Code Review / apex-tripleo-heat-templates.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Merge "Internal TLS: use common CA file parameter for libvirt CA cert"
[apex-tripleo-heat-templates.git] / puppet / services / panko-api.yaml
1 heat_template_version: ocata
2
3 description: >
4   OpenStack Panko API service configured with Puppet.
5   Note, This service is deprecated in Pike release and will
6   be disabled in future releases.
7
8 parameters:
9   ServiceNetMap:
10     default: {}
11     description: Mapping of service_name -> network name. Typically set
12                  via parameter_defaults in the resource registry.  This
13                  mapping overrides those in ServiceNetMapDefaults.
14     type: json
15   DefaultPasswords:
16     default: {}
17     type: json
18   EndpointMap:
19     default: {}
20     description: Mapping of service endpoint -> protocol. Typically set
21                  via parameter_defaults in the resource registry.
22     type: json
23   MonitoringSubscriptionPankoApi:
24     default: 'overcloud-ceilometer-panko-api'
25     type: string
26   EnableInternalTLS:
27     type: boolean
28     default: false
29   PankoApiPolicies:
30     description: |
31       A hash of policies to configure for Panko API.
32       e.g. { panko-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
33     default: {}
34     type: json
35
36 resources:
37   PankoBase:
38     type: ./panko-base.yaml
39     properties:
40       ServiceNetMap: {get_param: ServiceNetMap}
41       DefaultPasswords: {get_param: DefaultPasswords}
42       EndpointMap: {get_param: EndpointMap}
43
44   ApacheServiceBase:
45     type: ./apache.yaml
46     properties:
47       ServiceNetMap: {get_param: ServiceNetMap}
48       DefaultPasswords: {get_param: DefaultPasswords}
49       EndpointMap: {get_param: EndpointMap}
50       EnableInternalTLS: {get_param: EnableInternalTLS}
51
52 outputs:
53   role_data:
54     description: Role data for the Panko API service.
55     value:
56       service_name: panko_api
57       monitoring_subscription: {get_param: MonitoringSubscriptionPankoApi}
58       config_settings:
59         map_merge:
60           - get_attr: [PankoBase, role_data, config_settings]
61           - get_attr: [ApacheServiceBase, role_data, config_settings]
62           - panko::wsgi::apache::ssl: {get_param: EnableInternalTLS}
63             panko::wsgi::apache::servername:
64               str_replace:
65                 template:
66                   "%{hiera('fqdn_$NETWORK')}"
67                 params:
68                   $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
69             panko::policy::policies: {get_param: PankoApiPolicies}
70             panko::api::service_name: 'httpd'
71             panko::api::enable_proxy_headers_parsing: true
72             tripleo.panko_api.firewall_rules:
73               '140 panko-api':
74                 dport:
75                   - 8779
76                   - 13779
77             panko::api::host:
78               str_replace:
79                 template:
80                   "%{hiera('fqdn_$NETWORK')}"
81                 params:
82                   $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
83             # NOTE: bind IP is found in Heat replacing the network name with the
84             # local node IP for the given network; replacement examples
85             # (eg. for internal_api):
86             # internal_api -> IP
87             # internal_api_uri -> [IP]
88             # internal_api_subnet - > IP/CIDR
89             panko::wsgi::apache::bind_host: {get_param: [ServiceNetMap, PankoApiNetwork]}
90       service_config_settings:
91         get_attr: [PankoBase, role_data, service_config_settings]
92       step_config: |
93         include tripleo::profile::base::panko::api
94       metadata_settings:
95         get_attr: [ApacheServiceBase, role_data, metadata_settings]
96       upgrade_tasks:
97         yaql:
98           expression: $.data.apache_upgrade + $.data.panko_api_upgrade
99           data:
100             apache_upgrade:
101               get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
102             panko_api_upgrade:
103               - name: Check if httpd is deployed
104                 command: systemctl is-enabled httpd
105                 tags: common
106                 ignore_errors: True
107                 register: httpd_enabled
108               - name: "PreUpgrade step0,validation: Check if httpd is running"
109                 shell: >
110                   /usr/bin/systemctl show 'httpd' --property ActiveState |
111                   grep '\bactive\b'
112                 when: httpd_enabled.rc == 0
113                 tags: step0,validation
114               - name: Stop panko-api service (running under httpd)
115                 tags: step1
116                 service: name=httpd state=stopped
117                 when: httpd_enabled.rc == 0
118               - name: Install openstack-panko-api package if it was not installed
119                 tags: step3
120                 yum: name=openstack-panko-api state=latest