Code Review / apex-tripleo-heat-templates.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Merge "Ensure we update ceph and composable nodes"
[apex-tripleo-heat-templates.git] / puppet / services / barbican-api.yaml
1 heat_template_version: 2016-04-08
2
3 description: >
4   OpenStack Barbican API service configured with Puppet
5
6 parameters:
7   ServiceNetMap:
8     default: {}
9     description: Mapping of service_name -> network name. Typically set
10                  via parameter_defaults in the resource registry.  This
11                  mapping overrides those in ServiceNetMapDefaults.
12     type: json
13   DefaultPasswords:
14     default: {}
15     type: json
16   EndpointMap:
17     default: {}
18     description: Mapping of service endpoint -> protocol. Typically set
19                  via parameter_defaults in the resource registry.
20     type: json
21   BarbicanPassword:
22     description: The password for the barbican service account.
23     type: string
24     hidden: true
25   BarbicanWorkers:
26     description: Set the number of workers for barbican::wsgi::apache
27     default: '"%{::processorcount}"'
28     type: string
29   Debug:
30     default: ''
31     description: Set to True to enable debugging on all services.
32     type: string
33   KeystoneRegion:
34     type: string
35     default: 'regionOne'
36     description: Keystone region for endpoint
37   RabbitClientPort:
38     default: 5672
39     description: Set rabbit subscriber port, change this if using SSL
40     type: number
41   RabbitClientUseSSL:
42     default: false
43     description: >
44         Rabbit client subscriber parameter to specify
45         an SSL connection to the RabbitMQ host.
46     type: string
47   RabbitPassword:
48     description: The password for RabbitMQ
49     type: string
50     hidden: true
51   RabbitUserName:
52     default: guest
53     description: The username for RabbitMQ
54     type: string
55
56 resources:
57
58   ApacheServiceBase:
59     type: ./apache.yaml
60     properties:
61       ServiceNetMap: {get_param: ServiceNetMap}
62       DefaultPasswords: {get_param: DefaultPasswords}
63       EndpointMap: {get_param: EndpointMap}
64
65 outputs:
66   role_data:
67     description: Role data for the Barbican API role.
68     value:
69       service_name: barbican_api
70       config_settings:
71         map_merge:
72           - get_attr: [ApacheServiceBase, role_data, config_settings]
73           - barbican::keystone::authtoken::password: {get_param: BarbicanPassword}
74             barbican::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
75             barbican::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
76             barbican::keystone::authtoken::project_name: 'service'
77             barbican::api::host_href: {get_param: [EndpointMap, BarbicanPublic, uri]}
78             barbican::api::db_auto_create: false
79             barbican::api::enabled_certificate_plugins: ['simple_certificate']
80             barbican::api::logging::debug: {get_param: Debug}
81             barbican::api::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
82             barbican::api::rabbit_userid: {get_param: RabbitUserName}
83             barbican::api::rabbit_password: {get_param: RabbitPassword}
84             barbican::api::rabbit_port: {get_param: RabbitClientPort}
85             barbican::api::rabbit_heartbeat_timeout_threshold: 60
86             barbican::api::service_name: 'httpd'
87             barbican::wsgi::apache::bind_host: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
88             barbican::wsgi::apache::ssl: false
89             barbican::wsgi::apache::workers: {get_param: BarbicanWorkers}
90             barbican::wsgi::apache::servername:
91               str_replace:
92                 template:
93                   '"%{::fqdn_$NETWORK}"'
94                 params:
95                   $NETWORK: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
96             barbican::db::database_connection:
97               list_join:
98                 - ''
99                 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
100                   - '://barbican:'
101                   - {get_param: BarbicanPassword}
102                   - '@'
103                   - {get_param: [EndpointMap, MysqlInternal, host]}
104                   - '/barbican'
105             tripleo.barbican_api.firewall_rules:
106               '117 barbican':
107                 dport:
108                   - 9311
109                   - 13311
110       step_config: |
111         include ::tripleo::profile::base::barbican::api
112       service_config_settings:
113         mysql:
114           barbican::db::mysql::password: {get_param: BarbicanPassword}
115           barbican::db::mysql::user: barbican
116           barbican::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
117           barbican::db::mysql::dbname: barbican
118           barbican::db::mysql::allowed_hosts:
119             - '%'
120             - "%{hiera('mysql_bind_host')}"
121         keystone:
122           barbican::keystone::auth::public_url: {get_param: [EndpointMap, BarbicanPublic, uri]}
123           barbican::keystone::auth::internal_url: {get_param: [EndpointMap, BarbicanInternal, uri]}
124           barbican::keystone::auth::admin_url: {get_param: [EndpointMap, BarbicanAdmin, uri]}
125           barbican::keystone::auth::password: {get_param: BarbicanPassword}
126           barbican::keystone::auth::region: {get_param: KeystoneRegion}
127           barbican::keystone::auth::tenant: 'service'