1 heat_template_version: pike
4 Openstack Heat API service configured with Puppet
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Role name on which the service is applied
22 description: Parameters specific to the role
26 description: Mapping of service endpoint -> protocol. Typically set
27 via parameter_defaults in the resource registry.
31 description: Number of workers for Heat service.
34 description: The password for the Heat service and db account, used by the Heat services.
40 description: Keystone region for endpoint
41 MonitoringSubscriptionHeatApi:
42 default: 'overcloud-heat-api'
47 tag: openstack.heat.api
48 path: /var/log/heat/heat-api.log
54 A hash of policies to configure for Heat API.
55 e.g. { heat-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
60 heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]}
67 ServiceNetMap: {get_param: ServiceNetMap}
68 DefaultPasswords: {get_param: DefaultPasswords}
69 EndpointMap: {get_param: EndpointMap}
70 RoleName: {get_param: RoleName}
71 RoleParameters: {get_param: RoleParameters}
72 EnableInternalTLS: {get_param: EnableInternalTLS}
75 type: ./heat-base.yaml
77 ServiceNetMap: {get_param: ServiceNetMap}
78 DefaultPasswords: {get_param: DefaultPasswords}
79 EndpointMap: {get_param: EndpointMap}
80 RoleName: {get_param: RoleName}
81 RoleParameters: {get_param: RoleParameters}
85 description: Role data for the Heat API role.
87 service_name: heat_api
88 monitoring_subscription: {get_param: MonitoringSubscriptionHeatApi}
89 logging_source: {get_param: HeatApiLoggingSource}
94 - get_attr: [HeatBase, role_data, config_settings]
95 - get_attr: [ApacheServiceBase, role_data, config_settings]
96 - tripleo.heat_api.firewall_rules:
101 heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
102 heat::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
103 heat::policy::policies: {get_param: HeatApiPolicies}
104 heat::api::service_name: 'httpd'
105 # NOTE: bind IP is found in Heat replacing the network name with the local node IP
106 # for the given network; replacement examples (eg. for internal_api):
108 # internal_api_uri -> [IP]
109 # internal_api_subnet - > IP/CIDR
110 heat::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
111 heat::wsgi::apache_api::servername:
114 "%{hiera('fqdn_$NETWORK')}"
116 $NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]}
121 - heat::wsgi::apache_api::workers: {get_param: HeatWorkers}
123 include ::tripleo::profile::base::heat::api
124 service_config_settings:
127 - get_attr: [HeatBase, role_data, service_config_settings, keystone]
128 - heat::keystone::auth::tenant: 'service'
129 heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]}
130 heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]}
131 heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
132 heat::keystone::auth::password: {get_param: HeatPassword}
133 heat::keystone::auth::region: {get_param: KeystoneRegion}
135 - name: Check is heat_api is deployed
136 command: systemctl is-enabled openstack-heat-api
139 register: heat_api_enabled
140 - name: "PreUpgrade step0,validation: Check service openstack-heat-api is running"
141 shell: /usr/bin/systemctl show 'openstack-heat-api' --property ActiveState | grep '\bactive\b'
142 when: heat_api_enabled.rc == 0
143 tags: step0,validation
144 - name: check for heat_api running under apache (post upgrade)
146 shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_wsgi"
147 register: heat_api_apache
149 - name: Stop heat_api service (running under httpd)
151 service: name=httpd state=stopped
152 when: heat_api_apache.rc == 0
153 - name: Stop and disable heat_api service (pre-upgrade not under httpd)
155 when: heat_api_enabled.rc == 0
156 service: name=openstack-heat-api state=stopped enabled=no
Code Review / apex-tripleo-heat-templates.git / blob