-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack containerized Heat API CFN service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerHeatApiCfnImage:
description: image
- default: 'centos-binary-heat-api-cfn:latest'
type: string
- # we configure all heat services in the same heat engine container
- DockerHeatConfigImage:
- description: image
- default: 'centos-binary-heat-engine:latest'
+ # puppet needs the heat-wsgi-api-cfn binary from centos-binary-heat-api-cfn
+ DockerHeatApiCfnConfigImage:
+ description: The container image to use for the heat_api_cfn config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
DefaultPasswords:
default: {}
type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
type: ../../puppet/services/heat-api-cfn.yaml
properties:
EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- apache::default_vhost: false
+ logging_source: {get_attr: [HeatBase, role_data, logging_source]}
+ logging_groups: {get_attr: [HeatBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [HeatBase, role_data, step_config]
service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
- config_volume: heat
+ config_volume: heat_api_cfn
puppet_tags: heat_config,file,concat,file_line
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ]
+ config_image: {get_param: DockerHeatApiCfnConfigImage}
kolla_config:
/var/lib/kolla/config_files/heat_api_cfn.json:
- command: /usr/bin/heat-api-cfn --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf
+ command: /usr/sbin/httpd -DFOREGROUND
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ permissions:
+ - path: /var/log/heat
+ owner: heat:heat
+ recurse: true
docker_config:
step_4:
heat_api_cfn:
- image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiCfnImage} ]
+ image: {get_param: DockerHeatApiCfnImage}
net: host
privileged: false
restart: always
+ # NOTE(mandre) kolla image changes the user to 'heat', we need it
+ # to be root to run httpd
+ user: root
volumes:
- yaql:
- expression: $.data.common.concat($.data.service)
- data:
- common: {get_attr: [ContainersCommon, volumes]}
- service:
- - /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
- - /dev:/dev
- - /run:/run
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/heat_api_cfn/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/heat:/var/log/heat
+ - /var/log/containers/httpd/heat-api-cfn:/var/log/httpd
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: "{{ item }}"
+ state: directory
+ with_items:
+ - /var/log/containers/heat
+ - /var/log/containers/httpd/heat-api-cfn
upgrade_tasks:
- - name: Stop and disable heat_api_cfn service
+ - name: Check if heat_api_cfn is deployed
+ command: systemctl is-enabled openstack-heat-api-cfn
+ tags: common
+ ignore_errors: True
+ register: heat_api_cfn_enabled
+ - name: check for heat_api_cfn running under apache (post upgrade)
+ tags: step2
+ shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_cfn_wsgi"
+ register: heat_api_cfn_apache
+ ignore_errors: true
+ changed_when: false
+ check_mode: no
+ - name: Stop heat_api_cfn service (running under httpd)
+ tags: step2
+ service: name=httpd state=stopped
+ when: heat_api_cfn_apache.rc == 0
+ - name: Stop and disable heat_api_cfn service (pre-upgrade not under httpd)
tags: step2
service: name=openstack-heat-api-cfn state=stopped enabled=no
+ when: heat_api_cfn_enabled.rc == 0
+ metadata_settings:
+ get_attr: [HeatBase, role_data, metadata_settings]
Code Review / apex-tripleo-heat-templates.git / blobdiff