docker/services/swift-proxy.yaml

   1 heat_template_version: pike
   2
   3 description: >
   4   OpenStack containerized swift proxy service
   5
   6 parameters:
   7   DockerNamespace:
   8     description: namespace
   9     default: 'tripleoupstream'
  10     type: string
  11   DockerSwiftProxyImage:
  12     description: image
  13     default: 'centos-binary-swift-proxy-server:latest'
  14     type: string
  15   EndpointMap:
  16     default: {}
  17     description: Mapping of service endpoint -> protocol. Typically set
  18                  via parameter_defaults in the resource registry.
  19     type: json
  20   ServiceNetMap:
  21     default: {}
  22     description: Mapping of service_name -> network name. Typically set
  23                  via parameter_defaults in the resource registry.  This
  24                  mapping overrides those in ServiceNetMapDefaults.
  25     type: json
  26   DefaultPasswords:
  27     default: {}
  28     type: json
  29   RoleName:
  30     default: ''
  31     description: Role name on which the service is applied
  32     type: string
  33   RoleParameters:
  34     default: {}
  35     description: Parameters specific to the role
  36   EnableInternalTLS:
  37     type: boolean
  38     default: false
  39
  40 conditions:
  41
  42   internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
  43
  44 resources:
  45
  46   ContainersCommon:
  47     type: ./containers-common.yaml
  48
  49   SwiftProxyBase:
  50     type: ../../puppet/services/swift-proxy.yaml
  51     properties:
  52       EndpointMap: {get_param: EndpointMap}
  53       ServiceNetMap: {get_param: ServiceNetMap}
  54       DefaultPasswords: {get_param: DefaultPasswords}
  55       RoleName: {get_param: RoleName}
  56       RoleParameters: {get_param: RoleParameters}
  57
  58 outputs:
  59   role_data:
  60     description: Role data for the swift proxy.
  61     value:
  62       service_name: {get_attr: [SwiftProxyBase, role_data, service_name]}
  63       config_settings: {get_attr: [SwiftProxyBase, role_data, config_settings]}
  64       step_config: &step_config
  65         get_attr: [SwiftProxyBase, role_data, step_config]
  66       service_config_settings: {get_attr: [SwiftProxyBase, role_data, service_config_settings]}
  67       # BEGIN DOCKER SETTINGS
  68       puppet_config:
  69         config_volume: swift
  70         puppet_tags: swift_proxy_config
  71         step_config: *step_config
  72         config_image: &swift_proxy_image
  73           list_join:
  74             - '/'
  75             - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ]
  76       kolla_config:
  77         /var/lib/kolla/config_files/swift_proxy.json:
  78           command: /usr/bin/swift-proxy-server /etc/swift/proxy-server.conf
  79           permissions:
  80             - path: /var/log/swift
  81               owner: swift:swift
  82               recurse: true
  83         /var/lib/kolla/config_files/swift_proxy_tls_proxy.json:
  84           command: /usr/sbin/httpd -DFOREGROUND
  85       docker_config:
  86         step_4:
  87           map_merge:
  88             - swift_proxy:
  89                 image: *swift_proxy_image
  90                 net: host
  91                 user: swift
  92                 restart: always
  93                 volumes:
  94                   list_concat:
  95                     - {get_attr: [ContainersCommon, volumes]}
  96                     -
  97                       - /var/lib/kolla/config_files/swift_proxy.json:/var/lib/kolla/config_files/config.json:ro
  98                       # FIXME I'm mounting /etc/swift as rw.  Are the rings written to
  99                       # at all during runtime?
 100                       - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
 101                       - /run:/run
 102                       - /srv/node:/srv/node
 103                       - /dev:/dev
 104                       - /var/log/containers/swift:/var/log/swift
 105                 environment:
 106                   - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
 107             - if:
 108                 - internal_tls_enabled
 109                 - swift_proxy_tls_proxy:
 110                     image: *swift_proxy_image
 111                     net: host
 112                     user: root
 113                     restart: always
 114                     volumes:
 115                       list_concat:
 116                         - {get_attr: [ContainersCommon, volumes]}
 117                         -
 118                           - /var/lib/kolla/config_files/swift_proxy_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
 119                           - /var/lib/config-data/swift/etc/httpd/:/etc/httpd/:ro
 120                           - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
 121                           - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
 122                     environment:
 123                       - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
 124                 - {}
 125       host_prep_tasks:
 126         - name: create persistent directories
 127           file:
 128             path: "{{ item }}"
 129             state: directory
 130           with_items:
 131             - /var/log/containers/swift
 132             - /srv/node
 133       upgrade_tasks:
 134         - name: Stop and disable swift_proxy service
 135           tags: step2
 136           service: name=openstack-swift-proxy state=stopped enabled=no