Merge "Adds network/cidr mapping into a new service property"

[apex-tripleo-heat-templates.git] / docker / services / neutron-api.yaml

heat_template_version: pike

description: >
  OpenStack containerized Neutron API service

parameters:
  DockerNamespace:
    description: namespace
    default: 'tripleoupstream'
    type: string
  DockerNeutronApiImage:
    description: image
    default: 'centos-binary-neutron-server:latest'
    type: string
  DockerNeutronConfigImage:
    description: The container image to use for the neutron config_volume
    default: 'centos-binary-neutron-server:latest'
    type: string
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  ServiceData:
    default: {}
    description: Dictionary packing service data
    type: json
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json
  EnableInternalTLS:
    type: boolean
    default: false

conditions:

  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}

resources:

  ContainersCommon:
    type: ./containers-common.yaml

  NeutronBase:
    type: ../../puppet/services/neutron-api.yaml
    properties:
      EndpointMap: {get_param: EndpointMap}
      ServiceData: {get_param: ServiceData}
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      RoleName: {get_param: RoleName}
      RoleParameters: {get_param: RoleParameters}

outputs:
  role_data:
    description: Role data for the Neutron API role.
    value:
      service_name: {get_attr: [NeutronBase, role_data, service_name]}
      config_settings:
        map_merge:
          - get_attr: [NeutronBase, role_data, config_settings]
      step_config: &step_config
        get_attr: [NeutronBase, role_data, step_config]
      service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]}
      # BEGIN DOCKER SETTINGS
      puppet_config:
        config_volume: neutron
        puppet_tags: neutron_config,neutron_api_config
        step_config: *step_config
        config_image:
          list_join:
            - '/'
            - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
      kolla_config:
        /var/lib/kolla/config_files/neutron_api.json:
          command: /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-server
          config_files:
            - source: "/var/lib/kolla/config_files/src/*"
              dest: "/"
              merge: true
              preserve_properties: true
          permissions:
            - path: /var/log/neutron
              owner: neutron:neutron
              recurse: true
        /var/lib/kolla/config_files/neutron_server_tls_proxy.json:
          command: /usr/sbin/httpd -DFOREGROUND
          config_files:
            - source: "/var/lib/kolla/config_files/src/*"
              dest: "/"
              merge: true
              preserve_properties: true
      docker_config:
        # db sync runs before permissions set by kolla_config
        step_2:
          neutron_init_logs:
            image: &neutron_api_image
              list_join:
                - '/'
                - [ {get_param: DockerNamespace}, {get_param: DockerNeutronApiImage} ]
            privileged: false
            user: root
            volumes:
              - /var/log/containers/neutron:/var/log/neutron
            command: ['/bin/bash', '-c', 'chown -R neutron:neutron /var/log/neutron']
        step_3:
          neutron_db_sync:
            image: *neutron_api_image
            net: host
            privileged: false
            detach: false
            user: root
            volumes:
              list_concat:
                - {get_attr: [ContainersCommon, volumes]}
                -
                  - /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro
                  - /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro
                  - /var/log/containers/neutron:/var/log/neutron
            command: ['/usr/bin/bootstrap_host_exec', 'neutron_api', 'neutron-db-manage', 'upgrade', 'heads']
            # FIXME: we should make config file permissions right
            # and run as neutron user
            #command: "/usr/bin/bootstrap_host_exec neutron_api su neutron -s /bin/bash -c 'neutron-db-manage upgrade heads'"
        step_4:
          map_merge:
            - neutron_api:
                image: *neutron_api_image
                net: host
                privileged: false
                restart: always
                volumes:
                  list_concat:
                    - {get_attr: [ContainersCommon, volumes]}
                    -
                      - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
                      - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
                      - /var/log/containers/neutron:/var/log/neutron
                environment:
                  - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
            - if:
                - internal_tls_enabled
                - neutron_server_tls_proxy:
                    image: *neutron_api_image
                    net: host
                    user: root
                    restart: always
                    volumes:
                      list_concat:
                        - {get_attr: [ContainersCommon, volumes]}
                        -
                          - /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
                          - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
                          - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
                          - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
                    environment:
                      - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
                - {}
      host_prep_tasks:
        - name: create persistent logs directory
          file:
            path: /var/log/containers/neutron
            state: directory
      upgrade_tasks:
        - name: Stop and disable neutron_api service
          tags: step2
          service: name=neutron-server state=stopped enabled=no
      metadata_settings:
        get_attr: [NeutronBase, role_data, metadata_settings]