docker/services/horizon.yaml

   1 heat_template_version: pike
   2
   3 description: >
   4   OpenStack containerized Horizon service
   5
   6 parameters:
   7   DockerHorizonImage:
   8     description: image
   9     type: string
  10   DockerHorizonConfigImage:
  11     description: The container image to use for the horizon config_volume
  12     type: string
  13   EndpointMap:
  14     default: {}
  15     description: Mapping of service endpoint -> protocol. Typically set
  16                  via parameter_defaults in the resource registry.
  17     type: json
  18   ServiceData:
  19     default: {}
  20     description: Dictionary packing service data
  21     type: json
  22   ServiceNetMap:
  23     default: {}
  24     description: Mapping of service_name -> network name. Typically set
  25                  via parameter_defaults in the resource registry.  This
  26                  mapping overrides those in ServiceNetMapDefaults.
  27     type: json
  28   DefaultPasswords:
  29     default: {}
  30     type: json
  31   RoleName:
  32     default: ''
  33     description: Role name on which the service is applied
  34     type: string
  35   RoleParameters:
  36     default: {}
  37     description: Parameters specific to the role
  38     type: json
  39   EnableInternalTLS:
  40     type: boolean
  41     default: false
  42
  43 conditions:
  44
  45   internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
  46
  47 resources:
  48
  49   ContainersCommon:
  50     type: ./containers-common.yaml
  51
  52   HorizonBase:
  53     type: ../../puppet/services/horizon.yaml
  54     properties:
  55       EndpointMap: {get_param: EndpointMap}
  56       ServiceData: {get_param: ServiceData}
  57       ServiceNetMap: {get_param: ServiceNetMap}
  58       DefaultPasswords: {get_param: DefaultPasswords}
  59       RoleName: {get_param: RoleName}
  60       RoleParameters: {get_param: RoleParameters}
  61
  62 outputs:
  63   role_data:
  64     description: Role data for the Horizon API role.
  65     value:
  66       service_name: {get_attr: [HorizonBase, role_data, service_name]}
  67       config_settings:
  68         map_merge:
  69           - get_attr: [HorizonBase, role_data, config_settings]
  70           - horizon::vhost_extra_params:
  71               add_listen: true
  72               priority: 10
  73               access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
  74               options: ['FollowSymLinks','MultiViews']
  75           - horizon::secure_cookies: false
  76       logging_source: {get_attr: [HorizonBase, role_data, logging_source]}
  77       logging_groups: {get_attr: [HorizonBase, role_data, logging_groups]}
  78       step_config: {get_attr: [HorizonBase, role_data, step_config]}
  79       service_config_settings: {get_attr: [HorizonBase, role_data, service_config_settings]}
  80       # BEGIN DOCKER SETTINGS
  81       puppet_config:
  82         config_volume: horizon
  83         puppet_tags: horizon_config
  84         step_config: {get_attr: [HorizonBase, role_data, step_config]}
  85         config_image: {get_param: DockerHorizonConfigImage}
  86       kolla_config:
  87         /var/lib/kolla/config_files/horizon.json:
  88           command: /usr/sbin/httpd -DFOREGROUND
  89           config_files:
  90             - source: "/var/lib/kolla/config_files/src/*"
  91               dest: "/"
  92               merge: true
  93               preserve_properties: true
  94           permissions:
  95             - path: /var/log/horizon/
  96               owner: apache:apache
  97               recurse: true
  98             # NOTE The upstream Kolla Dockerfile sets /etc/openstack-dashboard/ ownership to
  99             # horizon:horizon - the policy.json files need read permissions for the apache user
 100             # FIXME We should consider whether this should be fixed in the Kolla Dockerfile instead
 101             - path: /etc/openstack-dashboard/
 102               owner: apache:apache
 103               recurse: true
 104             # FIXME Apache tries to write a .lock file there
 105             - path: /usr/share/openstack-dashboard/openstack_dashboard/local/
 106               owner: apache:apache
 107               recurse: false
 108             # FIXME Our theme settings are there
 109             - path: /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.d/
 110               owner: apache:apache
 111               recurse: false
 112       docker_config:
 113         step_2:
 114           horizon_fix_perms:
 115             image: &horizon_image {get_param: DockerHorizonImage}
 116             user: root
 117             # NOTE Set ownership for /var/log/horizon/horizon.log file here,
 118             # otherwise it's created by root when generating django cache.
 119             # FIXME Apache needs to read files in /etc/openstack-dashboard
 120             # Need to set permissions to match the BM case,
 121             # http://paste.openstack.org/show/609819/
 122             command: ['/bin/bash', '-c', 'touch /var/log/horizon/horizon.log && chown -R apache:apache /var/log/horizon && chmod -R a+rx /etc/openstack-dashboard']
 123             volumes:
 124               - /var/log/containers/horizon:/var/log/horizon
 125               - /var/log/containers/httpd/horizon:/var/log/httpd
 126               - /var/lib/config-data/puppet-generated/horizon/etc/openstack-dashboard:/etc/openstack-dashboard
 127         step_3:
 128           horizon:
 129             image: *horizon_image
 130             net: host
 131             privileged: false
 132             restart: always
 133             volumes:
 134               list_concat:
 135                 - {get_attr: [ContainersCommon, volumes]}
 136                 -
 137                   - /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro
 138                   - /var/lib/config-data/puppet-generated/horizon/:/var/lib/kolla/config_files/src:ro
 139                   - /var/log/containers/horizon:/var/log/horizon
 140                   - /var/log/containers/httpd/horizon:/var/log/httpd
 141                   -
 142                     if:
 143                       - internal_tls_enabled
 144                       - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
 145                       - ''
 146                   -
 147                     if:
 148                       - internal_tls_enabled
 149                       - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
 150                       - ''
 151             environment:
 152               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
 153       host_prep_tasks:
 154         - name: create persistent logs directory
 155           file:
 156             path: "{{ item }}"
 157             state: directory
 158           with_items:
 159             - /var/log/containers/horizon
 160             - /var/log/containers/httpd/horizon
 161       upgrade_tasks:
 162         - name: Stop and disable horizon service (running under httpd)
 163           tags: step2
 164           service: name=httpd state=stopped enabled=no
 165       metadata_settings:
 166         get_attr: [HorizonBase, role_data, metadata_settings]