heat_template_version: rocky

description: >
  OpenStack containerized Cinder Backup service

parameters:
  DockerCinderBackupImage:
    description: image
    type: string
  DockerCinderConfigImage:
    description: The container image to use for the cinder config_volume
    type: string
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  ServiceData:
    default: {}
    description: Dictionary packing service data
    type: json
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json
  UpgradeRemoveUnusedPackages:
    default: false
    description: Remove package if the service is being disabled during upgrade
    type: boolean
  CephClusterName:
    type: string
    default: ceph
    description: The Ceph cluster name.
    constraints:
    - allowed_pattern: "[a-zA-Z0-9]+"
      description: >
        The Ceph cluster name must be at least 1 character and contain only
        letters and numbers.
  CephClientUserName:
    default: openstack
    type: string
  DockerCinderBackupLoggingSource:
    type: json
    default:
      tag: openstack.cinder.backup
      path: /var/log/containers/cinder/cinder-backup.log

resources:

  ContainersCommon:
    type: ./containers-common.yaml

  MySQLClient:
    type: ../../puppet/services/database/mysql-client.yaml

  CinderBase:
    type: ../../puppet/services/cinder-backup.yaml
    properties:
      EndpointMap: {get_param: EndpointMap}
      ServiceData: {get_param: ServiceData}
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      RoleName: {get_param: RoleName}
      RoleParameters: {get_param: RoleParameters}

  CinderCommon:
    type: ./cinder-common.yaml

outputs:
  role_data:
    description: Role data for the Cinder Backup role.
    value:
      service_name: {get_attr: [CinderBase, role_data, service_name]}
      config_settings: {get_attr: [CinderBase, role_data, config_settings]}
      service_config_settings:
        map_merge:
          - get_attr: [CinderBase, role_data, service_config_settings]
          - fluentd:
              tripleo_fluentd_groups_cinder_backup:
                - cinder
              tripleo_fluentd_sources_cinder_backup:
                - {get_param: DockerCinderBackupLoggingSource}
      # BEGIN DOCKER SETTINGS
      puppet_config:
        config_volume: cinder
        puppet_tags: cinder_config,file,concat,file_line
        step_config:
          list_join:
            - "\n"
            - - {get_attr: [CinderBase, role_data, step_config]}
              - {get_attr: [MySQLClient, role_data, step_config]}
        config_image: {get_param: DockerCinderConfigImage}
      kolla_config:
        /var/lib/kolla/config_files/cinder_backup.json:
          command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
          config_files:
            - source: "/var/lib/kolla/config_files/src/*"
              dest: "/"
              merge: true
              preserve_properties: true
            - source: "/var/lib/kolla/config_files/src-ceph/"
              dest: "/etc/ceph/"
              merge: true
              preserve_properties: true
            - source: "/var/lib/kolla/config_files/src-iscsid/*"
              dest: "/etc/iscsi/"
              merge: true
              preserve_properties: true
          permissions:
            - path: /var/lib/cinder
              owner: cinder:cinder
              recurse: true
            - path: /var/log/cinder
              owner: cinder:cinder
              recurse: true
            - path:
                str_replace:
                  template: /etc/ceph/CLUSTER.client.USER.keyring
                  params:
                    CLUSTER: {get_param: CephClusterName}
                    USER: {get_param: CephClientUserName}
              owner: cinder:cinder
              perm: '0600'
      docker_config:
        step_3:
          cinder_backup_init_logs:
            start_order: 0
            image: &cinder_backup_image {get_param: DockerCinderBackupImage}
            privileged: false
            user: root
            volumes:
              - /var/log/containers/cinder:/var/log/cinder:z
            command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
        step_4:
          cinder_backup:
            image: *cinder_backup_image
            net: host
            privileged: true
            restart: always
            healthcheck:
              test:
                list_join:
                  - ' '
                  - - '/openstack/healthcheck'
                    - yaql:
                        expression: str($.data.port)
                        data:
                          port: {get_attr: [CinderBase, role_data, config_settings, 'cinder::rabbit_port']}
            volumes: {get_attr: [CinderCommon, cinder_backup_volumes]}
            environment: {get_attr: [CinderCommon, cinder_backup_environment]}
      host_prep_tasks:
        - name: create persistent directories
          file:
            path: "{{ item.path }}"
            state: directory
            setype: "{{ item.setype }}"
          with_items:
            - { 'name': /var/lib/cinder, 'setype': svirt_sandbox_file_t }
            - { 'name': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t }
        - name: cinder logs readme
          copy:
            dest: /var/log/cinder/readme.txt
            content: |
              Log files from cinder containers can be found under
              /var/log/containers/cinder and /var/log/containers/httpd/cinder-api.
          ignore_errors: true
        - name: ensure ceph configurations exist
          file:
            path: /etc/ceph
            state: directory
      upgrade_tasks:
        - when: step|int == 0
          tags: common
          block:
            - name: Check if cinder_backup is deployed
              command: systemctl is-enabled openstack-cinder-backup
              ignore_errors: True
              register: cinder_backup_enabled_result
            - name: Set fact cinder_backup_enabled
              set_fact:
                cinder_backup_enabled: "{{ cinder_backup_enabled_result.rc == 0 }}"
            - name: "PreUpgrade step0,validation: Check service openstack-cinder-backup is running"
              shell: systemctl is-active --quiet openstack-cinder-backup
              when: cinder_backup_enabled|bool
              tags: validation
        - when: step|int == 2
          block:
            - name: Stop and disable cinder_backup service
              when: cinder_backup_enabled|bool
              service: name=openstack-cinder-backup state=stopped enabled=no
        - when: step|int == 3
          block:
            - name: Set fact for removal of openstack-cinder package
              set_fact:
                remove_cinder_package: {get_param: UpgradeRemoveUnusedPackages}
            - name: Remove openstack-cinder package if operator requests it
              package: name=openstack-cinder state=removed
              ignore_errors: True
              when: remove_cinder_package|bool