puppet/services/nova-api.yaml

   1 heat_template_version: ocata
   2
   3 description: >
   4   OpenStack Nova API service configured with Puppet
   5
   6 parameters:
   7   ServiceNetMap:
   8     default: {}
   9     description: Mapping of service_name -> network name. Typically set
  10                  via parameter_defaults in the resource registry.  This
  11                  mapping overrides those in ServiceNetMapDefaults.
  12     type: json
  13   DefaultPasswords:
  14     default: {}
  15     type: json
  16   EndpointMap:
  17     default: {}
  18     description: Mapping of service endpoint -> protocol. Typically set
  19                  via parameter_defaults in the resource registry.
  20     type: json
  21   NovaWorkers:
  22     default: 0
  23     description: Number of workers for Nova API service.
  24     type: number
  25   NovaPassword:
  26     description: The password for the nova service and db account, used by nova-api.
  27     type: string
  28     hidden: true
  29   KeystoneRegion:
  30     type: string
  31     default: 'regionOne'
  32     description: Keystone region for endpoint
  33   NeutronMetadataProxySharedSecret:
  34     description: Shared secret to prevent spoofing
  35     type: string
  36     hidden: true
  37   InstanceNameTemplate:
  38     default: 'instance-%08x'
  39     description: Template string to be used to generate instance names
  40     type: string
  41   NovaEnableDBPurge:
  42     default: true
  43     description: |
  44         Whether to create cron job for purging soft deleted rows in Nova database.
  45     type: boolean
  46   MonitoringSubscriptionNovaApi:
  47     default: 'overcloud-nova-api'
  48     type: string
  49   NovaApiLoggingSource:
  50     type: json
  51     default:
  52       tag: openstack.nova.api
  53       path: /var/log/nova/nova-api.log
  54   EnableInternalTLS:
  55     type: boolean
  56     default: false
  57   NovaDefaultFloatingPool:
  58     default: 'public'
  59     description: Default pool for floating IP addresses
  60     type: string
  61
  62 conditions:
  63   nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
  64
  65 resources:
  66   # Temporarily disable Nova API deployed in WSGI
  67   # https://bugs.launchpad.net/nova/+bug/1661360
  68   # ApacheServiceBase:
  69   #   type: ./apache.yaml
  70   #   properties:
  71   #     ServiceNetMap: {get_param: ServiceNetMap}
  72   #     DefaultPasswords: {get_param: DefaultPasswords}
  73   #     EndpointMap: {get_param: EndpointMap}
  74   #     EnableInternalTLS: {get_param: EnableInternalTLS}
  75
  76   NovaBase:
  77     type: ./nova-base.yaml
  78     properties:
  79       ServiceNetMap: {get_param: ServiceNetMap}
  80       DefaultPasswords: {get_param: DefaultPasswords}
  81       EndpointMap: {get_param: EndpointMap}
  82
  83 outputs:
  84   role_data:
  85     description: Role data for the Nova API service.
  86     value:
  87       service_name: nova_api
  88       monitoring_subscription: {get_param: MonitoringSubscriptionNovaApi}
  89       logging_source: {get_param: NovaApiLoggingSource}
  90       logging_groups:
  91         - nova
  92       config_settings:
  93         map_merge:
  94         - get_attr: [NovaBase, role_data, config_settings]
  95         # Temporarily disable Nova API deployed in WSGI
  96         # https://bugs.launchpad.net/nova/+bug/1661360
  97         # - get_attr: [ApacheServiceBase, role_data, config_settings]
  98         - nova::cron::archive_deleted_rows::hour: '*/12'
  99           nova::cron::archive_deleted_rows::destination: '/dev/null'
 100           tripleo.nova_api.firewall_rules:
 101             '113 nova_api':
 102               dport:
 103                 - 8773
 104                 - 3773
 105                 - 8774
 106                 - 13774
 107                 - 8775
 108           nova::keystone::authtoken::project_name: 'service'
 109           nova::keystone::authtoken::password: {get_param: NovaPassword}
 110           nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
 111           nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 112           nova::api::enabled: true
 113           nova::api::default_floating_pool: {get_param: NovaDefaultFloatingPool}
 114           nova::api::sync_db_api: true
 115           nova::api::enable_proxy_headers_parsing: true
 116           nova::api::api_bind_address:
 117             str_replace:
 118               template:
 119                 "%{hiera('fqdn_$NETWORK')}"
 120               params:
 121                 $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
 122           # Temporarily disable Nova API deployed in WSGI
 123           # https://bugs.launchpad.net/nova/+bug/1661360
 124           nova_wsgi_enabled: false
 125           # nova::api::service_name: 'httpd'
 126           # nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
 127           # NOTE: bind IP is found in Heat replacing the network name with the local node IP
 128           # for the given network; replacement examples (eg. for internal_api):
 129           # internal_api -> IP
 130           # internal_api_uri -> [IP]
 131           # internal_api_subnet - > IP/CIDR
 132           # nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
 133           # nova::wsgi::apache_api::servername:
 134           #   str_replace:
 135           #     template:
 136           #       "%{hiera('fqdn_$NETWORK')}"
 137           #     params:
 138           #       $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
 139           nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
 140           nova::api::instance_name_template: {get_param: InstanceNameTemplate}
 141           nova_enable_db_purge: {get_param: NovaEnableDBPurge}
 142         -
 143           if:
 144           - nova_workers_zero
 145           - {}
 146           - nova::api::osapi_compute_workers: {get_param: NovaWorkers}
 147           # Temporarily disable Nova API deployed in WSGI
 148           # https://bugs.launchpad.net/nova/+bug/1661360
 149           # nova::wsgi::apache_api::workers: {get_param: NovaWorkers}
 150       step_config: |
 151         include tripleo::profile::base::nova::api
 152       service_config_settings:
 153         mysql:
 154           map_merge:
 155           - {get_attr: [NovaBase, role_data, service_config_settings, mysql]}
 156           - nova::db::mysql::password: {get_param: NovaPassword}
 157             nova::db::mysql::user: nova
 158             nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
 159             nova::db::mysql::dbname: nova
 160             nova::db::mysql::allowed_hosts:
 161               - '%'
 162               - "%{hiera('mysql_bind_host')}"
 163             nova::db::mysql_api::password: {get_param: NovaPassword}
 164             nova::db::mysql_api::user: nova_api
 165             nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
 166             nova::db::mysql_api::dbname: nova_api
 167             nova::db::mysql_api::allowed_hosts:
 168               - '%'
 169               - "%{hiera('mysql_bind_host')}"
 170         keystone:
 171           nova::keystone::auth::tenant: 'service'
 172           nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
 173           nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
 174           nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
 175           nova::keystone::auth::password: {get_param: NovaPassword}
 176           nova::keystone::auth::region: {get_param: KeystoneRegion}
 177       # Temporarily disable Nova API deployed in WSGI
 178       # https://bugs.launchpad.net/nova/+bug/1661360
 179       # metadata_settings:
 180       #   get_attr: [ApacheServiceBase, role_data, metadata_settings]