Fix iptables rules override bug in clustercheck docker service

[apex-tripleo-heat-templates.git] / docker / services / pacemaker / clustercheck.yaml

heat_template_version: pike

description: >
  MySQL HA clustercheck service deployment using puppet
  This service is used by HAProxy in a HA scenario to report whether
  the local galera node is synced

parameters:
  DockerClustercheckImage:
    description: image
    type: string
  DockerClustercheckConfigImage:
    description: The container image to use for the clustercheck config_volume
    type: string
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  ServiceData:
    default: {}
    description: Dictionary packing service data
    type: json
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json

resources:

  ContainersCommon:
    type: ../containers-common.yaml

# We import from the corresponding docker service because otherwise we risk
# rewriting the tripleo.mysql.firewall_rules key with the baremetal firewall
# rules (see LP#1728918)
  MysqlPuppetBase:
    type: ../../../docker/services/pacemaker/database/mysql.yaml
    properties:
      EndpointMap: {get_param: EndpointMap}
      ServiceData: {get_param: ServiceData}
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      RoleName: {get_param: RoleName}
      RoleParameters: {get_param: RoleParameters}

outputs:
  role_data:
    description: Containerized service clustercheck using composable services.
    value:
      service_name: clustercheck
      config_settings: {get_attr: [MysqlPuppetBase, role_data, config_settings]}
      logging_source: {get_attr: [MysqlPuppetBase, role_data, logging_source]}
      logging_groups: {get_attr: [MysqlPuppetBase, role_data, logging_groups]}
      step_config: "include ::tripleo::profile::pacemaker::clustercheck"
      # BEGIN DOCKER SETTINGS #
      puppet_config:
        config_volume: clustercheck
        puppet_tags: file # set this even though file is the default
        step_config: "include ::tripleo::profile::pacemaker::clustercheck"
        config_image: {get_param: DockerClustercheckConfigImage}
      kolla_config:
        /var/lib/kolla/config_files/clustercheck.json:
          command: /usr/sbin/xinetd -dontfork
          config_files:
            - source: "/var/lib/kolla/config_files/src/*"
              dest: "/"
              merge: true
              preserve_properties: true
      docker_config:
        step_2:
          clustercheck:
            start_order: 1
            image: {get_param: DockerClustercheckImage}
            restart: always
            net: host
            volumes:
              list_concat:
                - {get_attr: [ContainersCommon, volumes]}
                -
                  - /var/lib/kolla/config_files/clustercheck.json:/var/lib/kolla/config_files/config.json
                  - /var/lib/config-data/puppet-generated/clustercheck/:/var/lib/kolla/config_files/src:ro
                  - /var/lib/mysql:/var/lib/mysql
            environment:
              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
      host_prep_tasks:
      upgrade_tasks:
      update_tasks:
        # Nothing: It's not managed by pacemaker, so let paunch do it.