puppet/services/zaqar-api.yaml

   1 heat_template_version: pike
   2
   3 description: >
   4   Openstack Zaqar service. Shared for all Heat services.
   5
   6 parameters:
   7   ServiceData:
   8     default: {}
   9     description: Dictionary packing service data
  10     type: json
  11   ServiceNetMap:
  12     default: {}
  13     description: Mapping of service_name -> network name. Typically set
  14                  via parameter_defaults in the resource registry.  This
  15                  mapping overrides those in ServiceNetMapDefaults.
  16     type: json
  17   EndpointMap:
  18     default: {}
  19     description: Mapping of service endpoint -> protocol. Typically set
  20                  via parameter_defaults in the resource registry.
  21     type: json
  22   DefaultPasswords:
  23     default: {}
  24     type: json
  25   RoleName:
  26     default: ''
  27     description: Role name on which the service is applied
  28     type: string
  29   RoleParameters:
  30     default: {}
  31     description: Parameters specific to the role
  32     type: json
  33   Debug:
  34     default: ''
  35     description: Set to True to enable debugging on all services.
  36     type: string
  37   ZaqarDebug:
  38     default: ''
  39     description: Set to True to enable debugging Zaqar service.
  40     type: string
  41   ZaqarPassword:
  42     description: The password for Zaqar
  43     type: string
  44     hidden: true
  45   KeystoneRegion:
  46     type: string
  47     default: 'regionOne'
  48     description: Keystone region for endpoint
  49   ZaqarPolicies:
  50     description: |
  51       A hash of policies to configure for Zaqar.
  52       e.g. { zaqar-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
  53     default: {}
  54     type: json
  55   ZaqarWorkers:
  56     type: string
  57     description: Set the number of workers for zaqar::wsgi::apache
  58     default: '%{::os_workers}'
  59   ZaqarMessageStore:
  60     type: string
  61     description: The messaging store for Zaqar
  62     default: mongodb
  63   ZaqarManagementStore:
  64     type: string
  65     description: The management store for Zaqar
  66     default: mongodb
  67   EnableInternalTLS:
  68     type: boolean
  69     default: false
  70
  71 conditions:
  72   zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]}
  73   service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']}
  74   zaqar_messaging_store_swift: {equals : [{get_param: ZaqarMessageStore}, 'swift']}
  75   zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']}
  76
  77 resources:
  78
  79   ApacheServiceBase:
  80     type: ./apache.yaml
  81     properties:
  82       ServiceData: {get_param: ServiceData}
  83       ServiceNetMap: {get_param: ServiceNetMap}
  84       DefaultPasswords: {get_param: DefaultPasswords}
  85       EndpointMap: {get_param: EndpointMap}
  86       EnableInternalTLS: {get_param: EnableInternalTLS}
  87
  88 outputs:
  89   role_data:
  90     description: Shared role data for the Zaqar services.
  91     value:
  92       service_name: zaqar_api
  93       config_settings:
  94         map_merge:
  95           - get_attr: [ApacheServiceBase, role_data, config_settings]
  96           - zaqar::policy::policies: {get_param: ZaqarPolicies}
  97             zaqar::keystone::authtoken::password: {get_param: ZaqarPassword}
  98             zaqar::keystone::authtoken::project_name: 'service'
  99             zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 100             zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
 101             zaqar::debug:
 102               if:
 103               - service_debug_unset
 104               - {get_param: Debug }
 105               - {get_param: ZaqarDebug }
 106             zaqar::server::service_name: 'httpd'
 107             zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]}
 108             zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS}
 109             zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
 110             zaqar::message_pipeline: 'zaqar.notification.notifier'
 111             zaqar::unreliable: true
 112             zaqar::wsgi::apache::servername:
 113               str_replace:
 114                 template:
 115                   "%{hiera('fqdn_$NETWORK')}"
 116                 params:
 117                   $NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
 118             zaqar::message_store: {get_param: ZaqarMessageStore}
 119             zaqar::management_store: {get_param: ZaqarManagementStore}
 120           -
 121             if:
 122             - zaqar_messaging_store_swift
 123             -
 124               zaqar::messaging::swift::uri:
 125                 list_join:
 126                   - ''
 127                   - ['swift://zaqar:', {get_param: ZaqarPassword}, '@/service']
 128               zaqar::messaging::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
 129               tripleo::profile::base::zaqar::messaging_store: 'swift'
 130             - {}
 131           -
 132             if:
 133             - zaqar_management_store_sqlalchemy
 134             -
 135               tripleo::profile::base::zaqar::management_store: 'sqlalchemy'
 136               zaqar::management::sqlalchemy::uri:
 137                 make_url:
 138                   scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
 139                   username: zaqar
 140                   password: {get_param: ZaqarPassword}
 141                   host: {get_param: [EndpointMap, MysqlInternal, host]}
 142                   path: /zaqar
 143                   query:
 144                     read_default_file: /etc/my.cnf.d/tripleo.cnf
 145                     read_default_group: tripleo
 146             - {}
 147           -
 148             if:
 149             - zaqar_workers_zero
 150             - {}
 151             - zaqar::wsgi::apache::workers: {get_param: ZaqarWorkers}
 152       service_config_settings:
 153         map_merge:
 154           - keystone:
 155               zaqar::keystone::auth::password: {get_param: ZaqarPassword}
 156               zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]}
 157               zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]}
 158               zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]}
 159               zaqar::keystone::auth::region: {get_param: KeystoneRegion}
 160               zaqar::keystone::auth::tenant: 'service'
 161               zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword}
 162               zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]}
 163               zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]}
 164               zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
 165               zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion}
 166               zaqar::keystone::auth_websocket::tenant: 'service'
 167           -
 168             if:
 169             - zaqar_management_store_sqlalchemy
 170             - mysql:
 171                 zaqar::db::mysql::user: zaqar
 172                 zaqar::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
 173                 zaqar::db::mysql::dbname: zaqar
 174                 zaqar::db::mysql::password: {get_param: ZaqarPassword}
 175                 zaqar::db::mysql::allowed_hosts:
 176                   - '%'
 177                   - "%{hiera('mysql_bind_host')}"
 178             - {}
 179       step_config: |
 180         include ::tripleo::profile::base::zaqar
 181       metadata_settings:
 182         get_attr: [ApacheServiceBase, role_data, metadata_settings]
 183       upgrade_tasks:
 184         yaql:
 185           expression: $.data.apache_upgrade + $.data.zaqar_upgrade
 186           data:
 187             apache_upgrade:
 188               get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
 189             zaqar_upgrade:
 190               - name: Check if zaqar is deployed
 191                 command: systemctl is-enabled openstack-zaqar
 192                 tags: common
 193                 ignore_errors: True
 194                 register: zaqar_enabled
 195               - name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
 196                 shell: >
 197                   /usr/bin/systemctl show 'openstack-zaqar' --property ActiveState |
 198                   grep '\bactive\b'
 199                 when: zaqar_enabled.rc == 0
 200                 tags: step0,validation
 201               - name: Check for zaqar running under apache (post upgrade)
 202                 tags: step1
 203                 shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi"
 204                 register: zaqar_apache
 205                 ignore_errors: true
 206               - name: Stop zaqar service (running under httpd)
 207                 tags: step1
 208                 service: name=httpd state=stopped
 209                 when: zaqar_apache.rc == 0
 210               - name: Stop and disable zaqar service (pre-upgrade not under httpd)
 211                 tags: step1
 212                 when: zaqar_enabled.rc == 0
 213                 service: name=openstack-zaqar state=stopped enabled=no
 214               - name: Install openstack-zaqar package if it was disabled
 215                 tags: step3
 216                 yum: name=openstack-zaqar state=latest
 217                 when: zaqar_enabled.rc != 0