1 heat_template_version: pike
4 OpenStack containerized Rabbitmq service
10 DockerRabbitmqConfigImage:
11 description: The container image to use for the rabbitmq config_volume
15 description: Mapping of service endpoint -> protocol. Typically set
16 via parameter_defaults in the resource registry.
20 description: Dictionary packing service data
24 description: Mapping of service_name -> network name. Typically set
25 via parameter_defaults in the resource registry. This
26 mapping overrides those in ServiceNetMapDefaults.
33 description: Role name on which the service is applied
37 description: Parameters specific to the role
47 default: '/etc/ipa/ca.crt'
49 description: Specifies the default CA cert to use if TLS is used for
50 services in the internal network.
54 internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
59 type: ./containers-common.yaml
62 type: ../../puppet/services/rabbitmq.yaml
64 EndpointMap: {get_param: EndpointMap}
65 ServiceData: {get_param: ServiceData}
66 ServiceNetMap: {get_param: ServiceNetMap}
67 DefaultPasswords: {get_param: DefaultPasswords}
68 RoleName: {get_param: RoleName}
69 RoleParameters: {get_param: RoleParameters}
73 description: Role data for the Rabbitmq API role.
75 service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
76 # RabbitMQ plugins initialization occurs on every node
79 - {get_attr: [RabbitmqBase, role_data, config_settings]}
80 - rabbitmq::admin_enable: false
82 - internal_tls_enabled
83 - tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here
85 logging_source: {get_attr: [RabbitmqBase, role_data, logging_source]}
86 logging_groups: {get_attr: [RabbitmqBase, role_data, logging_groups]}
87 step_config: &step_config
90 - - "['Rabbitmq_policy', 'Rabbitmq_user'].each |String $val| { noop_resource($val) }"
91 - get_attr: [RabbitmqBase, role_data, step_config]
92 service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
93 # BEGIN DOCKER SETTINGS
95 config_volume: rabbitmq
96 step_config: *step_config
97 config_image: &rabbitmq_config_image {get_param: DockerRabbitmqConfigImage}
99 /var/lib/kolla/config_files/rabbitmq.json:
100 command: /usr/lib/rabbitmq/bin/rabbitmq-server
102 - source: "/var/lib/kolla/config_files/src/*"
105 preserve_properties: true
106 - source: "/var/lib/kolla/config_files/src-tls/*"
109 preserve_properties: true
112 - path: /var/lib/rabbitmq
113 owner: rabbitmq:rabbitmq
115 - path: /etc/pki/tls/certs/rabbitmq.crt
116 owner: rabbitmq:rabbitmq
118 - path: /etc/pki/tls/private/rabbitmq.key
119 owner: rabbitmq:rabbitmq
122 # Kolla_bootstrap runs before permissions set by kolla_config
127 image: &rabbitmq_image {get_param: DockerRabbitmqImage}
131 - /var/log/containers/rabbitmq:/var/log/rabbitmq
132 command: ['/bin/bash', '-c', 'chown -R rabbitmq:rabbitmq /var/log/rabbitmq']
136 image: *rabbitmq_image
141 - {get_attr: [ContainersCommon, volumes]}
143 - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
144 - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
145 - /var/lib/rabbitmq:/var/lib/rabbitmq
146 - /var/log/containers/rabbitmq:/var/log/rabbitmq
148 - internal_tls_enabled
152 - - {get_param: InternalTLSCAFile}
153 - {get_param: InternalTLSCAFile}
155 - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
156 - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
159 - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
160 - KOLLA_BOOTSTRAP=True
164 - - 'RABBITMQ_CLUSTER_COOKIE'
167 expression: $.data.passwords.where($ != '').first()
170 - {get_param: RabbitCookie}
171 - {get_param: [DefaultPasswords, rabbit_cookie]}
174 image: *rabbitmq_image
180 - {get_attr: [ContainersCommon, volumes]}
182 - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
183 - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
184 - /var/lib/rabbitmq:/var/lib/rabbitmq
185 - /var/log/containers/rabbitmq:/var/log/rabbitmq
187 - internal_tls_enabled
191 - - {get_param: InternalTLSCAFile}
192 - {get_param: InternalTLSCAFile}
194 - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
195 - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
198 - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
200 # RabbitMQ users and policies initialization occurs only on single node
202 config_volume: 'rabbit_init_tasks'
203 puppet_tags: 'rabbitmq_policy,rabbitmq_user'
204 step_config: 'include ::tripleo::profile::base::rabbitmq'
205 config_image: *rabbitmq_config_image
207 - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
208 - /var/lib/rabbitmq:/var/lib/rabbitmq:ro
210 get_attr: [RabbitmqBase, role_data, metadata_settings]
212 - name: create persistent directories
217 - /var/log/containers/rabbitmq
220 - name: Stop and disable rabbitmq service
222 service: name=rabbitmq-server state=stopped enabled=no