Merge "Keystone token flush cron job should log to a file"

[apex-tripleo-heat-templates.git] / puppet / services / heat-engine.yaml

heat_template_version: ocata

description: >
  Openstack Heat Engine service configured with Puppet

parameters:
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  HeatEnableDBPurge:
    type: boolean
    default: true
    description: |
        Whether to create cron job for purging soft deleted rows in the Heat database.
  HeatWorkers:
    default: 0
    description: Number of workers for Heat service.
    type: number
  HeatPassword:
    description: The password for the Heat service and db account, used by the Heat services.
    type: string
    hidden: true
  HeatStackDomainAdminPassword:
    description: Password for heat_stack_domain_admin user.
    type: string
    hidden: true
  HeatAuthEncryptionKey:
    description: Auth encryption key for heat-engine
    type: string
    hidden: true
    default: ''
  MonitoringSubscriptionHeatEngine:
    default: 'overcloud-heat-engine'
    type: string
  HeatEngineLoggingSource:
    type: json
    default:
      tag: openstack.heat.engine
      path: /var/log/heat/heat-engine.log
  HeatConvergenceEngine:
    type: boolean
    default: true
    description: Enables the heat engine with the convergence architecture.
  HeatMaxResourcesPerStack:
    type: number
    default: 1000
    description: Maximum resources allowed per top-level stack. -1 stands for unlimited.


resources:
  HeatBase:
    type: ./heat-base.yaml
    properties:
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      EndpointMap: {get_param: EndpointMap}

outputs:
  role_data:
    description: Role data for the Heat Engine role.
    value:
      service_name: heat_engine
      monitoring_subscription: {get_param: MonitoringSubscriptionHeatEngine}
      logging_source: {get_param: HeatEngineLoggingSource}
      logging_groups:
        - heat
      config_settings:
        map_merge:
          - get_attr: [HeatBase, role_data, config_settings]
          - heat::engine::num_engine_workers: {get_param: HeatWorkers}
            heat::engine::configure_delegated_roles: false
            heat::engine::trusts_delegated_roles: []
            heat::engine::max_nested_stack_depth: 6
            heat::engine::max_resources_per_stack: {get_param: HeatMaxResourcesPerStack}
            heat::engine::heat_metadata_server_url:
              list_join:
                - ''
                - - {get_param: [EndpointMap, HeatCfnPublic, protocol]}
                  - '://'
                  - {get_param: [EndpointMap, HeatCfnPublic, host]}
                  - ':'
                  - {get_param: [EndpointMap, HeatCfnPublic, port]}
            heat::engine::heat_waitcondition_server_url:
              list_join:
                - ''
                - - {get_param: [EndpointMap, HeatCfnPublic, protocol]}
                  - '://'
                  - {get_param: [EndpointMap, HeatCfnPublic, host]}
                  - ':'
                  - {get_param: [EndpointMap, HeatCfnPublic, port]}
                  - '/v1/waitcondition'
            heat::engine::convergence_engine: {get_param: HeatConvergenceEngine}
            tripleo::profile::base::heat::manage_db_purge: {get_param: HeatEnableDBPurge}
            heat::database_connection:
              list_join:
                - ''
                - - {get_param: [EndpointMap, MysqlInternal, protocol]}
                  - '://heat:'
                  - {get_param: HeatPassword}
                  - '@'
                  - {get_param: [EndpointMap, MysqlInternal, host]}
                  - '/heat'
                  - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
            heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]}
            heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword}
            heat::engine::auth_encryption_key:
              yaql:
                expression: $.data.passwords.where($ != '').first()
                data:
                  passwords:
                    - {get_param: HeatAuthEncryptionKey}
                    - {get_param: [DefaultPasswords, heat_auth_encryption_key]}
      step_config: |
        include ::tripleo::profile::base::heat::engine

      service_config_settings:
        mysql:
          heat::db::mysql::password: {get_param: HeatPassword}
          heat::db::mysql::user: heat
          heat::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
          heat::db::mysql::dbname: heat
          heat::db::mysql::allowed_hosts:
            - '%'
            - "%{hiera('mysql_bind_host')}"
        keystone:
            # This is needed because the keystone profile handles creating the domain
            tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword}
      upgrade_tasks:
        - name: Check if heat_engine is deployed
          command: systemctl is-enabled openstack-heat-engine
          tags: common
          ignore_errors: True
          register: heat_engine_enabled
        - name: "PreUpgrade step0,validation: Check service openstack-heat-engine is running"
          shell: /usr/bin/systemctl show 'openstack-heat-engine' --property ActiveState | grep '\bactive\b'
          when: heat_engine_enabled.rc == 0
          tags: step0,validation
        - name: Stop heat_engine service
          tags: step1
          when: heat_engine_enabled.rc == 0
          service: name=openstack-heat-engine state=stopped