Merge "Use tripleo profile for bigswitch agent"

[apex-tripleo-heat-templates.git] / puppet / services / ec2-api.yaml

heat_template_version: ocata

description: >
  OpenStack EC2-API service configured with Puppet

parameters:
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  Ec2ApiWorkers:
    default: 0
    description: Number of workers for EC2-API service.
    type: number
  Ec2ApiPassword:
    description: The password for the nova service and db account, used by nova-api.
    type: string
    hidden: true
  KeystoneRegion:
    type: string
    default: 'regionOne'
    description: Keystone region for endpoint
  MonitoringSubscriptionEc2Api:
    default: 'overcloud-ec2-api'
    type: string
  Ec2ApiLoggingSource:
    type: json
    default:
      tag: openstack.ec2.api
      path: /var/log/ec2api/ec2api.log
  EnablePackageInstall:
    default: 'false'
    description: Set to true to enable package installation via Puppet
    type: boolean
  Ec2ApiPolicies:
    description: |
      A hash of policies to configure for EC2-API.
      e.g. { ec2api-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
    default: {}
    type: json


conditions:
  nova_workers_zero: {equals : [{get_param: Ec2ApiWorkers}, 0]}

outputs:
  role_data:
    description: Role data for the EC2-API service.
    value:
      service_name: ec2_api
      monitoring_subscription: {get_param: MonitoringSubscriptionEc2Api}
      logging_source: {get_param: Ec2ApiLoggingSource}
      logging_groups:
        - nova
      config_settings:
        map_merge:
        - tripleo.ec2_api.firewall_rules:
            '113 ec2_api':
              dport:
                - 8788
                - 13788
          ec2api::keystone::authtoken::project_name: 'service'
          ec2api::keystone::authtoken::password: {get_param: Ec2ApiPassword}
          ec2api::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
          ec2api::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
          ec2api::policy::policies: {get_param: Ec2ApiPolicies}
          ec2api::api::enabled: true
          ec2api::package_manage: {get_param: EnablePackageInstall}
          ec2api::api::ec2api_listen:
            str_replace:
              template:
                "%{hiera('fqdn_$NETWORK')}"
              params:
                $NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
          ec2api::metadata::metadata_listen:
            str_replace:
              template:
                "%{hiera('fqdn_$NETWORK')}"
              params:
                $NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
          ec2api::db::database_connection:
            list_join:
              - ''
              - - {get_param: [EndpointMap, MysqlInternal, protocol]}
                - '://ec2_api:'
                - {get_param: Ec2ApiPassword}
                - '@'
                - {get_param: [EndpointMap, MysqlInternal, host]}
                - '/ec2_api'
                - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
          ec2api::api::keystone_ec2_tokens_url:
            list_join:
              - ''
              - - {get_param: [EndpointMap, KeystoneV3Internal, uri]}
                - '/ec2tokens'
        -
          if:
          - nova_workers_zero
          - {}
          - ec2api::api::ec2api_workers: {get_param: Ec2ApiWorkers}
            ec2api::metadata::metadata_workers: {get_param: Ec2ApiWorkers}
      step_config: |
        include tripleo::profile::base::nova::ec2api
      service_config_settings:
        keystone:
          ec2api::keystone::auth::tenant: 'service'
          ec2api::keystone::auth::public_url: {get_param: [EndpointMap, Ec2ApiPublic, uri]}
          ec2api::keystone::auth::internal_url: {get_param: [EndpointMap, Ec2ApiInternal, uri]}
          ec2api::keystone::auth::admin_url: {get_param: [EndpointMap, Ec2ApiAdmin, uri]}
          ec2api::keystone::auth::password: {get_param: Ec2ApiPassword}
          ec2api::keystone::auth::region: {get_param: KeystoneRegion}
        mysql:
          ec2api::db::mysql::password: {get_param: Ec2ApiPassword}
          ec2api::db::mysql::user: ec2_api
          ec2api::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
          ec2api::db::mysql::dbname: ec2_api
          ec2api::db::mysql::allowed_hosts:
            - '%'
            - "%{hiera('mysql_bind_host')}"
      upgrade_tasks:
        - name: Check if ec2-api is deployed
          command: systemctl is-enabled openstack-ec2-api
          tags: common
          ignore_errors: True
          register: ec2_api_enabled
        - name: "PreUpgrade step0,validation: Check if openstack-ec2-api is running"
          shell: >
            /usr/bin/systemctl show 'openstack-ec2-api' --property ActiveState |
            grep '\bactive\b'
          when: ec2_api_enabled.rc == 0
          tags: step0,validation
        - name: Stop openstack-ec2-api service
          tags: step1
          when: ec2_api_enabled.rc == 0
          service: name=openstack-ec2-api state=stopped
        - name: Install openstack-ec2-api package if it was disabled
          tags: step3
          yum: name=openstack-ec2-api state=latest
          when: ec2_api_enabled.rc != 0