commit 47ab368caf2566f30dd55138c76ec97fb716370d Author: Emilien Macchi Date: Thu Oct 8 13:25:08 2020 -0400 Deprecate Mistral services Mistral services aren't used anymore on the Undercloud and we never saw users on the Overcloud. For simplification purpose, let's deprecate it so we can reduce our number of containers and services in TripleO. Change-Id: I422766fbdfa5d8728477d2b0d2b1d46a90f631ae diff --git a/ci/environments/scenario003-standalone.yaml b/ci/environments/scenario003-standalone.yaml index 748ddb8..9954766 100644 --- a/ci/environments/scenario003-standalone.yaml +++ b/ci/environments/scenario003-standalone.yaml @@ -6,10 +6,10 @@ resource_registry: OS::TripleO::Services::SwiftProxy: OS::Heat::None OS::TripleO::Services::SwiftStorage: OS::Heat::None OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None - OS::TripleO::Services::MistralApi: ../../deployment/mistral/mistral-api-container-puppet.yaml - OS::TripleO::Services::MistralEngine: ../../deployment/mistral/mistral-engine-container-puppet.yaml - OS::TripleO::Services::MistralExecutor: ../../deployment/mistral/mistral-executor-container-puppet.yaml - OS::TripleO::Services::MistralEventEngine: ../../deployment/mistral/mistral-event-engine-container-puppet.yaml + OS::TripleO::Services::MistralApi: ../../deployment/deprecated/mistral/mistral-api-container-puppet.yaml + OS::TripleO::Services::MistralEngine: ../../deployment/deprecated/mistral/mistral-engine-container-puppet.yaml + OS::TripleO::Services::MistralExecutor: ../../deployment/deprecated/mistral/mistral-executor-container-puppet.yaml + OS::TripleO::Services::MistralEventEngine: ../../deployment/deprecated/mistral/mistral-event-engine-container-puppet.yaml OS::TripleO::Services::OsloMessagingRpc: ../../deployment/messaging/rpc-qdrouterd-container-puppet.yaml OS::TripleO::Services::OsloMessagingNotify: ../../deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml OS::TripleO::Services::DesignateApi: ../../deployment/experimental/designate/designate-api-container-puppet.yaml diff --git a/deployment/deprecated/mistral/mapping.json b/deployment/deprecated/mistral/mapping.json new file mode 100644 index 0000000..53cade5 --- /dev/null +++ b/deployment/deprecated/mistral/mapping.json @@ -0,0 +1,373 @@ +{ + "_comment": "Mapping OpenStack action namespaces to all its actions. Each action name is mapped to python-client method name in this namespace.", + "nova": { + "_comment": "It uses novaclient.v2.", + "agents_convert_into_with_meta": "agents.convert_into_with_meta", + "agents_create": "agents.create", + "agents_delete": "agents.delete", + "agents_find": "agents.find", + "agents_findall": "agents.findall", + "agents_list": "agents.list", + "agents_update": "agents.update", + "aggregates_add_host": "aggregates.add_host", + "aggregates_convert_into_with_meta": "aggregates.convert_into_with_meta", + "aggregates_create": "aggregates.create", + "aggregates_delete": "aggregates.delete", + "aggregates_find": "aggregates.find", + "aggregates_findall": "aggregates.findall", + "aggregates_get": "aggregates.get", + "aggregates_get_details": "aggregates.get_details", + "aggregates_list": "aggregates.list", + "aggregates_remove_host": "aggregates.remove_host", + "aggregates_set_metadata": "aggregates.set_metadata", + "aggregates_update": "aggregates.update", + "availability_zones_convert_into_with_meta": "availability_zones.convert_into_with_meta", + "availability_zones_find": "availability_zones.find", + "availability_zones_findall": "availability_zones.findall", + "availability_zones_list": "availability_zones.list", + "flavor_access_add_tenant_access": "flavor_access.add_tenant_access", + "flavor_access_convert_into_with_meta": "flavor_access.convert_into_with_meta", + "flavor_access_find": "flavor_access.find", + "flavor_access_findall": "flavor_access.findall", + "flavor_access_list": "flavor_access.list", + "flavor_access_remove_tenant_access": "flavor_access.remove_tenant_access", + "flavors_convert_into_with_meta": "flavors.convert_into_with_meta", + "flavors_create": "flavors.create", + "flavors_delete": "flavors.delete", + "flavors_find": "flavors.find", + "flavors_findall": "flavors.findall", + "flavors_get": "flavors.get", + "flavors_list": "flavors.list", + "hypervisor_stats_convert_into_with_meta": "hypervisor_stats.convert_into_with_meta", + "hypervisor_stats_statistics": "hypervisor_stats.statistics", + "hypervisors_convert_into_with_meta": "hypervisors.convert_into_with_meta", + "hypervisors_find": "hypervisors.find", + "hypervisors_findall": "hypervisors.findall", + "hypervisors_get": "hypervisors.get", + "hypervisors_list": "hypervisors.list", + "hypervisors_search": "hypervisors.search", + "hypervisors_statistics": "hypervisors.statistics", + "hypervisors_uptime": "hypervisors.uptime", + "glance_find_image": "glance.find_image", + "glance_list": "glance.list", + "keypairs_convert_into_with_meta": "keypairs.convert_into_with_meta", + "keypairs_create": "keypairs.create", + "keypairs_delete": "keypairs.delete", + "keypairs_find": "keypairs.find", + "keypairs_findall": "keypairs.findall", + "keypairs_get": "keypairs.get", + "keypairs_list": "keypairs.list", + "limits_convert_into_with_meta": "limits.convert_into_with_meta", + "limits_get": "limits.get", + "neutron_find_network": "neutron.find_network", + "quota_classes_convert_into_with_meta": "quota_classes.convert_into_with_meta", + "quota_classes_get": "quota_classes.get", + "quota_classes_update": "quota_classes.update", + "quotas_convert_into_with_meta": "quotas.convert_into_with_meta", + "quotas_defaults": "quotas.defaults", + "quotas_delete": "quotas.delete", + "quotas_get": "quotas.get", + "quotas_update": "quotas.update", + "server_groups_convert_into_with_meta": "server_groups.convert_into_with_meta", + "server_groups_create": "server_groups.create", + "server_groups_delete": "server_groups.delete", + "server_groups_find": "server_groups.find", + "server_groups_findall": "server_groups.findall", + "server_groups_get": "server_groups.get", + "server_groups_list": "server_groups.list", + "server_migrations_convert_into_with_meta": "server_migrations.convert_into_with_meta", + "server_migrations_find": "server_migrations.find", + "server_migrations_findall": "server_migrations.findall", + "server_migrations_get": "server_migrations.get", + "server_migrations_list": "server_migrations.list", + "server_migrations_live_migrate_force_complete": "server_migrations.live_migrate_force_complete", + "server_migrations_live_migration_abort": "server_migrations.live_migration_abort", + "servers_add_security_group": "servers.add_security_group", + "servers_backup": "servers.backup", + "servers_change_password": "servers.change_password", + "servers_clear_password": "servers.clear_password", + "servers_confirm_resize": "servers.confirm_resize", + "servers_convert_into_with_meta": "servers.convert_into_with_meta", + "servers_create": "servers.create", + "servers_create_image": "servers.create_image", + "servers_delete": "servers.delete", + "servers_delete_meta": "servers.delete_meta", + "servers_diagnostics": "servers.diagnostics", + "servers_evacuate": "servers.evacuate", + "servers_find": "servers.find", + "servers_findall": "servers.findall", + "servers_force_delete": "servers.force_delete", + "servers_get": "servers.get", + "servers_get_console_output": "servers.get_console_output", + "servers_get_mks_console": "servers.get_mks_console", + "servers_get_password": "servers.get_password", + "servers_get_rdp_console": "servers.get_rdp_console", + "servers_get_serial_console": "servers.get_serial_console", + "servers_get_spice_console": "servers.get_spice_console", + "servers_get_vnc_console": "servers.get_vnc_console", + "servers_interface_attach": "servers.interface_attach", + "servers_interface_detach": "servers.interface_detach", + "servers_interface_list": "servers.interface_list", + "servers_ips": "servers.ips", + "servers_list": "servers.list", + "servers_list_security_group": "servers.list_security_group", + "servers_live_migrate": "servers.live_migrate", + "servers_lock": "servers.lock", + "servers_migrate": "servers.migrate", + "servers_pause": "servers.pause", + "servers_reboot": "servers.reboot", + "servers_rebuild": "servers.rebuild", + "servers_remove_security_group": "servers.remove_security_group", + "servers_rescue": "servers.rescue", + "servers_reset_network": "servers.reset_network", + "servers_reset_state": "servers.reset_state", + "servers_resize": "servers.resize", + "servers_restore": "servers.restore", + "servers_resume": "servers.resume", + "servers_revert_resize": "servers.revert_resize", + "servers_set_meta": "servers.set_meta", + "servers_set_meta_item": "servers.set_meta_item", + "servers_shelve": "servers.shelve", + "servers_shelve_offload": "servers.shelve_offload", + "servers_start": "servers.start", + "servers_stop": "servers.stop", + "servers_suspend": "servers.suspend", + "servers_trigger_crash_dump": "servers.trigger_crash_dump", + "servers_unlock": "servers.unlock", + "servers_unpause": "servers.unpause", + "servers_unrescue": "servers.unrescue", + "servers_unshelve": "servers.unshelve", + "servers_update": "servers.update", + "services_convert_into_with_meta": "services.convert_into_with_meta", + "services_delete": "services.delete", + "services_disable": "services.disable", + "services_disable_log_reason": "services.disable_log_reason", + "services_enable": "services.enable", + "services_find": "services.find", + "services_findall": "services.findall", + "services_force_down": "services.force_down", + "services_list": "services.list", + "usage_convert_into_with_meta": "usage.convert_into_with_meta", + "usage_find": "usage.find", + "usage_findall": "usage.findall", + "usage_get": "usage.get", + "usage_list": "usage.list", + "versions_convert_into_with_meta": "versions.convert_into_with_meta", + "versions_find": "versions.find", + "versions_findall": "versions.findall", + "versions_get_current": "versions.get_current", + "versions_list": "versions.list", + "volumes_convert_into_with_meta": "volumes.convert_into_with_meta", + "volumes_create_server_volume": "volumes.create_server_volume", + "volumes_delete_server_volume": "volumes.delete_server_volume", + "volumes_get_server_volume": "volumes.get_server_volume", + "volumes_get_server_volumes": "volumes.get_server_volumes", + "volumes_update_server_volume": "volumes.update_server_volume" + }, + "heat": { + "_comment": "It uses heatclient.v1.", + "actions_cancel_update": "actions.cancel_update", + "actions_check": "actions.check", + "actions_resume": "actions.resume", + "actions_suspend": "actions.suspend", + "build_info_build_info": "build_info.build_info", + "events_get": "events.get", + "events_list": "events.list", + "resource_types_generate_template": "resource_types.generate_template", + "resource_types_get": "resource_types.get", + "resource_types_list": "resource_types.list", + "resources_generate_template": "resources.generate_template", + "resources_get": "resources.get", + "resources_list": "resources.list", + "resources_mark_unhealthy": "resources.mark_unhealthy", + "resources_metadata": "resources.metadata", + "resources_signal": "resources.signal", + "services_list": "services.list", + "software_configs_create": "software_configs.create", + "software_configs_delete": "software_configs.delete", + "software_configs_get": "software_configs.get", + "software_configs_list": "software_configs.list", + "software_deployments_create": "software_deployments.create", + "software_deployments_delete": "software_deployments.delete", + "software_deployments_get": "software_deployments.get", + "software_deployments_list": "software_deployments.list", + "software_deployments_metadata": "software_deployments.metadata", + "software_deployments_update": "software_deployments.update", + "stacks_abandon": "stacks.abandon", + "stacks_create": "stacks.create", + "stacks_delete": "stacks.delete", + "stacks_environment": "stacks.environment", + "stacks_get": "stacks.get", + "stacks_list": "stacks.list", + "stacks_output_list": "stacks.output_list", + "stacks_output_show": "stacks.output_show", + "stacks_preview": "stacks.preview", + "stacks_preview_update": "stacks.preview_update", + "stacks_restore": "stacks.restore", + "stacks_snapshot": "stacks.snapshot", + "stacks_snapshot_delete": "stacks.snapshot_delete", + "stacks_snapshot_list": "stacks.snapshot_list", + "stacks_snapshot_show": "stacks.snapshot_show", + "stacks_template": "stacks.template", + "stacks_update": "stacks.update", + "stacks_validate": "stacks.validate", + "template_versions_get": "template_versions.get", + "template_versions_list": "template_versions.list" + }, + "ironic": { + "_comment": "It uses ironicclient.v1.", + "chassis_create": "chassis.create", + "chassis_delete": "chassis.delete", + "chassis_get": "chassis.get", + "chassis_list": "chassis.list", + "chassis_list_nodes": "chassis.list_nodes", + "chassis_update": "chassis.update", + "driver_delete": "driver.delete", + "driver_get": "driver.get", + "driver_get_vendor_passthru_methods": "driver.get_vendor_passthru_methods", + "driver_list": "driver.list", + "driver_properties": "driver.properties", + "driver_raid_logical_disk_properties": "driver.raid_logical_disk_properties", + "driver_update": "driver.update", + "driver_vendor_passthru": "driver.vendor_passthru", + "node_create": "node.create", + "node_delete": "node.delete", + "node_get": "node.get", + "node_get_boot_device": "node.get_boot_device", + "node_get_by_instance_uuid": "node.get_by_instance_uuid", + "node_get_console": "node.get_console", + "node_get_supported_boot_devices": "node.get_supported_boot_devices", + "node_get_vendor_passthru_methods": "node.get_vendor_passthru_methods", + "node_list": "node.list", + "node_list_ports": "node.list_ports", + "node_set_boot_device": "node.set_boot_device", + "node_set_console_mode": "node.set_console_mode", + "node_set_maintenance": "node.set_maintenance", + "node_set_power_state": "node.set_power_state", + "node_set_provision_state": "node.set_provision_state", + "node_set_target_raid_config": "node.set_target_raid_config", + "node_states": "node.states", + "node_update": "node.update", + "node_validate": "node.validate", + "node_vendor_passthru": "node.vendor_passthru", + "node_vif_attach": "node.vif_attach", + "node_vif_detach": "node.vif_detach", + "node_vif_list": "node.vif_list", + "node_wait_for_provision_state": "node.wait_for_provision_state", + "port_create": "port.create", + "port_delete": "port.delete", + "port_get": "port.get", + "port_get_by_address": "port.get_by_address", + "port_list": "port.list", + "port_update": "port.update" + }, + "baremetal_introspection": { + "_comment": "It uses ironic_inspector_client.v1.", + "abort": "abort", + "introspect": "introspect", + "get_status": "get_status", + "get_data": "get_data", + "rules_create": "rules.create", + "rules_delete": "rules.delete", + "rules_delete_all": "rules.delete_all", + "rules_from_json": "rules.from_json", + "rules_get": "rules.get", + "rules_get_all": "rules.get_all", + "wait_for_finish": "wait_for_finish" + }, + "swift": { + "_comment": "It uses swiftclient.v1.", + "head_account": "head_account", + "get_account": "get_account", + "post_account": "post_account", + "head_container": "head_container", + "get_container": "get_container", + "put_container": "put_container", + "post_container": "post_container", + "delete_container": "delete_container", + "head_object": "head_object", + "get_object": "get_object", + "put_object": "put_object", + "post_object": "post_object", + "delete_object": "delete_object", + "copy_object": "copy_object", + "get_capabilities": "get_capabilities" + }, + "swiftservice": { + "_comment": "It uses swiftclient.service.", + "capabilities": "capabilities", + "copy": "copy", + "delete": "delete", + "download": "download", + "list": "list", + "post": "post", + "stat": "stat", + "upload": "upload" + }, + "zaqar": { + "_comment": "It uses zaqarclient.v2.", + "claim_messages": "claim_messages", + "delete_messages": "delete_messages", + "queue_messages": "queue_messages", + "queue_post": "queue_post", + "queue_pop": "queue_pop" + }, + "mistral": { + "_comment": "It uses mistralclient.v2.", + "action_executions_create": "action_executions.create", + "action_executions_delete": "action_executions.delete", + "action_executions_find": "action_executions.find", + "action_executions_get": "action_executions.get", + "action_executions_list": "action_executions.list", + "action_executions_update": "action_executions.update", + "actions_create": "actions.create", + "actions_delete": "actions.delete", + "actions_find": "actions.find", + "actions_get": "actions.get", + "actions_list": "actions.list", + "actions_update": "actions.update", + "cron_triggers_create": "cron_triggers.create", + "cron_triggers_delete": "cron_triggers.delete", + "cron_triggers_find": "cron_triggers.find", + "cron_triggers_get": "cron_triggers.get", + "cron_triggers_list": "cron_triggers.list", + "environments_create": "environments.create", + "environments_delete": "environments.delete", + "environments_find": "environments.find", + "environments_get": "environments.get", + "environments_list": "environments.list", + "environments_update": "environments.update", + "executions_create": "executions.create", + "executions_delete": "executions.delete", + "executions_find": "executions.find", + "executions_get": "executions.get", + "executions_list": "executions.list", + "executions_update": "executions.update", + "members_create": "members.create", + "members_delete": "members.delete", + "members_find": "members.find", + "members_get": "members.get", + "members_list": "members.list", + "members_update": "members.update", + "services_find": "services.find", + "services_list": "services.list", + "tasks_find": "tasks.find", + "tasks_get": "tasks.get", + "tasks_list": "tasks.list", + "tasks_rerun": "tasks.rerun", + "workbooks_create": "workbooks.create", + "workbooks_delete": "workbooks.delete", + "workbooks_find": "workbooks.find", + "workbooks_get": "workbooks.get", + "workbooks_list": "workbooks.list", + "workbooks_update": "workbooks.update", + "workbooks_validate": "workbooks.validate", + "workflows_create": "workflows.create", + "workflows_delete": "workflows.delete", + "workflows_find": "workflows.find", + "workflows_get": "workflows.get", + "workflows_list": "workflows.list", + "workflows_update": "workflows.update", + "workflows_validate": "workflows.validate" + } +} diff --git a/deployment/deprecated/mistral/mistral-api-container-puppet.yaml b/deployment/deprecated/mistral/mistral-api-container-puppet.yaml new file mode 100644 index 0000000..9ed059c --- /dev/null +++ b/deployment/deprecated/mistral/mistral-api-container-puppet.yaml @@ -0,0 +1,262 @@ +heat_template_version: rocky + +description: > + OpenStack containerized Mistral API service + +parameters: + ContainerMistralApiImage: + description: image + type: string + ContainerMistralConfigImage: + description: The container image to use for the mistral config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + DeployIdentifier: + default: '' + type: string + description: > + Setting this to a unique value will re-run any deployment tasks which + perform configuration on a Heat stack-update. + MistralWorkers: + default: 1 + description: The number of workers for the mistral-api. + type: number + MistralApiPolicies: + description: | + A hash of policies to configure for Mistral API. + e.g. { mistral-context_is_admin: { key: context_is_admin, value: 'role:admin' } } + default: {} + type: json + EnableInternalTLS: + type: boolean + default: false + MistralExecutionInterval: + default: 600 + description: This setting defines how frequently Mistral checks for cron + triggers that need execution. The default is 10 minutes and + reduces the load that is has on the system. + type: number + MistralCorsAllowedOrigin: + type: string + default: '' + description: Indicate whether this resource may be shared with the domain received in the request + "origin" header. + MistralPassword: + description: The password for the Mistral service and db account, used by the Mistral services. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +conditions: + mistral_workers_zero: {equals : [{get_param: MistralWorkers}, 0]} + cors_allowed_origin_unset: {equals : [{get_param: MistralCorsAllowedOrigin}, '']} + +resources: + + ContainersCommon: + type: ../../containers-common.yaml + + MySQLClient: + type: ../../database/mysql-client.yaml + + MistralBase: + type: ./mistral-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Mistral API role. + value: + service_name: mistral_api + firewall_rules: + '133 mistral': + dport: + - 8989 + - 13989 + keystone_resources: + mistral: + endpoints: + public: {get_param: [EndpointMap, MistralPublic, uri]} + internal: {get_param: [EndpointMap, MistralInternal, uri]} + admin: {get_param: [EndpointMap, MistralAdmin, uri]} + users: + mistral: + password: {get_param: MistralPassword} + region: {get_param: KeystoneRegion} + service: 'workflowv2' + config_settings: + map_merge: + - get_attr: [MistralBase, role_data, config_settings] + - + if: + - cors_allowed_origin_unset + - {} + - mistral::cors::allowed_origin: {get_param: MistralCorsAllowedOrigin} + - mistral::api::api_workers: {get_param: MistralWorkers} + mistral::api::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]} + mistral::wsgi::apache::ssl: {get_param: EnableInternalTLS} + mistral::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' + mistral::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' + mistral::policy::policies: {get_param: MistralApiPolicies} + mistral::cron_trigger::execution_interval: {get_param: MistralExecutionInterval} + mistral::api::allow_action_execution_deletion: true + mistral::api::service_name: 'httpd' + mistral::wsgi::apache::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]} + mistral::wsgi::apache::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]} + - if: + - mistral_workers_zero + - {} + - mistral::wsgi::apache::workers: {get_param: MistralWorkers} + service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: mistral + puppet_tags: mistral_config + step_config: + list_join: + - "\n" + - - include tripleo::profile::base::mistral::api + - {get_attr: [MySQLClient, role_data, step_config]} + config_image: {get_param: ContainerMistralConfigImage} + kolla_config: + /var/lib/kolla/config_files/mistral_api.json: + command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/api.log --server=api + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/mistral + owner: mistral:mistral + recurse: true + docker_config: + # db sync runs before permissions set by kolla_config + step_2: + mistral_init_logs: + image: &mistral_api_image {get_param: ContainerMistralApiImage} + net: none + privileged: false + user: root + volumes: + - /var/log/containers/mistral:/var/log/mistral:z + command: ['/bin/bash', '-c', 'chown -R mistral:mistral /var/log/mistral'] + step_3: + mistral_db_sync: + start_order: 0 + image: *mistral_api_image + net: host + privileged: false + detach: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro + - /var/log/containers/mistral:/var/log/mistral:z + command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf --openstack_actions_mapping_path=/etc/mistral/mapping.json upgrade head'" + environment: + TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier} + step_4: + mistral_api: + start_order: 15 + image: *mistral_api_image + net: host + privileged: false + restart: always + healthcheck: + test: /openstack/healthcheck + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/mistral:/var/lib/kolla/config_files/src:ro + - /var/log/containers/mistral:/var/log/mistral:z + environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + step_5: + mistral_db_populate: + start_order: 1 + image: *mistral_api_image + net: host + privileged: false + detach: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro + - /var/log/containers/mistral:/var/log/mistral:z + # NOTE: dprince this requires that we install openstack-tripleo-common into + # the Mistral API image so that we get tripleo* actions + command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf --openstack_actions_mapping_path=/etc/mistral/mapping.json populate'" + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item.path }}" + state: directory + setype: "{{ item.setype }}" + mode: "{{ item.mode|default(omit) }}" + with_items: + - { 'path': /var/log/containers/mistral, 'setype': container_file_t, 'mode': '0750' } + deploy_steps_tasks: + - name: Copy in action mapping file + when: step|int == 3 + copy: + content: {get_file: ./mapping.json} + dest: '/var/lib/config-data/mistral/etc/mistral/mapping.json' + setype: container_file_t + force: yes + mode: '0755' diff --git a/deployment/deprecated/mistral/mistral-base.yaml b/deployment/deprecated/mistral/mistral-base.yaml new file mode 100644 index 0000000..2b353a9 --- /dev/null +++ b/deployment/deprecated/mistral/mistral-base.yaml @@ -0,0 +1,123 @@ +heat_template_version: rocky + +description: > + Openstack Mistral base service. Shared for all Mistral services. + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + + Debug: + default: false + description: Set to True to enable debugging on all services. + type: boolean + MistralDebug: + default: '' + description: Set to True to enable debugging Mistral services. + type: string + constraints: + - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE'] + EnableSQLAlchemyCollectd: + type: boolean + description: > + Set to true to enable the SQLAlchemy-collectd server plugin + default: false + MistralPassword: + description: The password for the Mistral service and db account, used by the Mistral services. + type: string + hidden: true + NotificationDriver: + type: string + default: 'noop' + description: Driver or drivers to handle sending notifications. + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + MistralRPCResponseTimeout: + type: number + default: 120 + description: Mistral RPC timeout + +conditions: + service_debug_unset: {equals : [{get_param: MistralDebug}, '']} + enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]} + +outputs: + role_data: + description: Shared role data for the Mistral services. + value: + service_name: mistral_base + config_settings: + mistral::database_connection: + make_url: + scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} + username: mistral + password: {get_param: MistralPassword} + host: {get_param: [EndpointMap, MysqlInternal, host]} + path: /mistral + query: + if: + - enable_sqlalchemy_collectd + - + read_default_file: /etc/my.cnf.d/tripleo.cnf + read_default_group: tripleo + plugin: collectd + collectd_program_name: mistral + collectd_host: localhost + - + read_default_file: /etc/my.cnf.d/tripleo.cnf + read_default_group: tripleo + + mistral::notification_driver: {get_param: NotificationDriver} + mistral::logging::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: MistralDebug } + mistral::rpc_response_timeout: {get_param: MistralRPCResponseTimeout} + mistral::keystone::authtoken::project_name: 'service' + mistral::keystone::authtoken::user_domain_name: 'Default' + mistral::keystone::authtoken::project_domain_name: 'Default' + mistral::keystone::authtoken::password: {get_param: MistralPassword} + mistral::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneV3Internal, uri]} + mistral::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + mistral::keystone::authtoken::region_name: {get_param: KeystoneRegion} + mistral::keystone_ec2_uri: + list_join: + - '' + - - {get_param: [EndpointMap, KeystoneV3Internal, uri]} + - '/ec2tokens' + service_config_settings: + mysql: + mistral::db::mysql::user: mistral + mistral::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + mistral::db::mysql::dbname: mistral + mistral::db::mysql::password: {get_param: MistralPassword} + mistral::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/deployment/deprecated/mistral/mistral-engine-container-puppet.yaml b/deployment/deprecated/mistral/mistral-engine-container-puppet.yaml new file mode 100644 index 0000000..de1bb8e --- /dev/null +++ b/deployment/deprecated/mistral/mistral-engine-container-puppet.yaml @@ -0,0 +1,146 @@ +heat_template_version: rocky + +description: > + OpenStack containerized Mistral Engine service + +parameters: + ContainerMistralEngineImage: + description: image + type: string + ContainerMistralConfigImage: + description: The container image to use for the mistral config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + MistralExecutionFieldSizeLimit: + default: 1024 + description: The default maximum size in KB of large text fields of runtime + execution objects. Use -1 for no limit. + type: number + MistralEvaluationInterval: + default: 120 + description: How often will the executions be evaluated + (in minutes). For example for value 120 the interval + will be 2 hours (every 2 hours). + type: number + MistralFinishedExecutionDuration: + default: 2880 + description: Evaluate from which time remove executions in minutes. + For example when set to 60, remove all executions + that finished a 60 minutes ago or more. + Minimum value is 1. + Note that only final state execution will remove (SUCCESS/ERROR). + constraints: + - range: { min: 1 } + type: number + +resources: + + ContainersCommon: + type: ../../containers-common.yaml + + MySQLClient: + type: ../../database/mysql-client.yaml + + MistralBase: + type: ./mistral-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Mistral Engine role. + value: + service_name: mistral_engine + config_settings: + map_merge: + - get_attr: [MistralBase, role_data, config_settings] + - mistral::engine::execution_field_size_limit_kb: {get_param: MistralExecutionFieldSizeLimit} + mistral::engine::evaluation_interval: {get_param: MistralEvaluationInterval} + mistral::engine::older_than: {get_param: MistralFinishedExecutionDuration} + service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: mistral + puppet_tags: mistral_config + step_config: + list_join: + - "\n" + - - include tripleo::profile::base::mistral::engine + - {get_attr: [MySQLClient, role_data, step_config]} + config_image: {get_param: ContainerMistralConfigImage} + kolla_config: + /var/lib/kolla/config_files/mistral_engine.json: + command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/engine.log --server=engine + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/mistral + owner: mistral:mistral + recurse: true + docker_config: + step_4: + mistral_engine: + image: {get_param: ContainerMistralEngineImage} + net: host + privileged: false + restart: always + healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]} + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/mistral_engine.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/mistral:/var/lib/kolla/config_files/src:ro + - /var/log/containers/mistral:/var/log/mistral:z + - /var/lib/mistral:/var/lib/mistral:ro + - /usr/share/ansible/:/usr/share/ansible/:ro + - /usr/share/openstack-tripleo-validations:/usr/share/openstack-tripleo-validations:ro + environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item.path }}" + state: directory + setype: "{{ item.setype }}" + mode: "{{ item.mode }}" + with_items: + - { 'path': /var/log/containers/mistral, 'setype': container_file_t, 'mode': '0750' } + - name: enable virt_sandbox_use_netlink for healthcheck + seboolean: + name: virt_sandbox_use_netlink + persistent: yes + state: yes diff --git a/deployment/deprecated/mistral/mistral-event-engine-container-puppet.yaml b/deployment/deprecated/mistral/mistral-event-engine-container-puppet.yaml new file mode 100644 index 0000000..4aa5295 --- /dev/null +++ b/deployment/deprecated/mistral/mistral-event-engine-container-puppet.yaml @@ -0,0 +1,121 @@ +heat_template_version: rocky + +description: > + OpenStack containerized Mistral Event Engine service + +parameters: + ContainerMistralEventEngineImage: + description: image + type: string + ContainerMistralConfigImage: + description: The container image to use for the mistral config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ../../containers-common.yaml + + MySQLClient: + type: ../../database/mysql-client.yaml + + MistralBase: + type: ./mistral-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Mistral Event Engine role. + value: + service_name: mistral_event_engine + config_settings: + get_attr: [MistralBase, role_data, config_settings] + service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: mistral + puppet_tags: mistral_config + step_config: + list_join: + - "\n" + - - include tripleo::profile::base::mistral + - get_attr: [MySQLClient, role_data, step_config] + config_image: {get_param: ContainerMistralConfigImage} + kolla_config: + /var/lib/kolla/config_files/mistral_event_engine.json: + command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/event-engine.log --server=event-engine + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/mistral + owner: mistral:mistral + recurse: true + docker_config: + step_4: + mistral_event_engine: + image: {get_param: ContainerMistralEventEngineImage} + net: host + privileged: false + restart: always + healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]} + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/mistral_event_engine.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/mistral:/var/lib/kolla/config_files/src:ro + - /var/log/containers/mistral:/var/log/mistral:z + - /var/lib/mistral:/var/lib/mistral:ro + - /usr/share/ansible/:/usr/share/ansible/:ro + - /usr/share/openstack-tripleo-validations:/usr/share/openstack-tripleo-validations:ro + environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item.path }}" + state: directory + setype: "{{ item.setype }}" + mode: "{{ item.mode }}" + with_items: + - { 'path': /var/log/containers/mistral, 'setype': container_file_t, 'mode': '0750' } + - name: enable virt_sandbox_use_netlink for healthcheck + seboolean: + name: virt_sandbox_use_netlink + persistent: yes + state: yes diff --git a/deployment/deprecated/mistral/mistral-executor-container-puppet.yaml b/deployment/deprecated/mistral/mistral-executor-container-puppet.yaml new file mode 100644 index 0000000..c492d1c --- /dev/null +++ b/deployment/deprecated/mistral/mistral-executor-container-puppet.yaml @@ -0,0 +1,257 @@ +heat_template_version: rocky + +description: > + OpenStack containerized Mistral Executor service + +parameters: + ContainerMistralExecutorImage: + description: image + type: string + DockerMistralExecutorUlimit: + default: ['nofile=1024'] + description: ulimit for Mistral Executor Container + type: comma_delimited_list + ContainerMistralConfigImage: + description: The container image to use for the mistral config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + MistralExecutorVolumes: + default: [] + description: List of additional volumes to mount into the mistral-executor container + type: comma_delimited_list + MistralExecutorExtraVolumes: + default: [] + description: List of user-provided additional volumes to mount into the mistral-executor container + type: comma_delimited_list + UndercloudConfigFilePath: + default: '' + description: Configuration file for Undercloud, needed by TripleO Validations. + type: string + ContainerCli: + type: string + default: 'podman' + description: CLI tool used to manage containers. + constraints: + - allowed_values: ['docker', 'podman'] + MistralDockerGroup: + default: false + description: Add the mistral user to the docker group to allow actions to perform docker operations. + type: boolean + TripleoAdminUser: + default: 'tripleo-admin' + description: Name of user which manages the hosts + type: string + MountBackupFilesystemPaths: + default: false + description: Set to True to mount all directories stated in BackupFilesystemPaths + type: boolean + BackupBaseMountpoint: + default: '/backup' + description: Absolute paths to directory, which will use as a base directory for all mounted directories marked for backup + type: string + BackupFilesystemPaths: + description: Absolute paths to directories, which should be included during filesystem backup on undercloud + type: json + default: + - /etc/hiera.yaml + - /etc/puppet/ + - /var/lib/config-data/ + +conditions: + docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']} + mount_backup_filesystem: {equals : [{get_param: MountBackupFilesystemPaths}, true]} + +resources: + + ContainersCommon: + type: ../../containers-common.yaml + + MySQLClient: + type: ../../database/mysql-client.yaml + + MistralBase: + type: ./mistral-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Mistral Executor role. + value: + service_name: mistral_executor + config_settings: + map_merge: + - get_attr: [MistralBase, role_data, config_settings] + # Note: the hiera parameter will only work if the TripleO validations + # are run from Mistral Executor container. If the parameter is + # needed on the host, it'll have to be defined somewhere else too. + # The hiera param is set to the same value as the bind mound location + # of the file inside the container. + - tripleo_undercloud_conf_file: '/var/lib/mistral/undercloud.conf' + tripleo::profile::base::mistral::executor::docker_group: {get_param: MistralDockerGroup} + service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: mistral + puppet_tags: mistral_config,user,group + step_config: + list_join: + - "\n" + - - include tripleo::profile::base::mistral::executor + - {get_attr: [MySQLClient, role_data, step_config]} + config_image: {get_param: ContainerMistralConfigImage} + volumes: + list_concat: + - + if: + - docker_enabled + - - /run/docker.sock:/run/docker.sock:rw + - null + kolla_config: + /var/lib/kolla/config_files/mistral_executor.json: + command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor + config_files: + list_concat: + - - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/mistral + owner: mistral:mistral + recurse: true + - path: /var/lib/mistral + owner: mistral:mistral + recurse: true + docker_config: + step_4: + mistral_executor: + image: {get_param: ContainerMistralExecutorImage} + ulimit: {get_param: DockerMistralExecutorUlimit} + net: host + privileged: false + restart: always + healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]} + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/mistral:/var/lib/kolla/config_files/src:ro + - /var/log/containers/mistral:/var/log/mistral:z + - /var/lib/mistral:/var/lib/mistral:z + - /usr/share/ansible/:/usr/share/ansible/:ro + - /var/lib/config-data/puppet-generated:/var/lib/config-data/puppet-generated:ro + - /usr/share/openstack-tripleo-validations:/usr/share/openstack-tripleo-validations:ro + - /usr/share/openstack-tripleo-heat-templates:/usr/share/openstack-tripleo-heat-templates:ro + - {get_param: MistralExecutorVolumes} + - {get_param: MistralExecutorExtraVolumes} + - - str_replace: + template: + '/home/tripleo-admin:/home/tripleo-admin' + params: + tripleo-admin: {get_param: TripleoAdminUser} + - if: + - mount_backup_filesystem + - repeat: + for_each: + PATH: {get_param: BackupFilesystemPaths} + template: + list_join: + - ':' + - - 'PATH' + - list_join: + - '/' + - - {get_param: BackupBaseMountpoint} + - 'PATH' + - 'ro' + expression: > + ($.data.paths + $.data.extra_plugins) + .flatten().distinct() + + - null + environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + env_file: /etc/environment + host_prep_tasks: + - set_fact: + tripleo_admin_user: {get_param: TripleoAdminUser} + undercloud_cfg_file: {get_param: UndercloudConfigFilePath} + - import_role: + name: tripleo_create_admin + tasks_from: create_user.yml + vars: + tripleo_admin_generate_key: true + - name: create persistent directories + file: + path: "{{ item.path }}" + state: directory + setype: "{{ item.setype }}" + mode: "{{ item.mode|default(omit) }}" + with_items: + - { 'path': /var/log/containers/mistral, 'setype': container_file_t, 'mode': '0750' } + - { 'path': /var/lib/mistral, 'setype': container_file_t, 'mode': '0751' } + - name: create mistral/.ssh directory + file: + path: /var/lib/mistral/.ssh + state: directory + mode: 0700 + - name: copy tripleo-admin private key to /var/lib/mistral/.ssh + copy: + remote_src: yes + src: /home/{{ tripleo_admin_user }}/.ssh/id_rsa + dest: /var/lib/mistral/.ssh/{{ tripleo_admin_user }}-rsa + mode: 0600 + - name: copy undercloud.conf to /var/lib/mistral/ + when: undercloud_cfg_file != '' + copy: + src: "{{ undercloud_cfg_file }}" + dest: /var/lib/mistral/undercloud.conf + mode: 0444 + setype: container_file_t + local_follow: true + - name: create ceph-ansible source directory + file: + path: /usr/share/ceph-ansible + state: directory + setype: container_file_t + - name: create octavia-amphora-images directory + file: + path: /usr/share/openstack-octavia-amphora-images + state: directory + setype: container_file_t + - name: enable virt_sandbox_use_netlink for healthcheck + seboolean: + name: virt_sandbox_use_netlink + persistent: yes + state: yes diff --git a/deployment/mistral/mapping.json b/deployment/mistral/mapping.json deleted file mode 100644 index 53cade5..0000000 --- a/deployment/mistral/mapping.json +++ /dev/null @@ -1,373 +0,0 @@ -{ - "_comment": "Mapping OpenStack action namespaces to all its actions. Each action name is mapped to python-client method name in this namespace.", - "nova": { - "_comment": "It uses novaclient.v2.", - "agents_convert_into_with_meta": "agents.convert_into_with_meta", - "agents_create": "agents.create", - "agents_delete": "agents.delete", - "agents_find": "agents.find", - "agents_findall": "agents.findall", - "agents_list": "agents.list", - "agents_update": "agents.update", - "aggregates_add_host": "aggregates.add_host", - "aggregates_convert_into_with_meta": "aggregates.convert_into_with_meta", - "aggregates_create": "aggregates.create", - "aggregates_delete": "aggregates.delete", - "aggregates_find": "aggregates.find", - "aggregates_findall": "aggregates.findall", - "aggregates_get": "aggregates.get", - "aggregates_get_details": "aggregates.get_details", - "aggregates_list": "aggregates.list", - "aggregates_remove_host": "aggregates.remove_host", - "aggregates_set_metadata": "aggregates.set_metadata", - "aggregates_update": "aggregates.update", - "availability_zones_convert_into_with_meta": "availability_zones.convert_into_with_meta", - "availability_zones_find": "availability_zones.find", - "availability_zones_findall": "availability_zones.findall", - "availability_zones_list": "availability_zones.list", - "flavor_access_add_tenant_access": "flavor_access.add_tenant_access", - "flavor_access_convert_into_with_meta": "flavor_access.convert_into_with_meta", - "flavor_access_find": "flavor_access.find", - "flavor_access_findall": "flavor_access.findall", - "flavor_access_list": "flavor_access.list", - "flavor_access_remove_tenant_access": "flavor_access.remove_tenant_access", - "flavors_convert_into_with_meta": "flavors.convert_into_with_meta", - "flavors_create": "flavors.create", - "flavors_delete": "flavors.delete", - "flavors_find": "flavors.find", - "flavors_findall": "flavors.findall", - "flavors_get": "flavors.get", - "flavors_list": "flavors.list", - "hypervisor_stats_convert_into_with_meta": "hypervisor_stats.convert_into_with_meta", - "hypervisor_stats_statistics": "hypervisor_stats.statistics", - "hypervisors_convert_into_with_meta": "hypervisors.convert_into_with_meta", - "hypervisors_find": "hypervisors.find", - "hypervisors_findall": "hypervisors.findall", - "hypervisors_get": "hypervisors.get", - "hypervisors_list": "hypervisors.list", - "hypervisors_search": "hypervisors.search", - "hypervisors_statistics": "hypervisors.statistics", - "hypervisors_uptime": "hypervisors.uptime", - "glance_find_image": "glance.find_image", - "glance_list": "glance.list", - "keypairs_convert_into_with_meta": "keypairs.convert_into_with_meta", - "keypairs_create": "keypairs.create", - "keypairs_delete": "keypairs.delete", - "keypairs_find": "keypairs.find", - "keypairs_findall": "keypairs.findall", - "keypairs_get": "keypairs.get", - "keypairs_list": "keypairs.list", - "limits_convert_into_with_meta": "limits.convert_into_with_meta", - "limits_get": "limits.get", - "neutron_find_network": "neutron.find_network", - "quota_classes_convert_into_with_meta": "quota_classes.convert_into_with_meta", - "quota_classes_get": "quota_classes.get", - "quota_classes_update": "quota_classes.update", - "quotas_convert_into_with_meta": "quotas.convert_into_with_meta", - "quotas_defaults": "quotas.defaults", - "quotas_delete": "quotas.delete", - "quotas_get": "quotas.get", - "quotas_update": "quotas.update", - "server_groups_convert_into_with_meta": "server_groups.convert_into_with_meta", - "server_groups_create": "server_groups.create", - "server_groups_delete": "server_groups.delete", - "server_groups_find": "server_groups.find", - "server_groups_findall": "server_groups.findall", - "server_groups_get": "server_groups.get", - "server_groups_list": "server_groups.list", - "server_migrations_convert_into_with_meta": "server_migrations.convert_into_with_meta", - "server_migrations_find": "server_migrations.find", - "server_migrations_findall": "server_migrations.findall", - "server_migrations_get": "server_migrations.get", - "server_migrations_list": "server_migrations.list", - "server_migrations_live_migrate_force_complete": "server_migrations.live_migrate_force_complete", - "server_migrations_live_migration_abort": "server_migrations.live_migration_abort", - "servers_add_security_group": "servers.add_security_group", - "servers_backup": "servers.backup", - "servers_change_password": "servers.change_password", - "servers_clear_password": "servers.clear_password", - "servers_confirm_resize": "servers.confirm_resize", - "servers_convert_into_with_meta": "servers.convert_into_with_meta", - "servers_create": "servers.create", - "servers_create_image": "servers.create_image", - "servers_delete": "servers.delete", - "servers_delete_meta": "servers.delete_meta", - "servers_diagnostics": "servers.diagnostics", - "servers_evacuate": "servers.evacuate", - "servers_find": "servers.find", - "servers_findall": "servers.findall", - "servers_force_delete": "servers.force_delete", - "servers_get": "servers.get", - "servers_get_console_output": "servers.get_console_output", - "servers_get_mks_console": "servers.get_mks_console", - "servers_get_password": "servers.get_password", - "servers_get_rdp_console": "servers.get_rdp_console", - "servers_get_serial_console": "servers.get_serial_console", - "servers_get_spice_console": "servers.get_spice_console", - "servers_get_vnc_console": "servers.get_vnc_console", - "servers_interface_attach": "servers.interface_attach", - "servers_interface_detach": "servers.interface_detach", - "servers_interface_list": "servers.interface_list", - "servers_ips": "servers.ips", - "servers_list": "servers.list", - "servers_list_security_group": "servers.list_security_group", - "servers_live_migrate": "servers.live_migrate", - "servers_lock": "servers.lock", - "servers_migrate": "servers.migrate", - "servers_pause": "servers.pause", - "servers_reboot": "servers.reboot", - "servers_rebuild": "servers.rebuild", - "servers_remove_security_group": "servers.remove_security_group", - "servers_rescue": "servers.rescue", - "servers_reset_network": "servers.reset_network", - "servers_reset_state": "servers.reset_state", - "servers_resize": "servers.resize", - "servers_restore": "servers.restore", - "servers_resume": "servers.resume", - "servers_revert_resize": "servers.revert_resize", - "servers_set_meta": "servers.set_meta", - "servers_set_meta_item": "servers.set_meta_item", - "servers_shelve": "servers.shelve", - "servers_shelve_offload": "servers.shelve_offload", - "servers_start": "servers.start", - "servers_stop": "servers.stop", - "servers_suspend": "servers.suspend", - "servers_trigger_crash_dump": "servers.trigger_crash_dump", - "servers_unlock": "servers.unlock", - "servers_unpause": "servers.unpause", - "servers_unrescue": "servers.unrescue", - "servers_unshelve": "servers.unshelve", - "servers_update": "servers.update", - "services_convert_into_with_meta": "services.convert_into_with_meta", - "services_delete": "services.delete", - "services_disable": "services.disable", - "services_disable_log_reason": "services.disable_log_reason", - "services_enable": "services.enable", - "services_find": "services.find", - "services_findall": "services.findall", - "services_force_down": "services.force_down", - "services_list": "services.list", - "usage_convert_into_with_meta": "usage.convert_into_with_meta", - "usage_find": "usage.find", - "usage_findall": "usage.findall", - "usage_get": "usage.get", - "usage_list": "usage.list", - "versions_convert_into_with_meta": "versions.convert_into_with_meta", - "versions_find": "versions.find", - "versions_findall": "versions.findall", - "versions_get_current": "versions.get_current", - "versions_list": "versions.list", - "volumes_convert_into_with_meta": "volumes.convert_into_with_meta", - "volumes_create_server_volume": "volumes.create_server_volume", - "volumes_delete_server_volume": "volumes.delete_server_volume", - "volumes_get_server_volume": "volumes.get_server_volume", - "volumes_get_server_volumes": "volumes.get_server_volumes", - "volumes_update_server_volume": "volumes.update_server_volume" - }, - "heat": { - "_comment": "It uses heatclient.v1.", - "actions_cancel_update": "actions.cancel_update", - "actions_check": "actions.check", - "actions_resume": "actions.resume", - "actions_suspend": "actions.suspend", - "build_info_build_info": "build_info.build_info", - "events_get": "events.get", - "events_list": "events.list", - "resource_types_generate_template": "resource_types.generate_template", - "resource_types_get": "resource_types.get", - "resource_types_list": "resource_types.list", - "resources_generate_template": "resources.generate_template", - "resources_get": "resources.get", - "resources_list": "resources.list", - "resources_mark_unhealthy": "resources.mark_unhealthy", - "resources_metadata": "resources.metadata", - "resources_signal": "resources.signal", - "services_list": "services.list", - "software_configs_create": "software_configs.create", - "software_configs_delete": "software_configs.delete", - "software_configs_get": "software_configs.get", - "software_configs_list": "software_configs.list", - "software_deployments_create": "software_deployments.create", - "software_deployments_delete": "software_deployments.delete", - "software_deployments_get": "software_deployments.get", - "software_deployments_list": "software_deployments.list", - "software_deployments_metadata": "software_deployments.metadata", - "software_deployments_update": "software_deployments.update", - "stacks_abandon": "stacks.abandon", - "stacks_create": "stacks.create", - "stacks_delete": "stacks.delete", - "stacks_environment": "stacks.environment", - "stacks_get": "stacks.get", - "stacks_list": "stacks.list", - "stacks_output_list": "stacks.output_list", - "stacks_output_show": "stacks.output_show", - "stacks_preview": "stacks.preview", - "stacks_preview_update": "stacks.preview_update", - "stacks_restore": "stacks.restore", - "stacks_snapshot": "stacks.snapshot", - "stacks_snapshot_delete": "stacks.snapshot_delete", - "stacks_snapshot_list": "stacks.snapshot_list", - "stacks_snapshot_show": "stacks.snapshot_show", - "stacks_template": "stacks.template", - "stacks_update": "stacks.update", - "stacks_validate": "stacks.validate", - "template_versions_get": "template_versions.get", - "template_versions_list": "template_versions.list" - }, - "ironic": { - "_comment": "It uses ironicclient.v1.", - "chassis_create": "chassis.create", - "chassis_delete": "chassis.delete", - "chassis_get": "chassis.get", - "chassis_list": "chassis.list", - "chassis_list_nodes": "chassis.list_nodes", - "chassis_update": "chassis.update", - "driver_delete": "driver.delete", - "driver_get": "driver.get", - "driver_get_vendor_passthru_methods": "driver.get_vendor_passthru_methods", - "driver_list": "driver.list", - "driver_properties": "driver.properties", - "driver_raid_logical_disk_properties": "driver.raid_logical_disk_properties", - "driver_update": "driver.update", - "driver_vendor_passthru": "driver.vendor_passthru", - "node_create": "node.create", - "node_delete": "node.delete", - "node_get": "node.get", - "node_get_boot_device": "node.get_boot_device", - "node_get_by_instance_uuid": "node.get_by_instance_uuid", - "node_get_console": "node.get_console", - "node_get_supported_boot_devices": "node.get_supported_boot_devices", - "node_get_vendor_passthru_methods": "node.get_vendor_passthru_methods", - "node_list": "node.list", - "node_list_ports": "node.list_ports", - "node_set_boot_device": "node.set_boot_device", - "node_set_console_mode": "node.set_console_mode", - "node_set_maintenance": "node.set_maintenance", - "node_set_power_state": "node.set_power_state", - "node_set_provision_state": "node.set_provision_state", - "node_set_target_raid_config": "node.set_target_raid_config", - "node_states": "node.states", - "node_update": "node.update", - "node_validate": "node.validate", - "node_vendor_passthru": "node.vendor_passthru", - "node_vif_attach": "node.vif_attach", - "node_vif_detach": "node.vif_detach", - "node_vif_list": "node.vif_list", - "node_wait_for_provision_state": "node.wait_for_provision_state", - "port_create": "port.create", - "port_delete": "port.delete", - "port_get": "port.get", - "port_get_by_address": "port.get_by_address", - "port_list": "port.list", - "port_update": "port.update" - }, - "baremetal_introspection": { - "_comment": "It uses ironic_inspector_client.v1.", - "abort": "abort", - "introspect": "introspect", - "get_status": "get_status", - "get_data": "get_data", - "rules_create": "rules.create", - "rules_delete": "rules.delete", - "rules_delete_all": "rules.delete_all", - "rules_from_json": "rules.from_json", - "rules_get": "rules.get", - "rules_get_all": "rules.get_all", - "wait_for_finish": "wait_for_finish" - }, - "swift": { - "_comment": "It uses swiftclient.v1.", - "head_account": "head_account", - "get_account": "get_account", - "post_account": "post_account", - "head_container": "head_container", - "get_container": "get_container", - "put_container": "put_container", - "post_container": "post_container", - "delete_container": "delete_container", - "head_object": "head_object", - "get_object": "get_object", - "put_object": "put_object", - "post_object": "post_object", - "delete_object": "delete_object", - "copy_object": "copy_object", - "get_capabilities": "get_capabilities" - }, - "swiftservice": { - "_comment": "It uses swiftclient.service.", - "capabilities": "capabilities", - "copy": "copy", - "delete": "delete", - "download": "download", - "list": "list", - "post": "post", - "stat": "stat", - "upload": "upload" - }, - "zaqar": { - "_comment": "It uses zaqarclient.v2.", - "claim_messages": "claim_messages", - "delete_messages": "delete_messages", - "queue_messages": "queue_messages", - "queue_post": "queue_post", - "queue_pop": "queue_pop" - }, - "mistral": { - "_comment": "It uses mistralclient.v2.", - "action_executions_create": "action_executions.create", - "action_executions_delete": "action_executions.delete", - "action_executions_find": "action_executions.find", - "action_executions_get": "action_executions.get", - "action_executions_list": "action_executions.list", - "action_executions_update": "action_executions.update", - "actions_create": "actions.create", - "actions_delete": "actions.delete", - "actions_find": "actions.find", - "actions_get": "actions.get", - "actions_list": "actions.list", - "actions_update": "actions.update", - "cron_triggers_create": "cron_triggers.create", - "cron_triggers_delete": "cron_triggers.delete", - "cron_triggers_find": "cron_triggers.find", - "cron_triggers_get": "cron_triggers.get", - "cron_triggers_list": "cron_triggers.list", - "environments_create": "environments.create", - "environments_delete": "environments.delete", - "environments_find": "environments.find", - "environments_get": "environments.get", - "environments_list": "environments.list", - "environments_update": "environments.update", - "executions_create": "executions.create", - "executions_delete": "executions.delete", - "executions_find": "executions.find", - "executions_get": "executions.get", - "executions_list": "executions.list", - "executions_update": "executions.update", - "members_create": "members.create", - "members_delete": "members.delete", - "members_find": "members.find", - "members_get": "members.get", - "members_list": "members.list", - "members_update": "members.update", - "services_find": "services.find", - "services_list": "services.list", - "tasks_find": "tasks.find", - "tasks_get": "tasks.get", - "tasks_list": "tasks.list", - "tasks_rerun": "tasks.rerun", - "workbooks_create": "workbooks.create", - "workbooks_delete": "workbooks.delete", - "workbooks_find": "workbooks.find", - "workbooks_get": "workbooks.get", - "workbooks_list": "workbooks.list", - "workbooks_update": "workbooks.update", - "workbooks_validate": "workbooks.validate", - "workflows_create": "workflows.create", - "workflows_delete": "workflows.delete", - "workflows_find": "workflows.find", - "workflows_get": "workflows.get", - "workflows_list": "workflows.list", - "workflows_update": "workflows.update", - "workflows_validate": "workflows.validate" - } -} diff --git a/deployment/mistral/mistral-api-container-puppet.yaml b/deployment/mistral/mistral-api-container-puppet.yaml deleted file mode 100644 index 52d3955..0000000 --- a/deployment/mistral/mistral-api-container-puppet.yaml +++ /dev/null @@ -1,262 +0,0 @@ -heat_template_version: rocky - -description: > - OpenStack containerized Mistral API service - -parameters: - ContainerMistralApiImage: - description: image - type: string - ContainerMistralConfigImage: - description: The container image to use for the mistral config_volume - type: string - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - DeployIdentifier: - default: '' - type: string - description: > - Setting this to a unique value will re-run any deployment tasks which - perform configuration on a Heat stack-update. - MistralWorkers: - default: 1 - description: The number of workers for the mistral-api. - type: number - MistralApiPolicies: - description: | - A hash of policies to configure for Mistral API. - e.g. { mistral-context_is_admin: { key: context_is_admin, value: 'role:admin' } } - default: {} - type: json - EnableInternalTLS: - type: boolean - default: false - MistralExecutionInterval: - default: 600 - description: This setting defines how frequently Mistral checks for cron - triggers that need execution. The default is 10 minutes and - reduces the load that is has on the system. - type: number - MistralCorsAllowedOrigin: - type: string - default: '' - description: Indicate whether this resource may be shared with the domain received in the request - "origin" header. - MistralPassword: - description: The password for the Mistral service and db account, used by the Mistral services. - type: string - hidden: true - KeystoneRegion: - type: string - default: 'regionOne' - description: Keystone region for endpoint - -conditions: - mistral_workers_zero: {equals : [{get_param: MistralWorkers}, 0]} - cors_allowed_origin_unset: {equals : [{get_param: MistralCorsAllowedOrigin}, '']} - -resources: - - ContainersCommon: - type: ../containers-common.yaml - - MySQLClient: - type: ../database/mysql-client.yaml - - MistralBase: - type: ./mistral-base.yaml - properties: - EndpointMap: {get_param: EndpointMap} - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - -outputs: - role_data: - description: Role data for the Mistral API role. - value: - service_name: mistral_api - firewall_rules: - '133 mistral': - dport: - - 8989 - - 13989 - keystone_resources: - mistral: - endpoints: - public: {get_param: [EndpointMap, MistralPublic, uri]} - internal: {get_param: [EndpointMap, MistralInternal, uri]} - admin: {get_param: [EndpointMap, MistralAdmin, uri]} - users: - mistral: - password: {get_param: MistralPassword} - region: {get_param: KeystoneRegion} - service: 'workflowv2' - config_settings: - map_merge: - - get_attr: [MistralBase, role_data, config_settings] - - - if: - - cors_allowed_origin_unset - - {} - - mistral::cors::allowed_origin: {get_param: MistralCorsAllowedOrigin} - - mistral::api::api_workers: {get_param: MistralWorkers} - mistral::api::bind_host: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]} - mistral::wsgi::apache::ssl: {get_param: EnableInternalTLS} - mistral::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' - mistral::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' - mistral::policy::policies: {get_param: MistralApiPolicies} - mistral::cron_trigger::execution_interval: {get_param: MistralExecutionInterval} - mistral::api::allow_action_execution_deletion: true - mistral::api::service_name: 'httpd' - mistral::wsgi::apache::bind_host: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]} - mistral::wsgi::apache::servername: - str_replace: - template: - "%{hiera('fqdn_$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]} - - if: - - mistral_workers_zero - - {} - - mistral::wsgi::apache::workers: {get_param: MistralWorkers} - service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} - # BEGIN DOCKER SETTINGS - puppet_config: - config_volume: mistral - puppet_tags: mistral_config - step_config: - list_join: - - "\n" - - - include tripleo::profile::base::mistral::api - - {get_attr: [MySQLClient, role_data, step_config]} - config_image: {get_param: ContainerMistralConfigImage} - kolla_config: - /var/lib/kolla/config_files/mistral_api.json: - command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/api.log --server=api - config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - permissions: - - path: /var/log/mistral - owner: mistral:mistral - recurse: true - docker_config: - # db sync runs before permissions set by kolla_config - step_2: - mistral_init_logs: - image: &mistral_api_image {get_param: ContainerMistralApiImage} - net: none - privileged: false - user: root - volumes: - - /var/log/containers/mistral:/var/log/mistral:z - command: ['/bin/bash', '-c', 'chown -R mistral:mistral /var/log/mistral'] - step_3: - mistral_db_sync: - start_order: 0 - image: *mistral_api_image - net: host - privileged: false - detach: false - user: root - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro - - /var/log/containers/mistral:/var/log/mistral:z - command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf --openstack_actions_mapping_path=/etc/mistral/mapping.json upgrade head'" - environment: - TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier} - step_4: - mistral_api: - start_order: 15 - image: *mistral_api_image - net: host - privileged: false - restart: always - healthcheck: - test: /openstack/healthcheck - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/puppet-generated/mistral:/var/lib/kolla/config_files/src:ro - - /var/log/containers/mistral:/var/log/mistral:z - environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS - step_5: - mistral_db_populate: - start_order: 1 - image: *mistral_api_image - net: host - privileged: false - detach: false - user: root - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro - - /var/log/containers/mistral:/var/log/mistral:z - # NOTE: dprince this requires that we install openstack-tripleo-common into - # the Mistral API image so that we get tripleo* actions - command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf --openstack_actions_mapping_path=/etc/mistral/mapping.json populate'" - host_prep_tasks: - - name: create persistent directories - file: - path: "{{ item.path }}" - state: directory - setype: "{{ item.setype }}" - mode: "{{ item.mode|default(omit) }}" - with_items: - - { 'path': /var/log/containers/mistral, 'setype': container_file_t, 'mode': '0750' } - deploy_steps_tasks: - - name: Copy in action mapping file - when: step|int == 3 - copy: - content: {get_file: ./mapping.json} - dest: '/var/lib/config-data/mistral/etc/mistral/mapping.json' - setype: container_file_t - force: yes - mode: '0755' diff --git a/deployment/mistral/mistral-base.yaml b/deployment/mistral/mistral-base.yaml deleted file mode 100644 index 2b353a9..0000000 --- a/deployment/mistral/mistral-base.yaml +++ /dev/null @@ -1,123 +0,0 @@ -heat_template_version: rocky - -description: > - Openstack Mistral base service. Shared for all Mistral services. - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - - Debug: - default: false - description: Set to True to enable debugging on all services. - type: boolean - MistralDebug: - default: '' - description: Set to True to enable debugging Mistral services. - type: string - constraints: - - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE'] - EnableSQLAlchemyCollectd: - type: boolean - description: > - Set to true to enable the SQLAlchemy-collectd server plugin - default: false - MistralPassword: - description: The password for the Mistral service and db account, used by the Mistral services. - type: string - hidden: true - NotificationDriver: - type: string - default: 'noop' - description: Driver or drivers to handle sending notifications. - KeystoneRegion: - type: string - default: 'regionOne' - description: Keystone region for endpoint - MistralRPCResponseTimeout: - type: number - default: 120 - description: Mistral RPC timeout - -conditions: - service_debug_unset: {equals : [{get_param: MistralDebug}, '']} - enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]} - -outputs: - role_data: - description: Shared role data for the Mistral services. - value: - service_name: mistral_base - config_settings: - mistral::database_connection: - make_url: - scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} - username: mistral - password: {get_param: MistralPassword} - host: {get_param: [EndpointMap, MysqlInternal, host]} - path: /mistral - query: - if: - - enable_sqlalchemy_collectd - - - read_default_file: /etc/my.cnf.d/tripleo.cnf - read_default_group: tripleo - plugin: collectd - collectd_program_name: mistral - collectd_host: localhost - - - read_default_file: /etc/my.cnf.d/tripleo.cnf - read_default_group: tripleo - - mistral::notification_driver: {get_param: NotificationDriver} - mistral::logging::debug: - if: - - service_debug_unset - - {get_param: Debug } - - {get_param: MistralDebug } - mistral::rpc_response_timeout: {get_param: MistralRPCResponseTimeout} - mistral::keystone::authtoken::project_name: 'service' - mistral::keystone::authtoken::user_domain_name: 'Default' - mistral::keystone::authtoken::project_domain_name: 'Default' - mistral::keystone::authtoken::password: {get_param: MistralPassword} - mistral::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneV3Internal, uri]} - mistral::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} - mistral::keystone::authtoken::region_name: {get_param: KeystoneRegion} - mistral::keystone_ec2_uri: - list_join: - - '' - - - {get_param: [EndpointMap, KeystoneV3Internal, uri]} - - '/ec2tokens' - service_config_settings: - mysql: - mistral::db::mysql::user: mistral - mistral::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - mistral::db::mysql::dbname: mistral - mistral::db::mysql::password: {get_param: MistralPassword} - mistral::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" diff --git a/deployment/mistral/mistral-engine-container-puppet.yaml b/deployment/mistral/mistral-engine-container-puppet.yaml deleted file mode 100644 index 83af0bc..0000000 --- a/deployment/mistral/mistral-engine-container-puppet.yaml +++ /dev/null @@ -1,146 +0,0 @@ -heat_template_version: rocky - -description: > - OpenStack containerized Mistral Engine service - -parameters: - ContainerMistralEngineImage: - description: image - type: string - ContainerMistralConfigImage: - description: The container image to use for the mistral config_volume - type: string - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - MistralExecutionFieldSizeLimit: - default: 1024 - description: The default maximum size in KB of large text fields of runtime - execution objects. Use -1 for no limit. - type: number - MistralEvaluationInterval: - default: 120 - description: How often will the executions be evaluated - (in minutes). For example for value 120 the interval - will be 2 hours (every 2 hours). - type: number - MistralFinishedExecutionDuration: - default: 2880 - description: Evaluate from which time remove executions in minutes. - For example when set to 60, remove all executions - that finished a 60 minutes ago or more. - Minimum value is 1. - Note that only final state execution will remove (SUCCESS/ERROR). - constraints: - - range: { min: 1 } - type: number - -resources: - - ContainersCommon: - type: ../containers-common.yaml - - MySQLClient: - type: ../database/mysql-client.yaml - - MistralBase: - type: ./mistral-base.yaml - properties: - EndpointMap: {get_param: EndpointMap} - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - -outputs: - role_data: - description: Role data for the Mistral Engine role. - value: - service_name: mistral_engine - config_settings: - map_merge: - - get_attr: [MistralBase, role_data, config_settings] - - mistral::engine::execution_field_size_limit_kb: {get_param: MistralExecutionFieldSizeLimit} - mistral::engine::evaluation_interval: {get_param: MistralEvaluationInterval} - mistral::engine::older_than: {get_param: MistralFinishedExecutionDuration} - service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} - # BEGIN DOCKER SETTINGS - puppet_config: - config_volume: mistral - puppet_tags: mistral_config - step_config: - list_join: - - "\n" - - - include tripleo::profile::base::mistral::engine - - {get_attr: [MySQLClient, role_data, step_config]} - config_image: {get_param: ContainerMistralConfigImage} - kolla_config: - /var/lib/kolla/config_files/mistral_engine.json: - command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/engine.log --server=engine - config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - permissions: - - path: /var/log/mistral - owner: mistral:mistral - recurse: true - docker_config: - step_4: - mistral_engine: - image: {get_param: ContainerMistralEngineImage} - net: host - privileged: false - restart: always - healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]} - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/mistral_engine.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/puppet-generated/mistral:/var/lib/kolla/config_files/src:ro - - /var/log/containers/mistral:/var/log/mistral:z - - /var/lib/mistral:/var/lib/mistral:ro - - /usr/share/ansible/:/usr/share/ansible/:ro - - /usr/share/openstack-tripleo-validations:/usr/share/openstack-tripleo-validations:ro - environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS - host_prep_tasks: - - name: create persistent directories - file: - path: "{{ item.path }}" - state: directory - setype: "{{ item.setype }}" - mode: "{{ item.mode }}" - with_items: - - { 'path': /var/log/containers/mistral, 'setype': container_file_t, 'mode': '0750' } - - name: enable virt_sandbox_use_netlink for healthcheck - seboolean: - name: virt_sandbox_use_netlink - persistent: yes - state: yes diff --git a/deployment/mistral/mistral-event-engine-container-puppet.yaml b/deployment/mistral/mistral-event-engine-container-puppet.yaml deleted file mode 100644 index 0f0dd88..0000000 --- a/deployment/mistral/mistral-event-engine-container-puppet.yaml +++ /dev/null @@ -1,121 +0,0 @@ -heat_template_version: rocky - -description: > - OpenStack containerized Mistral Event Engine service - -parameters: - ContainerMistralEventEngineImage: - description: image - type: string - ContainerMistralConfigImage: - description: The container image to use for the mistral config_volume - type: string - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - -resources: - - ContainersCommon: - type: ../containers-common.yaml - - MySQLClient: - type: ../database/mysql-client.yaml - - MistralBase: - type: ./mistral-base.yaml - properties: - EndpointMap: {get_param: EndpointMap} - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - -outputs: - role_data: - description: Role data for the Mistral Event Engine role. - value: - service_name: mistral_event_engine - config_settings: - get_attr: [MistralBase, role_data, config_settings] - service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} - # BEGIN DOCKER SETTINGS - puppet_config: - config_volume: mistral - puppet_tags: mistral_config - step_config: - list_join: - - "\n" - - - include tripleo::profile::base::mistral - - get_attr: [MySQLClient, role_data, step_config] - config_image: {get_param: ContainerMistralConfigImage} - kolla_config: - /var/lib/kolla/config_files/mistral_event_engine.json: - command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/event-engine.log --server=event-engine - config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - permissions: - - path: /var/log/mistral - owner: mistral:mistral - recurse: true - docker_config: - step_4: - mistral_event_engine: - image: {get_param: ContainerMistralEventEngineImage} - net: host - privileged: false - restart: always - healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]} - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/mistral_event_engine.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/puppet-generated/mistral:/var/lib/kolla/config_files/src:ro - - /var/log/containers/mistral:/var/log/mistral:z - - /var/lib/mistral:/var/lib/mistral:ro - - /usr/share/ansible/:/usr/share/ansible/:ro - - /usr/share/openstack-tripleo-validations:/usr/share/openstack-tripleo-validations:ro - environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS - host_prep_tasks: - - name: create persistent directories - file: - path: "{{ item.path }}" - state: directory - setype: "{{ item.setype }}" - mode: "{{ item.mode }}" - with_items: - - { 'path': /var/log/containers/mistral, 'setype': container_file_t, 'mode': '0750' } - - name: enable virt_sandbox_use_netlink for healthcheck - seboolean: - name: virt_sandbox_use_netlink - persistent: yes - state: yes diff --git a/deployment/mistral/mistral-executor-container-puppet.yaml b/deployment/mistral/mistral-executor-container-puppet.yaml deleted file mode 100644 index 36ccca9..0000000 --- a/deployment/mistral/mistral-executor-container-puppet.yaml +++ /dev/null @@ -1,257 +0,0 @@ -heat_template_version: rocky - -description: > - OpenStack containerized Mistral Executor service - -parameters: - ContainerMistralExecutorImage: - description: image - type: string - DockerMistralExecutorUlimit: - default: ['nofile=1024'] - description: ulimit for Mistral Executor Container - type: comma_delimited_list - ContainerMistralConfigImage: - description: The container image to use for the mistral config_volume - type: string - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - MistralExecutorVolumes: - default: [] - description: List of additional volumes to mount into the mistral-executor container - type: comma_delimited_list - MistralExecutorExtraVolumes: - default: [] - description: List of user-provided additional volumes to mount into the mistral-executor container - type: comma_delimited_list - UndercloudConfigFilePath: - default: '' - description: Configuration file for Undercloud, needed by TripleO Validations. - type: string - ContainerCli: - type: string - default: 'podman' - description: CLI tool used to manage containers. - constraints: - - allowed_values: ['docker', 'podman'] - MistralDockerGroup: - default: false - description: Add the mistral user to the docker group to allow actions to perform docker operations. - type: boolean - TripleoAdminUser: - default: 'tripleo-admin' - description: Name of user which manages the hosts - type: string - MountBackupFilesystemPaths: - default: false - description: Set to True to mount all directories stated in BackupFilesystemPaths - type: boolean - BackupBaseMountpoint: - default: '/backup' - description: Absolute paths to directory, which will use as a base directory for all mounted directories marked for backup - type: string - BackupFilesystemPaths: - description: Absolute paths to directories, which should be included during filesystem backup on undercloud - type: json - default: - - /etc/hiera.yaml - - /etc/puppet/ - - /var/lib/config-data/ - -conditions: - docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']} - mount_backup_filesystem: {equals : [{get_param: MountBackupFilesystemPaths}, true]} - -resources: - - ContainersCommon: - type: ../containers-common.yaml - - MySQLClient: - type: ../database/mysql-client.yaml - - MistralBase: - type: ./mistral-base.yaml - properties: - EndpointMap: {get_param: EndpointMap} - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - -outputs: - role_data: - description: Role data for the Mistral Executor role. - value: - service_name: mistral_executor - config_settings: - map_merge: - - get_attr: [MistralBase, role_data, config_settings] - # Note: the hiera parameter will only work if the TripleO validations - # are run from Mistral Executor container. If the parameter is - # needed on the host, it'll have to be defined somewhere else too. - # The hiera param is set to the same value as the bind mound location - # of the file inside the container. - - tripleo_undercloud_conf_file: '/var/lib/mistral/undercloud.conf' - tripleo::profile::base::mistral::executor::docker_group: {get_param: MistralDockerGroup} - service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} - # BEGIN DOCKER SETTINGS - puppet_config: - config_volume: mistral - puppet_tags: mistral_config,user,group - step_config: - list_join: - - "\n" - - - include tripleo::profile::base::mistral::executor - - {get_attr: [MySQLClient, role_data, step_config]} - config_image: {get_param: ContainerMistralConfigImage} - volumes: - list_concat: - - - if: - - docker_enabled - - - /run/docker.sock:/run/docker.sock:rw - - null - kolla_config: - /var/lib/kolla/config_files/mistral_executor.json: - command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor - config_files: - list_concat: - - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - permissions: - - path: /var/log/mistral - owner: mistral:mistral - recurse: true - - path: /var/lib/mistral - owner: mistral:mistral - recurse: true - docker_config: - step_4: - mistral_executor: - image: {get_param: ContainerMistralExecutorImage} - ulimit: {get_param: DockerMistralExecutorUlimit} - net: host - privileged: false - restart: always - healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]} - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/puppet-generated/mistral:/var/lib/kolla/config_files/src:ro - - /var/log/containers/mistral:/var/log/mistral:z - - /var/lib/mistral:/var/lib/mistral:z - - /usr/share/ansible/:/usr/share/ansible/:ro - - /var/lib/config-data/puppet-generated:/var/lib/config-data/puppet-generated:ro - - /usr/share/openstack-tripleo-validations:/usr/share/openstack-tripleo-validations:ro - - /usr/share/openstack-tripleo-heat-templates:/usr/share/openstack-tripleo-heat-templates:ro - - {get_param: MistralExecutorVolumes} - - {get_param: MistralExecutorExtraVolumes} - - - str_replace: - template: - '/home/tripleo-admin:/home/tripleo-admin' - params: - tripleo-admin: {get_param: TripleoAdminUser} - - if: - - mount_backup_filesystem - - repeat: - for_each: - PATH: {get_param: BackupFilesystemPaths} - template: - list_join: - - ':' - - - 'PATH' - - list_join: - - '/' - - - {get_param: BackupBaseMountpoint} - - 'PATH' - - 'ro' - expression: > - ($.data.paths + $.data.extra_plugins) - .flatten().distinct() - - - null - environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS - env_file: /etc/environment - host_prep_tasks: - - set_fact: - tripleo_admin_user: {get_param: TripleoAdminUser} - undercloud_cfg_file: {get_param: UndercloudConfigFilePath} - - import_role: - name: tripleo_create_admin - tasks_from: create_user.yml - vars: - tripleo_admin_generate_key: true - - name: create persistent directories - file: - path: "{{ item.path }}" - state: directory - setype: "{{ item.setype }}" - mode: "{{ item.mode|default(omit) }}" - with_items: - - { 'path': /var/log/containers/mistral, 'setype': container_file_t, 'mode': '0750' } - - { 'path': /var/lib/mistral, 'setype': container_file_t, 'mode': '0751' } - - name: create mistral/.ssh directory - file: - path: /var/lib/mistral/.ssh - state: directory - mode: 0700 - - name: copy tripleo-admin private key to /var/lib/mistral/.ssh - copy: - remote_src: yes - src: /home/{{ tripleo_admin_user }}/.ssh/id_rsa - dest: /var/lib/mistral/.ssh/{{ tripleo_admin_user }}-rsa - mode: 0600 - - name: copy undercloud.conf to /var/lib/mistral/ - when: undercloud_cfg_file != '' - copy: - src: "{{ undercloud_cfg_file }}" - dest: /var/lib/mistral/undercloud.conf - mode: 0444 - setype: container_file_t - local_follow: true - - name: create ceph-ansible source directory - file: - path: /usr/share/ceph-ansible - state: directory - setype: container_file_t - - name: create octavia-amphora-images directory - file: - path: /usr/share/openstack-octavia-amphora-images - state: directory - setype: container_file_t - - name: enable virt_sandbox_use_netlink for healthcheck - seboolean: - name: virt_sandbox_use_netlink - persistent: yes - state: yes diff --git a/environments/services-baremetal/mistral.yaml b/environments/services-baremetal/mistral.yaml index d008635..fddad5f 100644 --- a/environments/services-baremetal/mistral.yaml +++ b/environments/services-baremetal/mistral.yaml @@ -1,5 +1,6 @@ +# This environment is deprecated since Mistral will be removed in the future. resource_registry: - OS::TripleO::Services::MistralEngine: ../../deployment/mistral/mistral-engine-container-puppet.yaml - OS::TripleO::Services::MistralApi: ../../deployment/mistral/mistral-api-container-puppet.yaml - OS::TripleO::Services::MistralExecutor: ../../deployment/mistral/mistral-executor-container-puppet.yaml - OS::TripleO::Services::MistralEventEngine: ../../deployment/mistral/mistral-event-engine-container-puppet.yaml + OS::TripleO::Services::MistralEngine: ../../deployment/deprecated/mistral/mistral-engine-container-puppet.yaml + OS::TripleO::Services::MistralApi: ../../deployment/deprecated/mistral/mistral-api-container-puppet.yaml + OS::TripleO::Services::MistralExecutor: ../../deployment/deprecated/mistral/mistral-executor-container-puppet.yaml + OS::TripleO::Services::MistralEventEngine: ../../deployment/deprecated/mistral/mistral-event-engine-container-puppet.yaml diff --git a/environments/services/mistral.yaml b/environments/services/mistral.yaml index d008635..fddad5f 100644 --- a/environments/services/mistral.yaml +++ b/environments/services/mistral.yaml @@ -1,5 +1,6 @@ +# This environment is deprecated since Mistral will be removed in the future. resource_registry: - OS::TripleO::Services::MistralEngine: ../../deployment/mistral/mistral-engine-container-puppet.yaml - OS::TripleO::Services::MistralApi: ../../deployment/mistral/mistral-api-container-puppet.yaml - OS::TripleO::Services::MistralExecutor: ../../deployment/mistral/mistral-executor-container-puppet.yaml - OS::TripleO::Services::MistralEventEngine: ../../deployment/mistral/mistral-event-engine-container-puppet.yaml + OS::TripleO::Services::MistralEngine: ../../deployment/deprecated/mistral/mistral-engine-container-puppet.yaml + OS::TripleO::Services::MistralApi: ../../deployment/deprecated/mistral/mistral-api-container-puppet.yaml + OS::TripleO::Services::MistralExecutor: ../../deployment/deprecated/mistral/mistral-executor-container-puppet.yaml + OS::TripleO::Services::MistralEventEngine: ../../deployment/deprecated/mistral/mistral-event-engine-container-puppet.yaml diff --git a/releasenotes/notes/deprecate_mistral-9136fd5e41b37e0d.yaml b/releasenotes/notes/deprecate_mistral-9136fd5e41b37e0d.yaml new file mode 100644 index 0000000..3f3240d --- /dev/null +++ b/releasenotes/notes/deprecate_mistral-9136fd5e41b37e0d.yaml @@ -0,0 +1,4 @@ +--- +deprecations: + - | + Mistral services are deprecated and will be removed in a next release.