X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=docker%2Fservices%2Fdatabase%2Fredis.yaml;h=627a40e8c3aa1c009c9ba9cd787124deec27fbbe;hb=73616922e481b66fc2bfff145d7c1130ce1a6552;hp=494fe61bafdf088287cc424345a312b1a065eca8;hpb=7d07abf68281dad3edf5e23b66f0ed62f2f353d9;p=apex-tripleo-heat-templates.git diff --git a/docker/services/database/redis.yaml b/docker/services/database/redis.yaml index 494fe61b..627a40e8 100644 --- a/docker/services/database/redis.yaml +++ b/docker/services/database/redis.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Redis services parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerRedisImage: description: image - default: 'centos-binary-redis:latest' type: string DockerRedisConfigImage: description: The container image to use for the redis config_volume - default: 'centos-binary-redis:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -38,13 +36,24 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: + ContainersCommon: + type: ../containers-common.yaml + RedisBase: type: ../../../puppet/services/database/redis.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} @@ -57,6 +66,10 @@ outputs: map_merge: - {get_attr: [RedisBase, role_data, config_settings]} - redis::daemonize: false + tripleo::stunnel::manage_service: false + tripleo::stunnel::foreground: 'yes' + logging_source: {get_attr: [RedisBase, role_data, logging_source]} + logging_groups: {get_attr: [RedisBase, role_data, logging_groups]} step_config: &step_config get_attr: [RedisBase, role_data, step_config] service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]} @@ -68,10 +81,7 @@ outputs: # https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763 puppet_tags: 'exec' step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerRedisConfigImage} ] + config_image: {get_param: DockerRedisConfigImage} kolla_config: /var/lib/kolla/config_files/redis.json: command: /usr/bin/redis-server /etc/redis.conf @@ -84,34 +94,60 @@ outputs: - path: /var/run/redis owner: redis:redis recurse: true + /var/lib/kolla/config_files/redis_tls_proxy.json: + command: stunnel /etc/stunnel/stunnel.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_1: - redis_init_logs: - start_order: 0 - detach: false - image: &redis_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerRedisImage} ] - privileged: false - user: root - volumes: - - /var/log/containers/redis:/var/log/redis - command: ['/bin/bash', '-c', 'chown -R redis:redis /var/log/redis'] - redis: - start_order: 1 - image: *redis_image - net: host - privileged: false - restart: always - volumes: - - /run:/run - - /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro - - /etc/localtime:/etc/localtime:ro - - /var/log/containers/redis:/var/log/redis - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + map_merge: + - redis_init_logs: + start_order: 0 + detach: false + image: &redis_image {get_param: DockerRedisImage} + privileged: false + user: root + volumes: + - /var/log/containers/redis:/var/log/redis + command: ['/bin/bash', '-c', 'chown -R redis:redis /var/log/redis'] + - redis: + start_order: 1 + image: *redis_image + net: host + privileged: false + restart: always + volumes: + - /run:/run + - /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro + - /etc/localtime:/etc/localtime:ro + - /var/log/containers/redis:/var/log/redis + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - if: + - internal_tls_enabled + - redis_tls_proxy: + start_order: 2 + image: *redis_image + net: host + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/redis_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro + - /etc/pki/tls/certs/redis.crt:/etc/pki/tls/certs/redis.crt:ro + - /etc/pki/tls/private/redis.key:/etc/pki/tls/private/redis.key:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - {} + metadata_settings: + get_attr: [RedisBase, role_data, metadata_settings] host_prep_tasks: - name: create persistent directories file: