puppet/services/heat-api.yaml

   1 heat_template_version: ocata
   2
   3 description: >
   4   Openstack Heat API service configured with Puppet
   5
   6 parameters:
   7   ServiceNetMap:
   8     default: {}
   9     description: Mapping of service_name -> network name. Typically set
  10                  via parameter_defaults in the resource registry.  This
  11                  mapping overrides those in ServiceNetMapDefaults.
  12     type: json
  13   DefaultPasswords:
  14     default: {}
  15     type: json
  16   EndpointMap:
  17     default: {}
  18     description: Mapping of service endpoint -> protocol. Typically set
  19                  via parameter_defaults in the resource registry.
  20     type: json
  21   HeatWorkers:
  22     default: 0
  23     description: Number of workers for Heat service.
  24     type: number
  25   HeatPassword:
  26     description: The password for the Heat service and db account, used by the Heat services.
  27     type: string
  28     hidden: true
  29   KeystoneRegion:
  30     type: string
  31     default: 'regionOne'
  32     description: Keystone region for endpoint
  33   MonitoringSubscriptionHeatApi:
  34     default: 'overcloud-heat-api'
  35     type: string
  36   HeatApiLoggingSource:
  37     type: json
  38     default:
  39       tag: openstack.heat.api
  40       path: /var/log/heat/heat-api.log
  41   EnableInternalTLS:
  42     type: boolean
  43     default: false
  44
  45 conditions:
  46   heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]}
  47
  48 resources:
  49
  50   ApacheServiceBase:
  51     type: ./apache.yaml
  52     properties:
  53       ServiceNetMap: {get_param: ServiceNetMap}
  54       DefaultPasswords: {get_param: DefaultPasswords}
  55       EndpointMap: {get_param: EndpointMap}
  56       EnableInternalTLS: {get_param: EnableInternalTLS}
  57
  58   HeatBase:
  59     type: ./heat-base.yaml
  60     properties:
  61       ServiceNetMap: {get_param: ServiceNetMap}
  62       DefaultPasswords: {get_param: DefaultPasswords}
  63       EndpointMap: {get_param: EndpointMap}
  64
  65 outputs:
  66   role_data:
  67     description: Role data for the Heat API role.
  68     value:
  69       service_name: heat_api
  70       monitoring_subscription: {get_param: MonitoringSubscriptionHeatApi}
  71       logging_source: {get_param: HeatApiLoggingSource}
  72       logging_groups:
  73         - heat
  74       config_settings:
  75         map_merge:
  76           - get_attr: [HeatBase, role_data, config_settings]
  77           - get_attr: [ApacheServiceBase, role_data, config_settings]
  78           - tripleo.heat_api.firewall_rules:
  79               '125 heat_api':
  80                 dport:
  81                   - 8004
  82                   - 13004
  83             heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
  84             heat::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
  85             heat::api::service_name: 'httpd'
  86             # NOTE: bind IP is found in Heat replacing the network name with the local node IP
  87             # for the given network; replacement examples (eg. for internal_api):
  88             # internal_api -> IP
  89             # internal_api_uri -> [IP]
  90             # internal_api_subnet - > IP/CIDR
  91             heat::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
  92             heat::wsgi::apache_api::servername:
  93               str_replace:
  94                 template:
  95                   "%{hiera('fqdn_$NETWORK')}"
  96                 params:
  97                   $NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]}
  98           -
  99             if:
 100             - heat_workers_zero
 101             - {}
 102             - heat::wsgi::apache_api::workers: {get_param: HeatWorkers}
 103       step_config: |
 104         include ::tripleo::profile::base::heat::api
 105       service_config_settings:
 106         keystone:
 107           map_merge:
 108             - get_attr: [HeatBase, role_data, service_config_settings, keystone]
 109             - heat::keystone::auth::tenant: 'service'
 110               heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]}
 111               heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]}
 112               heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
 113               heat::keystone::auth::password: {get_param: HeatPassword}
 114               heat::keystone::auth::region: {get_param: KeystoneRegion}
 115       upgrade_tasks:
 116         - name: Check is heat_api is deployed
 117           command: systemctl is-enabled openstack-heat-api
 118           tags: common
 119           ignore_errors: True
 120           register: heat_api_enabled
 121         - name: "PreUpgrade step0,validation: Check service openstack-heat-api is running"
 122           shell: /usr/bin/systemctl show 'openstack-heat-api' --property ActiveState | grep '\bactive\b'
 123           when: heat_api_enabled.rc == 0
 124           tags: step0,validation
 125         - name: Stop heat_api service
 126           tags: step1
 127           when: heat_api_enabled.rc == 0
 128           service: name=openstack-heat-api state=stopped