puppet/services/heat-api.yaml

   1 heat_template_version: ocata
   2
   3 description: >
   4   Openstack Heat API service configured with Puppet
   5
   6 parameters:
   7   ServiceNetMap:
   8     default: {}
   9     description: Mapping of service_name -> network name. Typically set
  10                  via parameter_defaults in the resource registry.  This
  11                  mapping overrides those in ServiceNetMapDefaults.
  12     type: json
  13   DefaultPasswords:
  14     default: {}
  15     type: json
  16   EndpointMap:
  17     default: {}
  18     description: Mapping of service endpoint -> protocol. Typically set
  19                  via parameter_defaults in the resource registry.
  20     type: json
  21   HeatWorkers:
  22     default: 0
  23     description: Number of workers for Heat service.
  24     type: number
  25   HeatPassword:
  26     description: The password for the Heat service and db account, used by the Heat services.
  27     type: string
  28     hidden: true
  29   KeystoneRegion:
  30     type: string
  31     default: 'regionOne'
  32     description: Keystone region for endpoint
  33   MonitoringSubscriptionHeatApi:
  34     default: 'overcloud-heat-api'
  35     type: string
  36   HeatApiLoggingSource:
  37     type: json
  38     default:
  39       tag: openstack.heat.api
  40       path: /var/log/heat/heat-api.log
  41   EnableInternalTLS:
  42     type: boolean
  43     default: false
  44   HeatApiPolicies:
  45     description: |
  46       A hash of policies to configure for Heat API.
  47       e.g. { heat-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
  48     default: {}
  49     type: json
  50
  51 conditions:
  52   heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]}
  53
  54 resources:
  55
  56   ApacheServiceBase:
  57     type: ./apache.yaml
  58     properties:
  59       ServiceNetMap: {get_param: ServiceNetMap}
  60       DefaultPasswords: {get_param: DefaultPasswords}
  61       EndpointMap: {get_param: EndpointMap}
  62       EnableInternalTLS: {get_param: EnableInternalTLS}
  63
  64   HeatBase:
  65     type: ./heat-base.yaml
  66     properties:
  67       ServiceNetMap: {get_param: ServiceNetMap}
  68       DefaultPasswords: {get_param: DefaultPasswords}
  69       EndpointMap: {get_param: EndpointMap}
  70
  71 outputs:
  72   role_data:
  73     description: Role data for the Heat API role.
  74     value:
  75       service_name: heat_api
  76       monitoring_subscription: {get_param: MonitoringSubscriptionHeatApi}
  77       logging_source: {get_param: HeatApiLoggingSource}
  78       logging_groups:
  79         - heat
  80       config_settings:
  81         map_merge:
  82           - get_attr: [HeatBase, role_data, config_settings]
  83           - get_attr: [ApacheServiceBase, role_data, config_settings]
  84           - tripleo.heat_api.firewall_rules:
  85               '125 heat_api':
  86                 dport:
  87                   - 8004
  88                   - 13004
  89             heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
  90             heat::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
  91             heat::policy::policies: {get_param: HeatApiPolicies}
  92             heat::api::service_name: 'httpd'
  93             # NOTE: bind IP is found in Heat replacing the network name with the local node IP
  94             # for the given network; replacement examples (eg. for internal_api):
  95             # internal_api -> IP
  96             # internal_api_uri -> [IP]
  97             # internal_api_subnet - > IP/CIDR
  98             heat::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
  99             heat::wsgi::apache_api::servername:
 100               str_replace:
 101                 template:
 102                   "%{hiera('fqdn_$NETWORK')}"
 103                 params:
 104                   $NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]}
 105           -
 106             if:
 107             - heat_workers_zero
 108             - {}
 109             - heat::wsgi::apache_api::workers: {get_param: HeatWorkers}
 110       step_config: |
 111         include ::tripleo::profile::base::heat::api
 112       service_config_settings:
 113         keystone:
 114           map_merge:
 115             - get_attr: [HeatBase, role_data, service_config_settings, keystone]
 116             - heat::keystone::auth::tenant: 'service'
 117               heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]}
 118               heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]}
 119               heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
 120               heat::keystone::auth::password: {get_param: HeatPassword}
 121               heat::keystone::auth::region: {get_param: KeystoneRegion}
 122       upgrade_tasks:
 123         - name: Check is heat_api is deployed
 124           command: systemctl is-enabled openstack-heat-api
 125           tags: common
 126           ignore_errors: True
 127           register: heat_api_enabled
 128         - name: "PreUpgrade step0,validation: Check service openstack-heat-api is running"
 129           shell: /usr/bin/systemctl show 'openstack-heat-api' --property ActiveState | grep '\bactive\b'
 130           when: heat_api_enabled.rc == 0
 131           tags: step0,validation
 132         - name: check for heat_api running under apache (post upgrade)
 133           tags: step1
 134           shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_wsgi"
 135           register: heat_api_apache
 136           ignore_errors: true
 137         - name: Stop heat_api service (running under httpd)
 138           tags: step1
 139           service: name=httpd state=stopped
 140           when: heat_api_apache.rc == 0
 141         - name: Stop and disable heat_api service (pre-upgrade not under httpd)
 142           tags: step1
 143           when: heat_api_enabled.rc == 0
 144           service: name=openstack-heat-api state=stopped enabled=no