From ab55169703b93339c6c7ea012d7fbc4313f56778 Mon Sep 17 00:00:00 2001 From: Janki Chhatbar Date: Fri, 7 Jul 2017 11:50:28 +0530 Subject: Containarise Barbican API This containerises Barbican API in TripleO Change-Id: Icc5e9841ea48c806af4db61cd6de5e9a7a40a988 Partial-Bug: 1668924 Depends-On: I6b5ec18ccdd51b90ff27ff7d4341260dfba71e4e (cherry picked from commit 6d338b809accea4d3ba09ca8363b1a97ed79b658) --- .../scenario002-multinode-containers.yaml | 8 +- docker/services/barbican-api.yaml | 154 +++++++++++++++++++++ .../containarise-barbican-1253606411d497ff.yaml | 4 + 3 files changed, 160 insertions(+), 6 deletions(-) create mode 100644 docker/services/barbican-api.yaml create mode 100644 releasenotes/notes/containarise-barbican-1253606411d497ff.yaml diff --git a/ci/environments/scenario002-multinode-containers.yaml b/ci/environments/scenario002-multinode-containers.yaml index 584c1e5e..43acf6dc 100644 --- a/ci/environments/scenario002-multinode-containers.yaml +++ b/ci/environments/scenario002-multinode-containers.yaml @@ -6,12 +6,8 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml - # TODO: Barbican is not yet containerized: https://review.openstack.org/#/c/474327 - # OS::TripleO::Services::BarbicanApi: ../../docker/services/barbican-api.yaml - OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml - # TODO: Zaqar doesn't work when containerized - # https://bugs.launchpad.net/tripleo/+bug/1710959 - OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar-api.yaml + OS::TripleO::Services::BarbicanApi: ../../docker/services/barbican-api.yaml + OS::TripleO::Services::Zaqar: ../../docker/services/zaqar.yaml OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml # NOTE: This is needed because of upgrades from Ocata to Pike. We # deploy the initial environment with Ocata templates, and diff --git a/docker/services/barbican-api.yaml b/docker/services/barbican-api.yaml new file mode 100644 index 00000000..b1bf7da8 --- /dev/null +++ b/docker/services/barbican-api.yaml @@ -0,0 +1,154 @@ +heat_template_version: pike + +description: > + OpenStack containerized Barbican API service + +parameters: + DockerBarbicanApiImage: + description: image + type: string + DockerBarbicanConfigImage: + description: The container image to use for the barbican config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + + BarbicanApiBase: + type: ../../puppet/services/barbican-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Barbican API role. + value: + service_name: {get_attr: [BarbicanApiBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [BarbicanApiBase, role_data, config_settings] + - apache::default_vhost: false + step_config: &step_config + list_join: + - "\n" + - - {get_attr: [BarbicanApiBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} + service_config_settings: {get_attr: [BarbicanApiBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: barbican + puppet_tags: barbican_api_paste_ini,barbican_config + step_config: *step_config + config_image: {get_param: DockerBarbicanConfigImage} + kolla_config: + /var/lib/kolla/config_files/barbican_api.json: + command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + docker_config: + # db sync runs before permissions set by kolla_config + step_2: + barbican_init_logs: + image: &barbican_api_image {get_param: DockerBarbicanApiImage} + privileged: false + user: root + volumes: + - /var/log/containers/barbican:/var/log/barbican + command: ['/bin/bash', '-c', 'chown -R barbican:barbican /var/log/barbican'] + step_3: + barbican_api_db_sync: + start_order: 0 + image: *barbican_api_image + net: host + detach: false + user: root + volumes: &barbican_api_volumes + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/barbican/etc/barbican/:/etc/barbican/:ro + - /var/log/containers/barbican:/var/log/barbican + command: "/usr/bin/bootstrap_host_exec barbican_api su barbican -s /bin/bash -c '/usr/bin/barbican-manage db upgrade'" + step_4: + barbican_api: + image: *barbican_api_image + net: host + privileged: false + restart: always + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/barbican_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/log/containers/barbican:/var/log/barbican + - /var/lib/config-data/puppet-generated/barbican/:/var/lib/kolla/config_files/src:ro + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/barbican + state: directory + upgrade_tasks: + - name: Stop and disable barbican_api service + tags: step2 + service: name=openstack-barbican-api state=stopped enabled=no + metadata_settings: + get_attr: [BarbicanApiBase, role_data, metadata_settings] \ No newline at end of file diff --git a/releasenotes/notes/containarise-barbican-1253606411d497ff.yaml b/releasenotes/notes/containarise-barbican-1253606411d497ff.yaml new file mode 100644 index 00000000..85292231 --- /dev/null +++ b/releasenotes/notes/containarise-barbican-1253606411d497ff.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + Barbican API added to containarised overcloud deployment -- cgit 1.2.3-korg