75d0b8c14f3ab851fa6a3b35f02062689bcac8de
[apex-tripleo-heat-templates.git] / docker / services / heat-api.yaml
1 heat_template_version: pike
2
3 description: >
4   OpenStack containerized Heat API service
5
6 parameters:
7   DockerHeatApiImage:
8     description: image
9     type: string
10   # puppet needs the heat-wsgi-api binary from centos-binary-heat-api
11   DockerHeatApiConfigImage:
12     description: The container image to use for the heat_api config_volume
13     type: string
14   EndpointMap:
15     default: {}
16     description: Mapping of service endpoint -> protocol. Typically set
17                  via parameter_defaults in the resource registry.
18     type: json
19   ServiceData:
20     default: {}
21     description: Dictionary packing service data
22     type: json
23   ServiceNetMap:
24     default: {}
25     description: Mapping of service_name -> network name. Typically set
26                  via parameter_defaults in the resource registry.  This
27                  mapping overrides those in ServiceNetMapDefaults.
28     type: json
29   DefaultPasswords:
30     default: {}
31     type: json
32   RoleName:
33     default: ''
34     description: Role name on which the service is applied
35     type: string
36   RoleParameters:
37     default: {}
38     description: Parameters specific to the role
39     type: json
40   EnableInternalTLS:
41     type: boolean
42     default: false
43
44 conditions:
45
46   internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
47
48 resources:
49
50   ContainersCommon:
51     type: ./containers-common.yaml
52
53   HeatBase:
54     type: ../../puppet/services/heat-api.yaml
55     properties:
56       EndpointMap: {get_param: EndpointMap}
57       ServiceData: {get_param: ServiceData}
58       ServiceNetMap: {get_param: ServiceNetMap}
59       DefaultPasswords: {get_param: DefaultPasswords}
60       RoleName: {get_param: RoleName}
61       RoleParameters: {get_param: RoleParameters}
62
63 outputs:
64   role_data:
65     description: Role data for the Heat API role.
66     value:
67       service_name: {get_attr: [HeatBase, role_data, service_name]}
68       config_settings:
69         map_merge:
70           - get_attr: [HeatBase, role_data, config_settings]
71           - apache::default_vhost: false
72       step_config: &step_config
73         get_attr: [HeatBase, role_data, step_config]
74       logging_source: {get_attr: [HeatBase, role_data, logging_source]}
75       logging_groups: {get_attr: [HeatBase, role_data, logging_groups]}
76       service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]}
77       # BEGIN DOCKER SETTINGS
78       puppet_config:
79         config_volume: heat_api
80         puppet_tags: heat_config,file,concat,file_line
81         step_config: *step_config
82         config_image: {get_param: DockerHeatApiConfigImage}
83       kolla_config:
84         /var/lib/kolla/config_files/heat_api.json:
85           command: /usr/sbin/httpd -DFOREGROUND
86           config_files:
87             - source: "/var/lib/kolla/config_files/src/*"
88               dest: "/"
89               merge: true
90               preserve_properties: true
91           permissions:
92             - path: /var/log/heat
93               owner: heat:heat
94               recurse: true
95         /var/lib/kolla/config_files/heat_api_cron.json:
96           command: /usr/sbin/crond -n
97           config_files:
98             - source: "/var/lib/kolla/config_files/src/*"
99               dest: "/"
100               merge: true
101               preserve_properties: true
102           permissions:
103             - path: /var/log/heat
104               owner: heat:heat
105               recurse: true
106       docker_config:
107         step_4:
108           heat_api:
109             image: {get_param: DockerHeatApiImage}
110             net: host
111             privileged: false
112             restart: always
113             # NOTE(mandre) kolla image changes the user to 'heat', we need it
114             # to be root to run httpd
115             user: root
116             volumes:
117               list_concat:
118                 - {get_attr: [ContainersCommon, volumes]}
119                 -
120                   - /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro
121                   - /var/lib/config-data/puppet-generated/heat_api/:/var/lib/kolla/config_files/src:ro
122                   - /var/log/containers/heat:/var/log/heat
123                   - /var/log/containers/httpd/heat-api:/var/log/httpd
124                   -
125                     if:
126                       - internal_tls_enabled
127                       - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
128                       - ''
129                   -
130                     if:
131                       - internal_tls_enabled
132                       - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
133                       - ''
134             environment:
135               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
136           heat_api_cron:
137             image: {get_param: DockerHeatApiImage}
138             net: host
139             user: root
140             privileged: false
141             restart: always
142             healthcheck:
143               test: /bin/true
144             volumes:
145               list_concat:
146                 - {get_attr: [ContainersCommon, volumes]}
147                 -
148                   - /var/lib/kolla/config_files/heat_api_cron.json:/var/lib/kolla/config_files/config.json:ro
149                   - /var/lib/config-data/puppet-generated/heat_api/:/var/lib/kolla/config_files/src:ro
150                   - /var/log/containers/heat:/var/log/heat
151                   - /var/log/containers/httpd/heat-api:/var/log/httpd
152             environment:
153               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
154       host_prep_tasks:
155         - name: create persistent logs directory
156           file:
157             path: "{{ item }}"
158             state: directory
159           with_items:
160             - /var/log/containers/heat
161             - /var/log/containers/httpd/heat-api
162       upgrade_tasks:
163         - name: Check is heat_api is deployed
164           command: systemctl is-enabled openstack-heat-api
165           tags: common
166           ignore_errors: True
167           register: heat_api_enabled
168         - name: remove old heat cron jobs
169           file:
170             path: /var/spool/cron/heat
171             state: absent
172         - name: check for heat_api running under apache (post upgrade)
173           tags: step2
174           shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_wsgi"
175           register: heat_api_apache
176           ignore_errors: true
177           changed_when: false
178           check_mode: no
179         - name: Stop heat_api service (running under httpd)
180           tags: step2
181           service: name=httpd state=stopped
182           when: heat_api_apache.rc == 0
183         - name: Stop and disable heat_api service (pre-upgrade not under httpd)
184           tags: step2
185           service: name=openstack-heat-api state=stopped enabled=no
186           when: heat_api_enabled.rc == 0
187       metadata_settings:
188         get_attr: [HeatBase, role_data, metadata_settings]