{"heat_template_version": "wallaby", "description": "Contains a static list of common things necessary for containers\n", "parameters": {"EndpointMap": {"default": {}, "description": "Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.", "type": "json"}, "ServiceData": {"default": {}, "description": "Dictionary packing service data", "type": "json"}, "ServiceNetMap": {"default": {}, "description": "Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. Use parameter_merge_strategies to merge it with the defaults.", "type": "json"}, "RoleName": {"default": "", "description": "Role name on which the service is applied", "type": "string"}, "RoleParameters": {"default": {}, "description": "Parameters specific to the role", "type": "json"}, "EnableInternalTLS": {"type": "boolean", "default": false}, "InternalTLSCAFile": {"default": "/etc/ipa/ca.crt", "type": "string", "description": "Specifies the default CA cert to use if TLS is used for services in the internal network."}, "RpcPort": {"default": 5672, "description": "The network port for messaging backend", "type": "number"}, "PcmkConfigRestartTimeout": {"default": 600, "description": "Time in seconds to wait for a pacemaker resource to restart when a config change is detected and the resource is being restarted", "type": "number"}, "ContainerCli": {"type": "string", "default": "podman", "description": "CLI tool used to manage containers.", "constraints": [{"allowed_values": ["docker", "podman"]}]}}, "conditions": {"internal_tls_enabled": {"equals": [{"get_param": "EnableInternalTLS"}, true]}, "docker_enabled": {"equals": [{"get_param": "ContainerCli"}, "docker"]}}, "outputs": {"container_config_scripts": {"description": "Shared container config scripts", "value": {"container_puppet_apply.sh": {"mode": "0700", "content": "#!/bin/bash\nset -eux\nSTEP=$1\nTAGS=$2\nCONFIG=$3\nEXTRA_ARGS=${4:-''}\nif [ -d /tmp/puppet-etc ]; then\n  # ignore copy failures as these may be the same file depending on docker mounts\n  cp -a /tmp/puppet-etc/* /etc/puppet || true\nfi\necho \"{\\\"step\\\": ${STEP}}\" > /etc/puppet/hieradata/docker_puppet.json\n# $::deployment_type in puppet-tripleo\nexport FACTER_deployment_type=containers\nset +e\npuppet apply $EXTRA_ARGS \\\n    --verbose \\\n    --detailed-exitcodes \\\n    --summarize \\\n    --color=false \\\n    --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules \\\n    --tags $TAGS \\\n    -e \"noop_resource('package'); ${CONFIG}\"\nrc=$?\nset -e\nset +ux\nif [ $rc -eq 2 -o $rc -eq 0 ]; then\n    exit 0\nfi\nexit $rc\n"}, "pyshim.sh": {"mode": "0755", "content": {"get_file": "file:///usr/share/openstack-tripleo-heat-templates/container_config_scripts/pyshim.sh"}}, "pacemaker_restart_bundle.sh": {"mode": "0755", "content": {"str_replace": {"template": {"get_file": "file:///usr/share/openstack-tripleo-heat-templates/container_config_scripts/pacemaker_restart_bundle.sh"}, "params": {"__PCMKTIMEOUT__": {"get_param": "PcmkConfigRestartTimeout"}}}}}, "pacemaker_wait_bundle.sh": {"mode": "0755", "content": {"str_replace": {"template": {"get_file": "file:///usr/share/openstack-tripleo-heat-templates/container_config_scripts/pacemaker_wait_bundle.sh"}, "params": {"__PCMKTIMEOUT__": {"get_param": "PcmkConfigRestartTimeout"}}}}}, "wait-port-and-run.sh": {"mode": "0755", "content": {"get_file": "file:///usr/share/openstack-tripleo-heat-templates/container_config_scripts/wait-port-and-run.sh"}}, "pacemaker_resource_lock.sh": {"mode": "0755", "content": {"get_file": "file:///usr/share/openstack-tripleo-heat-templates/container_config_scripts/pacemaker_resource_lock.sh"}}, "pacemaker_mutex_restart_bundle.sh": {"mode": "0755", "content": {"get_file": "file:///usr/share/openstack-tripleo-heat-templates/container_config_scripts/pacemaker_mutex_restart_bundle.sh"}}, "pacemaker_mutex_shutdown.sh": {"mode": "0755", "content": {"get_file": "file:///usr/share/openstack-tripleo-heat-templates/container_config_scripts/pacemaker_mutex_shutdown.sh"}}}}, "volumes_base": {"description": "Base volume list", "value": {"list_concat": [["/etc/hosts:/etc/hosts:ro", "/etc/localtime:/etc/localtime:ro", "/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro", "/etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro", "/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro", "/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro", "/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro", "/dev/log:/dev/log"], {"if": ["internal_tls_enabled", [{"list_join": [":", [{"get_param": "InternalTLSCAFile"}, {"get_param": "InternalTLSCAFile"}, "ro"]]}], null]}]}}, "volumes": {"description": "Common volumes for the containers.", "value": {"list_concat": [{"list_concat": [["/etc/hosts:/etc/hosts:ro", "/etc/localtime:/etc/localtime:ro", "/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro", "/etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro", "/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro", "/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro", "/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro", "/dev/log:/dev/log"], {"if": ["internal_tls_enabled", [{"list_join": [":", [{"get_param": "InternalTLSCAFile"}, {"get_param": "InternalTLSCAFile"}, "ro"]]}], null]}]}, ["/etc/puppet:/etc/puppet:ro"]]}}, "pacemaker_restart_volumes": {"description": "Common volumes for the pacemaker restart containers.", "value": {"list_concat": [{"list_concat": [["/etc/hosts:/etc/hosts:ro", "/etc/localtime:/etc/localtime:ro", "/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro", "/etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro", "/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro", "/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro", "/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro", "/dev/log:/dev/log"], {"if": ["internal_tls_enabled", [{"list_join": [":", [{"get_param": "InternalTLSCAFile"}, {"get_param": "InternalTLSCAFile"}, "ro"]]}], null]}]}, ["/var/lib/container-config-scripts:/var/lib/container-config-scripts:ro", "/dev/shm:/dev/shm:rw", "/etc/puppet:/etc/puppet:ro"], {"if": ["docker_enabled", ["/etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro"], null]}]}}, "container_puppet_apply_volumes": {"description": "Common volumes needed to run the container_puppet_apply.sh from container_config_scripts", "value": {"list_concat": [{"list_concat": [["/etc/hosts:/etc/hosts:ro", "/etc/localtime:/etc/localtime:ro", "/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro", "/etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro", "/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro", "/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro", "/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro", "/dev/log:/dev/log"], {"if": ["internal_tls_enabled", [{"list_join": [":", [{"get_param": "InternalTLSCAFile"}, {"get_param": "InternalTLSCAFile"}, "ro"]]}], null]}]}, ["/var/lib/container-config-scripts/container_puppet_apply.sh:/container_puppet_apply.sh:ro", "/etc/puppet:/tmp/puppet-etc:ro", "/usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro"]]}}, "healthcheck_rpc_port": {"description": "healthcheck command that probes the RpcPort", "value": {"test": {"str_replace": {"template": "/openstack/healthcheck RPCPORT", "params": {"RPCPORT": {"get_param": "RpcPort"}}}}}}}}