docker/services/heat-api.yaml

   1 heat_template_version: pike
   2
   3 description: >
   4   OpenStack containerized Heat API service
   5
   6 parameters:
   7   DockerHeatApiImage:
   8     description: image
   9     type: string
  10   # puppet needs the heat-wsgi-api binary from centos-binary-heat-api
  11   DockerHeatApiConfigImage:
  12     description: The container image to use for the heat_api config_volume
  13     type: string
  14   EndpointMap:
  15     default: {}
  16     description: Mapping of service endpoint -> protocol. Typically set
  17                  via parameter_defaults in the resource registry.
  18     type: json
  19   ServiceData:
  20     default: {}
  21     description: Dictionary packing service data
  22     type: json
  23   ServiceNetMap:
  24     default: {}
  25     description: Mapping of service_name -> network name. Typically set
  26                  via parameter_defaults in the resource registry.  This
  27                  mapping overrides those in ServiceNetMapDefaults.
  28     type: json
  29   DefaultPasswords:
  30     default: {}
  31     type: json
  32   RoleName:
  33     default: ''
  34     description: Role name on which the service is applied
  35     type: string
  36   RoleParameters:
  37     default: {}
  38     description: Parameters specific to the role
  39     type: json
  40   EnableInternalTLS:
  41     type: boolean
  42     default: false
  43
  44 conditions:
  45
  46   internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
  47
  48 resources:
  49
  50   ContainersCommon:
  51     type: ./containers-common.yaml
  52
  53   HeatBase:
  54     type: ../../puppet/services/heat-api.yaml
  55     properties:
  56       EndpointMap: {get_param: EndpointMap}
  57       ServiceData: {get_param: ServiceData}
  58       ServiceNetMap: {get_param: ServiceNetMap}
  59       DefaultPasswords: {get_param: DefaultPasswords}
  60       RoleName: {get_param: RoleName}
  61       RoleParameters: {get_param: RoleParameters}
  62
  63 outputs:
  64   role_data:
  65     description: Role data for the Heat API role.
  66     value:
  67       service_name: {get_attr: [HeatBase, role_data, service_name]}
  68       config_settings:
  69         map_merge:
  70           - get_attr: [HeatBase, role_data, config_settings]
  71           - apache::default_vhost: false
  72       step_config: &step_config
  73         get_attr: [HeatBase, role_data, step_config]
  74       logging_source: {get_attr: [HeatBase, role_data, logging_source]}
  75       logging_groups: {get_attr: [HeatBase, role_data, logging_groups]}
  76       service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]}
  77       # BEGIN DOCKER SETTINGS
  78       puppet_config:
  79         config_volume: heat_api
  80         puppet_tags: heat_config,file,concat,file_line
  81         step_config: *step_config
  82         config_image: {get_param: DockerHeatApiConfigImage}
  83       kolla_config:
  84         /var/lib/kolla/config_files/heat_api.json:
  85           command: /usr/sbin/httpd -DFOREGROUND
  86           config_files:
  87             - source: "/var/lib/kolla/config_files/src/*"
  88               dest: "/"
  89               merge: true
  90               preserve_properties: true
  91           permissions:
  92             - path: /var/log/heat
  93               owner: heat:heat
  94               recurse: true
  95         /var/lib/kolla/config_files/heat_api_cron.json:
  96           command: /usr/sbin/crond -n
  97           config_files:
  98             - source: "/var/lib/kolla/config_files/src/*"
  99               dest: "/"
 100               merge: true
 101               preserve_properties: true
 102           permissions:
 103             - path: /var/log/heat
 104               owner: heat:heat
 105               recurse: true
 106       docker_config:
 107         step_4:
 108           heat_api:
 109             image: {get_param: DockerHeatApiImage}
 110             net: host
 111             privileged: false
 112             restart: always
 113             # NOTE(mandre) kolla image changes the user to 'heat', we need it
 114             # to be root to run httpd
 115             user: root
 116             volumes:
 117               list_concat:
 118                 - {get_attr: [ContainersCommon, volumes]}
 119                 -
 120                   - /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro
 121                   - /var/lib/config-data/puppet-generated/heat_api/:/var/lib/kolla/config_files/src:ro
 122                   - /var/log/containers/heat:/var/log/heat
 123                   - /var/log/containers/httpd/heat-api:/var/log/httpd
 124                   -
 125                     if:
 126                       - internal_tls_enabled
 127                       - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
 128                       - ''
 129                   -
 130                     if:
 131                       - internal_tls_enabled
 132                       - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
 133                       - ''
 134             environment:
 135               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
 136           heat_api_cron:
 137             image: {get_param: DockerHeatApiImage}
 138             net: host
 139             user: root
 140             privileged: false
 141             restart: always
 142             healthcheck:
 143               test: /bin/true
 144             volumes:
 145               list_concat:
 146                 - {get_attr: [ContainersCommon, volumes]}
 147                 -
 148                   - /var/lib/kolla/config_files/heat_api_cron.json:/var/lib/kolla/config_files/config.json:ro
 149                   - /var/lib/config-data/puppet-generated/heat_api/:/var/lib/kolla/config_files/src:ro
 150                   - /var/log/containers/heat:/var/log/heat
 151                   - /var/log/containers/httpd/heat-api:/var/log/httpd
 152             environment:
 153               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
 154       host_prep_tasks:
 155         - name: create persistent logs directory
 156           file:
 157             path: "{{ item }}"
 158             state: directory
 159           with_items:
 160             - /var/log/containers/heat
 161             - /var/log/containers/httpd/heat-api
 162       upgrade_tasks:
 163         - name: Check is heat_api is deployed
 164           command: systemctl is-enabled openstack-heat-api
 165           tags: common
 166           ignore_errors: True
 167           register: heat_api_enabled
 168         - name: remove old heat cron jobs
 169           file:
 170             path: /var/spool/cron/heat
 171             state: absent
 172         - name: check for heat_api running under apache (post upgrade)
 173           tags: step2
 174           shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_wsgi"
 175           register: heat_api_apache
 176           ignore_errors: true
 177           changed_when: false
 178           check_mode: no
 179         - name: Stop heat_api service (running under httpd)
 180           tags: step2
 181           service: name=httpd state=stopped
 182           when: heat_api_apache.rc == 0
 183         - name: Stop and disable heat_api service (pre-upgrade not under httpd)
 184           tags: step2
 185           service: name=openstack-heat-api state=stopped enabled=no
 186           when: heat_api_enabled.rc == 0
 187       metadata_settings:
 188         get_attr: [HeatBase, role_data, metadata_settings]