blob: dcead0f7afd41410a8e1aa8cba69f9614644b347 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
heat_template_version: pike
description: >
MongoDb service deployment using puppet
parameters:
#Parameters not used EndpointMap
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
MongodbMemoryLimit:
default: '20G'
description: Limit the amount of memory mongodb uses with systemd.
type: string
MongoDbLoggingSource:
type: json
description: Fluentd logging configuration for mongodb.
default:
tag: database.mongodb
path: /var/log/mongodb/mongodb.log
format: >-
/(?<time>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d+\+\d{4})
(?<message>.*)$/
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
MongoDbBase:
type: ./mongodb-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Service mongodb using composable services.
value:
service_name: mongodb
logging_groups:
- mongodb
logging_source: {get_param: MongoDbLoggingSource}
config_settings:
map_merge:
- get_attr: [MongoDbBase, role_data, config_settings]
- tripleo::profile::base::database::mongodb::mongodb_replset: {get_attr: [MongoDbBase, aux_parameters, rplset_name]}
tripleo::profile::base::database::mongodb::memory_limit: {get_param: MongodbMemoryLimit}
mongodb::server::service_manage: True
tripleo.mongodb.firewall_rules:
'101 mongodb_config':
dport: 27019
'102 mongodb_sharding':
dport: 27018
'103 mongod':
dport: 27017
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
mongodb::server::bind_ip: {get_param: [ServiceNetMap, MongodbNetwork]}
-
if:
- internal_tls_enabled
-
generate_service_certificates: true
mongodb::server::ssl: true
mongodb::server::ssl_key: '/etc/pki/tls/certs/mongodb.pem'
mongodb::server::ssl_ca: {get_param: InternalTLSCAFile}
mongodb_certificate_specs:
service_pem: '/etc/pki/tls/certs/mongodb.pem'
service_certificate: '/etc/pki/tls/certs/mongodb.crt'
service_key: '/etc/pki/tls/private/mongodb.key'
hostname:
str_replace:
template: "%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]}
principal:
str_replace:
template: "mongodb/%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]}
- {}
step_config: |
include ::tripleo::profile::base::database::mongodb
upgrade_tasks:
- name: Stop mongodb service
tags: step2
service: name=mongod state=stopped
- name: Start mongodb service
tags: step4
service: name=mongod state=started
metadata_settings:
if:
- internal_tls_enabled
-
- service: mongodb
network: {get_param: [ServiceNetMap, MongodbNetwork]}
type: node
- null
|