docker/services/swift-proxy.yaml

   1 heat_template_version: pike
   2
   3 description: >
   4   OpenStack containerized swift proxy service
   5
   6 parameters:
   7   DockerNamespace:
   8     description: namespace
   9     default: 'tripleoupstream'
  10     type: string
  11   DockerSwiftProxyImage:
  12     description: image
  13     default: 'centos-binary-swift-proxy-server:latest'
  14     type: string
  15   EndpointMap:
  16     default: {}
  17     description: Mapping of service endpoint -> protocol. Typically set
  18                  via parameter_defaults in the resource registry.
  19     type: json
  20   ServiceNetMap:
  21     default: {}
  22     description: Mapping of service_name -> network name. Typically set
  23                  via parameter_defaults in the resource registry.  This
  24                  mapping overrides those in ServiceNetMapDefaults.
  25     type: json
  26   DefaultPasswords:
  27     default: {}
  28     type: json
  29   RoleName:
  30     default: ''
  31     description: Role name on which the service is applied
  32     type: string
  33   RoleParameters:
  34     default: {}
  35     description: Parameters specific to the role
  36     type: json
  37   EnableInternalTLS:
  38     type: boolean
  39     default: false
  40
  41 conditions:
  42
  43   internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
  44
  45 resources:
  46
  47   ContainersCommon:
  48     type: ./containers-common.yaml
  49
  50   SwiftProxyBase:
  51     type: ../../puppet/services/swift-proxy.yaml
  52     properties:
  53       EndpointMap: {get_param: EndpointMap}
  54       ServiceNetMap: {get_param: ServiceNetMap}
  55       DefaultPasswords: {get_param: DefaultPasswords}
  56       RoleName: {get_param: RoleName}
  57       RoleParameters: {get_param: RoleParameters}
  58
  59 outputs:
  60   role_data:
  61     description: Role data for the swift proxy.
  62     value:
  63       service_name: {get_attr: [SwiftProxyBase, role_data, service_name]}
  64       config_settings: {get_attr: [SwiftProxyBase, role_data, config_settings]}
  65       step_config: &step_config
  66         get_attr: [SwiftProxyBase, role_data, step_config]
  67       service_config_settings: {get_attr: [SwiftProxyBase, role_data, service_config_settings]}
  68       # BEGIN DOCKER SETTINGS
  69       puppet_config:
  70         config_volume: swift
  71         puppet_tags: swift_proxy_config
  72         step_config: *step_config
  73         config_image: &swift_proxy_image
  74           list_join:
  75             - '/'
  76             - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ]
  77       kolla_config:
  78         /var/lib/kolla/config_files/swift_proxy.json:
  79           command: /usr/bin/swift-proxy-server /etc/swift/proxy-server.conf
  80           permissions:
  81             - path: /var/log/swift
  82               owner: swift:swift
  83               recurse: true
  84         /var/lib/kolla/config_files/swift_proxy_tls_proxy.json:
  85           command: /usr/sbin/httpd -DFOREGROUND
  86       docker_config:
  87         step_4:
  88           map_merge:
  89             - swift_proxy:
  90                 image: *swift_proxy_image
  91                 net: host
  92                 user: swift
  93                 restart: always
  94                 volumes:
  95                   list_concat:
  96                     - {get_attr: [ContainersCommon, volumes]}
  97                     -
  98                       - /var/lib/kolla/config_files/swift_proxy.json:/var/lib/kolla/config_files/config.json:ro
  99                       # FIXME I'm mounting /etc/swift as rw.  Are the rings written to
 100                       # at all during runtime?
 101                       - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
 102                       - /run:/run
 103                       - /srv/node:/srv/node
 104                       - /dev:/dev
 105                       - /var/log/containers/swift:/var/log/swift
 106                 environment:
 107                   - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
 108             - if:
 109                 - internal_tls_enabled
 110                 - swift_proxy_tls_proxy:
 111                     image: *swift_proxy_image
 112                     net: host
 113                     user: root
 114                     restart: always
 115                     volumes:
 116                       list_concat:
 117                         - {get_attr: [ContainersCommon, volumes]}
 118                         -
 119                           - /var/lib/kolla/config_files/swift_proxy_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
 120                           - /var/lib/config-data/swift/etc/httpd/:/etc/httpd/:ro
 121                           - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
 122                           - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
 123                     environment:
 124                       - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
 125                 - {}
 126       host_prep_tasks:
 127         - name: create persistent directories
 128           file:
 129             path: "{{ item }}"
 130             state: directory
 131           with_items:
 132             - /var/log/containers/swift
 133             - /srv/node
 134       upgrade_tasks:
 135         - name: Stop and disable swift_proxy service
 136           tags: step2
 137           service: name=openstack-swift-proxy state=stopped enabled=no
 138       metadata_settings:
 139         get_attr: [SwiftProxyBase, role_data, metadata_settings]