Merge "upgrades: deploy mod_ssl when upgrading apache"

[apex-tripleo-heat-templates.git] / puppet / services / zaqar.yaml

heat_template_version: ocata

description: >
  Openstack Zaqar service. Shared for all Heat services.

parameters:
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  Debug:
    default: ''
    description: Set to True to enable debugging on all services.
    type: string
  ZaqarPassword:
    description: The password for Zaqar
    type: string
    hidden: true
  KeystoneRegion:
    type: string
    default: 'regionOne'
    description: Keystone region for endpoint
  ZaqarPolicies:
    description: |
      A hash of policies to configure for Zaqar.
      e.g. { zaqar-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
    default: {}
    type: json
  ZaqarWorkers:
    type: string
    description: Set the number of workers for zaqar::wsgi::apache
    default: '%{::os_workers}'
  EnableInternalTLS:
    type: boolean
    default: false

conditions:
  zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]}

resources:

  ApacheServiceBase:
    type: ./apache.yaml
    properties:
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      EndpointMap: {get_param: EndpointMap}
      EnableInternalTLS: {get_param: EnableInternalTLS}

outputs:
  role_data:
    description: Shared role data for the Heat services.
    value:
      service_name: zaqar
      config_settings:
        map_merge:
          - get_attr: [ApacheServiceBase, role_data, config_settings]
          - zaqar::policy::policies: {get_param: ZaqarPolicies}
            zaqar::keystone::authtoken::password: {get_param: ZaqarPassword}
            zaqar::keystone::authtoken::project_name: 'service'
            zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
            zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
            zaqar::debug: {get_param: Debug}
            zaqar::server::service_name: 'httpd'
            zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]}
            zaqar::wsgi::apache::ssl: false
            zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
            zaqar::message_pipeline: 'zaqar.notification.notifier'
            zaqar::unreliable: true
            zaqar::wsgi::apache::servername:
              str_replace:
                template:
                  "%{hiera('fqdn_$NETWORK')}"
                params:
                  $NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
          -
            if:
            - zaqar_workers_zero
            - {}
            - zaqar::wsgi::apache::workers: {get_param: ZaqarWorkers}
      service_config_settings:
        keystone:
          zaqar::keystone::auth::password: {get_param: ZaqarPassword}
          zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]}
          zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]}
          zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]}
          zaqar::keystone::auth::region: {get_param: KeystoneRegion}
          zaqar::keystone::auth::tenant: 'service'
          zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword}
          zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]}
          zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]}
          zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
          zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion}
          zaqar::keystone::auth_websocket::tenant: 'service'

      step_config: |
        include ::tripleo::profile::base::zaqar
      upgrade_tasks:
        yaql:
          expression: $.data.apache_upgrade + $.data.zaqar_upgrade
          data:
            apache_upgrade:
              get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
            zaqar_upgrade:
              - name: Check if zaqar is deployed
                command: systemctl is-enabled openstack-zaqar
                tags: common
                ignore_errors: True
                register: zaqar_enabled
              - name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
                shell: >
                  /usr/bin/systemctl show 'openstack-zaqar' --property ActiveState |
                  grep '\bactive\b'
                when: zaqar_enabled.rc == 0
                tags: step0,validation
              - name: Check for zaqar running under apache (post upgrade)
                tags: step1
                shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi"
                register: zaqar_apache
                ignore_errors: true
              - name: Stop zaqar service (running under httpd)
                tags: step1
                service: name=httpd state=stopped
                when: zaqar_apache.rc == 0
              - name: Stop and disable zaqar service (pre-upgrade not under httpd)
                tags: step1
                when: zaqar_enabled.rc == 0
                service: name=openstack-zaqar state=stopped enabled=no
              - name: Install openstack-zaqar package if it was disabled
                tags: step3
                yum: name=openstack-zaqar state=latest
                when: zaqar_enabled.rc != 0