reference_templates/DockerBP.yaml-template

# -*- indent-tabs-mode: nil -*- # vi: set expandtab:
#
# ============LICENSE_START====================================================
# org.onap.dcae
# =============================================================================
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
# =============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# 
#      http://www.apache.org/licenses/LICENSE-2.0
# 
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END======================================================

tosca_definitions_version: cloudify_dsl_1_3

imports:
  - http://www.getcloudify.org/spec/cloudify/3.4/types.yaml
  - http://www.getcloudify.org/spec/openstack-plugin/1.4/plugin.yaml
  - http://www.getcloudify.org/spec/fabric-plugin/1.4.1/plugin.yaml
  - {{ ONAPTEMPLATE_RAWREPOURL_org_onap_ccsdk_platform_plugins_releases }}/type_files/dnsdesig/dns_types.yaml
  - {{ ONAPTEMPLATE_RAWREPOURL_org_onap_ccsdk_platform_plugins_releases }}/type_files/sshkeyshare/sshkey_types.yaml
  - {{ ONAPTEMPLATE_RAWREPOURL_org_onap_dcaegen2_platform_plugins_releases }}/relationshipplugin/1.0.0/relationshipplugin_types.yaml
  - {{ ONAPTEMPLATE_RAWREPOURL_org_onap_dcaegen2_platform_plugins_releases }}/type_files/dockerplugin/2/dockerplugin_types.yaml


 
inputs:
  registered_dockerhost_name:
    description: the name that this Dockerhost is registered as
  location_id:
    description: the location ID for the location where the Docker hsot is being deployed
    type: string
  target_datacenter:
    description: |-
      This is the name of the target Consul datacenter that the docker host will try to join
    type: string
  registrator_image:
    description: |-
      Full uri to registrator Docker image. Note! You should be using the forked version of
      registrator in order to have Consul health checks for Docker containers.
    type: string
  centos7image_id:
    type: string
    default: ''
  ubuntu1604image_id:
    type: string
  flavor_id:
    type: string
  security_group:
    type: string
  public_net:
    type: string
  private_net:
    type: string
  openstack: {}
  keypair:
    type: string
  location_prefix:
    type: string
  location_domain:
    type: string
  node_name:
    description: Used to construct the fqdn of the docker host
    type: string
    default: dokr00
  key_filename:
    type: string
  codesource_url:
    type: string
  codesource_version:
    type: string
  vm_init_dokr_00:
    type: string
    default: |-
      #!/bin/sh
      set -x
      DATACENTER=
  vm_init_dokr_01:
    type: string
    default: |-
      REGNAME=
  vm_init_dokr_fqdn:
    type: string
    description: |-
      The FQDN environment variable is to be used in the cloud init script for the Docker host.
      This is to be applied as metadata on the Consul node for the Docker host under the key
      "fqdn".
    default: |-
      FQDN=
  vm_init_dokr_service_tags:
    type: string
    description: |-
      Environment variable assigned to a list of strings that are to be used as tags to label
      the docker host. These tags are used when registering the docker host as a service in 
      Consul. The format of this input parameter is a string that is a shell script variable
      assignment of the variable SERVICE_TAGS. It must be either null or a json array of strings.
      Here is a valid example of when the value is a json array:

          'SERVICE_TAGS="[\"foo\", \"bar\"]"'

      Note how the double quotes per array element are escaped.
    default: "SERVICE_TAGS=null"
  vm_init_dokr_02:
    type: string
    default: |
      MYIP=`wget -qO- http://169.254.169.254/2009-04-04/meta-data/local-ipv4`
      while [ -z "$MYPUB" ]; do
        MYPUB=`wget -qO- http://169.254.169.254/2009-04-04/meta-data/public-ipv4`
        sleep 5
      done
      echo "My public IP: $MYPUB"
      MYNAME=`hostname`
      echo >>/etc/hosts
      echo $MYIP $MYNAME >>/etc/hosts

      # Grab nameservers to be used to setup recursors for Consul
      cat <<EOF > /tmp/grab_nameservers.py
      with open("/etc/resolv.conf", "r") as f:
        nss = [line.split(" ")[1].strip() for line in f.readlines() if line.startswith("nameserver")]
        print("[\"{0}\"]".format("\",\"".join(nss)))
      EOF
      NAMESERVERS=$(python3 /tmp/grab_nameservers.py)

      mkdir -p /opt/consul/config /opt/consul/data /opt/consul/bin
      # Download Consul from Nexus
      apt-get update
      DEBIAN_FRONTEND=noninteractive apt-get install -y -q unzip
      CONSUL_BIN_DIR=/opt/consul/bin
      curl -Ss  https://releases.hashicorp.com/consul/0.8.3/consul_0.8.3_linux_amd64.zip > $CONSUL_BIN_DIR/consul_0.8.3_linux_amd64.zip
      unzip $CONSUL_BIN_DIR/consul_0.8.3_linux_amd64.zip -d $CONSUL_BIN_DIR
      # NOTE: The health check for the docker host is a simple existence look up for
      # registrator (name is hardcoded). It does not check if registrator is running.
      # This would require a script health check which means we might need to turn on 
      # "enable_script_check".
      # NOTE: At the time of this change, there is no issue but there could be a
      # chicken-and-egg issue where the health check might depend upon future downstream
      # nodes (registrator) that downstream node requires a *healthy* docker host.
      cat <<EOF > /opt/consul/config/consul.json
      {
        "bind_addr" : "0.0.0.0",
        "client_addr" : "0.0.0.0",
        "advertise_addr" : "$MYIP",
        "data_dir" : "/opt/consul/data",
        "datacenter": "$DATACENTER",
        "http_api_response_headers": {
           "Access-Control-Allow-Origin" : "*"
        },
        "rejoin_after_leave": true,
        "server": false,
        "ui": false,
        "enable_syslog": true,
        "log_level": "info",
        "ports": {
            "dns": 53
        },
        "recursors": $NAMESERVERS,
        "service" : {
          "id": "$REGNAME",
          "name": "$REGNAME",
          "address": "$MYPUB",
          "port": 2376,
          "tags": $SERVICE_TAGS,
          "checks": [
            {
              "http": "http://$MYPUB:2376/containers/registrator/json",
              "interval": "30s"
            }
          ]
        },
        "node_meta": {
          "fqdn": "$FQDN"
        }
      }
      EOF

      # Specify DOCKER_HOST environment variable to support healthchecks for Docker containers
      # in Consul. Tried using the local unix socket but that did not work (possible bug in Consul)
      # so forcing to use the http connection to Docker engine.
      cat <<EOF > /lib/systemd/system/consul.service
      [Unit]
      Description=Consul
      Requires=network-online.target
      After=network.target
      [Service]
      Type=simple
      Environment=DOCKER_HOST=tcp://localhost:2376
      ExecStart=/opt/consul/bin/consul agent -config-dir=/opt/consul/config
      ExecReload=/bin/kill -HUP \$MAINPID
      [Install]
      WantedBy=multi-user.target
      EOF
      systemctl enable consul
      systemctl start consul
      until /opt/consul/bin/consul join "cloudify-manager-${DATACENTER}"
      do
        echo Waiting to join Consul cluster
        sleep 60
      done

      DEBIAN_FRONTEND=noninteractive apt-get install -y -q linux-image-extra-`uname -r` linux-image-extra-virtual apparmor dirmngr
      DEBIAN_FRONTEND=noninteractive apt-get install -y -q docker.io
      echo 'DOCKER_OPTS="--raw-logs -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock"' >>/etc/default/docker
      systemctl restart docker
node_templates:
  key_pair:
    type: cloudify.openstack.nodes.KeyPair
    properties:
      private_key_path: { get_input: key_filename }
      use_external_resource: True
      resource_id: { get_input: keypair }
      openstack_config: &open_conf
        get_input: openstack
  private_net:
    type: cloudify.openstack.nodes.Network
    properties:
      use_external_resource: True
      resource_id: { get_input: private_net }
      openstack_config: *open_conf
  security_group:
    type: cloudify.openstack.nodes.SecurityGroup
    properties:
      use_external_resource: True
      resource_id: { get_input: security_group }
      openstack_config: *open_conf
  fixedip_dokr00:
    type: cloudify.openstack.nodes.Port
    properties:
      port:
        extra_dhcp_opts:
          - opt_name: 'domain-name'
            opt_value: { get_input: location_domain }    
      openstack_config: *open_conf
    relationships:
      - type: cloudify.relationships.contained_in
        target: private_net
  floatingip_dokr00:
    type: cloudify.openstack.nodes.FloatingIP
    properties:
      openstack_config: *open_conf
    interfaces:
      cloudify.interfaces.lifecycle:
        create:
          inputs:
            args:
              floating_network_name: { get_input: public_net }
  dns_dokr00:
    type: ccsdk.nodes.dns.arecord
    properties:
      fqdn: { concat: [ { get_input: location_prefix }, { get_input: node_name }, '.', { get_input: location_domain } ] }
      openstack: *open_conf
    interfaces:
      cloudify.interfaces.lifecycle:
        create:
          inputs:
            args:
              ip_addresses:
                - { get_attribute: [ floatingip_dokr00, floating_ip_address ] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: floatingip_dokr00
  host_dokr00:
    type: cloudify.openstack.nodes.Server
    properties:
      install_agent: false
      image: { get_input: ubuntu1604image_id }
      flavor: { get_input: flavor_id }
      management_network_name: { get_input: private_net }
      openstack_config: *open_conf
    interfaces:
      cloudify.interfaces.lifecycle:
        create:
          inputs:
            args:
              name: { concat: [ { get_input: location_prefix }, { get_input: node_name }] }
              userdata: 
                concat:
                  - { get_input: vm_init_dokr_00 }
                  - { get_input: target_datacenter }
                  - |+
                  
                  - { get_input: vm_init_dokr_01 }
                  - { get_input: registered_dockerhost_name }
                  - |+

                  - { get_input: vm_init_dokr_fqdn }
                  - { get_property: [ dns_dokr00, fqdn ] }
                  - |+

                  - { get_input: vm_init_dokr_service_tags }
                  - |+
                                 
                  - { get_input: vm_init_dokr_02 }
    relationships:
      - type: cloudify.openstack.server_connected_to_port
        target: fixedip_dokr00
      - type: cloudify.openstack.server_connected_to_security_group
        target: security_group
      - type: cloudify.openstack.server_connected_to_floating_ip
        target: floatingip_dokr00
      - type: cloudify.openstack.server_connected_to_keypair
        target: key_pair
      - type: cloudify.relationships.depends_on
        target: dns_dokr00

  registrator:
    type: dcae.nodes.DockerContainer
    properties:
        name:
            'registrator'
        image:
            { get_input: registrator_image }
    relationships:
      - type: dcae.relationships.component_contained_in
        target: docker_host
    interfaces:
      cloudify.interfaces.lifecycle:
        start:
          inputs:
            envs:
              EXTERNAL_IP: 
                get_attribute: [ floatingip_dokr00, floating_ip_address ]
            volumes:
              - host:
                  path: '/var/run/docker.sock'
                container:
                  bind: '/tmp/docker.sock'
                  mode: 'ro'
  
  docker_host:
    type: dcae.nodes.SelectedDockerHost
    properties:
        location_id:
            { get_input: location_id }
        docker_host_override:
            { get_input: registered_dockerhost_name }
    relationships:
          - type: cloudify.relationships.depends_on #this is to avoid a race condition
            target: host_dokr00