diff options
Diffstat (limited to 'docker/services')
-rw-r--r-- | docker/services/ceph-ansible/ceph-base.yaml | 2 | ||||
-rw-r--r-- | docker/services/horizon.yaml | 17 | ||||
-rw-r--r-- | docker/services/logrotate-crond.yaml | 84 | ||||
-rw-r--r-- | docker/services/nova-libvirt.yaml | 2 |
4 files changed, 103 insertions, 2 deletions
diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml index 0399faf8..f09e98ce 100644 --- a/docker/services/ceph-ansible/ceph-base.yaml +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -94,7 +94,7 @@ parameters: default: vms type: string CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClientUserName: diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml index 3d3bc7c3..f2f2b8dc 100644 --- a/docker/services/horizon.yaml +++ b/docker/services/horizon.yaml @@ -36,6 +36,13 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -117,6 +124,16 @@ outputs: - /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/horizon/:/var/lib/kolla/config_files/src:ro - /var/log/containers/horizon:/var/log/horizon + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/logrotate-crond.yaml b/docker/services/logrotate-crond.yaml new file mode 100644 index 00000000..22ee5b56 --- /dev/null +++ b/docker/services/logrotate-crond.yaml @@ -0,0 +1,84 @@ +heat_template_version: pike + +description: > + Containerized logrotate with crond for containerized service logs rotation + +parameters: + DockerCrondImage: + description: image + type: string + DockerCrondConfigImage: + description: The container image to use for the crond config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + +outputs: + role_data: + description: Role data for the crond role. + value: + service_name: logrotate_crond + config_settings: {} + step_config: &step_config | + include ::tripleo::profile::base::logging::logrotate + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: crond + step_config: *step_config + config_image: {get_param: DockerCrondConfigImage} + kolla_config: + /var/lib/kolla/config_files/logrotate-crond.json: + command: /usr/sbin/crond -s -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + docker_config: + step_4: + logrotate_crond: + image: {get_param: DockerCrondImage} + net: none + pid: host + privileged: true + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/logrotate-crond.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/crond/:/var/lib/kolla/config_files/src:ro + - /var/log/containers:/var/log/containers + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 62c25bb2..47414083 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -61,7 +61,7 @@ parameters: description: Whether to enable or not the Rbd backend for Cinder type: boolean CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClusterFSID: |