
  85         map_merge:
  86           - get_attr: [HAProxyBase, role_data, config_settings]
  87           - tripleo::haproxy::haproxy_daemon: false
  88             tripleo::haproxy::haproxy_service_manage: false
  89       step_config: &step_config
  90         get_attr: [HAProxyBase, role_data, step_config]
  91       service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
  92       # BEGIN DOCKER SETTINGS
  93       puppet_config:
  94         config_volume: haproxy
  95         puppet_tags: haproxy_config
  96         step_config:
  97           "class {'::tripleo::profile::base::haproxy': manage_firewall => false}"
  98         config_image: {get_param: DockerHAProxyConfigImage}
  99         volumes: &deployed_cert_mount
 100           - list_join:
 101             - ':'
 102             - - {get_param: DeployedSSLCertificatePath}
 103               - {get_param: DeployedSSLCertificatePath}
 104               - 'ro'
 105       kolla_config:
 106         /var/lib/kolla/config_files/haproxy.json:
 107           command: haproxy -f /etc/haproxy/haproxy.cfg
 108           config_files:
 109             - source: "/var/lib/kolla/config_files/src/*"
 110               dest: "/"
 111               merge: true
 112               preserve_properties: true
 113       docker_config:
 114         step_1:
 115           haproxy_firewall:
 116             detach: false
 117             image: {get_param: DockerHAProxyImage}
 118             net: host
 119             user: root
 120             privileged: true
 121             command:
 122               - '/bin/bash'
 123               - '-c'
 124               - str_replace:
 125                   template:
 126                     list_join:
 127                       - '; '
 128                       - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 1}' > /etc/puppet/hieradata/docker.json"
 129                         - "FACTER_uuid=docker puppet apply --tags TAGS -v -e 'CONFIG'"
 130                   params:
 131                     TAGS: 'tripleo::firewall::rule'
 132                     CONFIG: *step_config
 133             volumes:
 134               list_concat:
 135                 - {get_attr: [ContainersCommon, volumes]}
 136                 - *deployed_cert_mount
 137                 -
 138                   - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro
 139                   - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro
 140                   # puppet saves iptables rules in /etc/sysconfig
 141                   - /etc/sysconfig:/etc/sysconfig:rw
 142                   # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount
 143                   # the necessary bit and prevent systemd to try to reload the service in the container
 144                   - /usr/libexec/iptables:/usr/libexec/iptables:ro
 145                   - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro
 146                   - /etc/puppet:/tmp/puppet-etc:ro
 147                   - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
 148             environment:
 149               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
 150           haproxy:
 151             image: {get_param: DockerHAProxyImage}
 152             net: host
 153             restart: always
 154             volumes:
 155               list_concat:
 156                 - {get_attr: [ContainersCommon, volumes]}
 157                 - *deployed_cert_mount
 158                 -
 159                   - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro
 160                   - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro
 161             environment:
 162               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
 163       metadata_settings:
 164         get_attr: [HAProxyBase, role_data, metadata_settings]