Code Review / apex-tripleo-heat-templates.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Merge "Add network_data.yaml to encapsulate list of networks for j2"
[apex-tripleo-heat-templates.git] / puppet / services / heat-api-cfn.yaml
1 heat_template_version: ocata
2
3 description: >
4   Openstack Heat CloudFormation API service configured with Puppet
5
6 parameters:
7   ServiceNetMap:
8     default: {}
9     description: Mapping of service_name -> network name. Typically set
10                  via parameter_defaults in the resource registry.  This
11                  mapping overrides those in ServiceNetMapDefaults.
12     type: json
13   DefaultPasswords:
14     default: {}
15     type: json
16   EndpointMap:
17     default: {}
18     description: Mapping of service endpoint -> protocol. Typically set
19                  via parameter_defaults in the resource registry.
20     type: json
21   HeatWorkers:
22     default: 0
23     description: Number of workers for Heat service.
24     type: number
25   HeatPassword:
26     description: The password for the Heat service and db account, used by the Heat services.
27     type: string
28     hidden: true
29   KeystoneRegion:
30     type: string
31     default: 'regionOne'
32     description: Keystone region for endpoint
33   MonitoringSubscriptionHeatApiCnf:
34     default: 'overcloud-heat-api-cfn'
35     type: string
36   HeatApiCfnLoggingSource:
37     type: json
38     default:
39       tag: openstack.heat.api.cfn
40       path: /var/log/heat/heat-api-cfn.log
41   EnableInternalTLS:
42     type: boolean
43     default: false
44
45 conditions:
46   heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]}
47
48 resources:
49
50   ApacheServiceBase:
51     type: ./apache.yaml
52     properties:
53       ServiceNetMap: {get_param: ServiceNetMap}
54       DefaultPasswords: {get_param: DefaultPasswords}
55       EndpointMap: {get_param: EndpointMap}
56       EnableInternalTLS: {get_param: EnableInternalTLS}
57
58   HeatBase:
59     type: ./heat-base.yaml
60     properties:
61       ServiceNetMap: {get_param: ServiceNetMap}
62       DefaultPasswords: {get_param: DefaultPasswords}
63       EndpointMap: {get_param: EndpointMap}
64
65 outputs:
66   role_data:
67     description: Role data for the Heat CloudFormation API role.
68     value:
69       service_name: heat_api_cfn
70       monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCnf}
71       logging_source: {get_param: HeatApiCfnLoggingSource}
72       logging_groups:
73         - heat
74       config_settings:
75         map_merge:
76           - get_attr: [HeatBase, role_data, config_settings]
77           - get_attr: [ApacheServiceBase, role_data, config_settings]
78           - tripleo.heat_api_cfn.firewall_rules:
79               '125 heat_cfn':
80                 dport:
81                   - 8000
82                   - 13800
83             heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
84             heat::wsgi::apache_api_cfn::ssl: {get_param: EnableInternalTLS}
85             heat::api_cfn::service_name: 'httpd'
86             # NOTE: bind IP is found in Heat replacing the network name with the local node IP
87             # for the given network; replacement examples (eg. for internal_api):
88             # internal_api -> IP
89             # internal_api_uri -> [IP]
90             # internal_api_subnet - > IP/CIDR
91             heat::wsgi::apache_api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
92             heat::wsgi::apache_api_cfn::servername:
93               str_replace:
94                 template:
95                   "%{hiera('fqdn_$NETWORK')}"
96                 params:
97                   $NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
98           -
99             if:
100             - heat_workers_zero
101             - {}
102             - heat::wsgi::apache_api_cfn::workers: {get_param: HeatWorkers}
103       step_config: |
104         include ::tripleo::profile::base::heat::api_cfn
105       service_config_settings:
106         keystone:
107           map_merge:
108             - get_attr: [HeatBase, role_data, service_config_settings, keystone]
109             - heat::keystone::auth_cfn::tenant: 'service'
110               heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]}
111               heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]}
112               heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
113               heat::keystone::auth_cfn::password: {get_param: HeatPassword}
114               heat::keystone::auth_cfn::region: {get_param: KeystoneRegion}
115       upgrade_tasks:
116         - name: Check if heat_api_cfn is deployed
117           command: systemctl is-enabled openstack-heat-api-cfn
118           tags: common
119           ignore_errors: True
120           register: heat_api_cfn_enabled
121         - name: "PreUpgrade step0,validation: Check service openstack-heat-api-cfn is running"
122           shell: /usr/bin/systemctl show 'openstack-heat-api-cfn' --property ActiveState | grep '\bactive\b'
123           when: heat_api_cfn_enabled.rc == 0
124           tags: step0,validation
125         - name: check for heat_api_cfn running under apache (post upgrade)
126           tags: step1
127           shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_cfn_wsgi"
128           register: heat_api_cfn_apache
129           ignore_errors: true
130         - name: Stop heat_api_cfn service (running under httpd)
131           tags: step1
132           service: name=httpd state=stopped
133           when: heat_api_cfn_apache.rc == 0
134         - name: Stop and disable heat_api_cfn service (pre-upgrade not under httpd)
135           tags: step1
136           when: heat_api_cfn_apache.rc == 0
137           service: name=openstack-heat-api-cfn state=stopped enabled=no