-heat_template_version: 2016-10-14
+heat_template_version: ocata
description: >
Apache service configured with Puppet. Note this is typically included
automatically via other services which run via Apache.
parameters:
+ ApacheMaxRequestWorkers:
+ default: 256
+ description: Maximum number of simultaneously processed requests.
+ type: number
+ ApacheServerLimit:
+ default: 256
+ description: Maximum number of Apache processes.
+ type: number
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+
+resources:
+
+ ApacheTLS:
+ type: OS::TripleO::Services::ApacheTLS
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
outputs:
role_data:
value:
service_name: apache
config_settings:
- # for the given network; replacement examples (eg. for internal_api):
- # internal_api -> IP
- # internal_api_uri -> [IP]
- # internal_api_subnet - > IP/CIDR
- apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]}
- apache_remote_proxy_ips_network:
- str_replace:
- template: "NETWORK_subnet"
- params:
- NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
- apache::mod::remoteip::proxy_ips:
- - "%{hiera('apache_remote_proxy_ips_network')}"
+ map_merge:
+ - get_attr: [ApacheTLS, role_data, config_settings]
+ -
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]}
+ apache::server_signature: 'Off'
+ apache::server_tokens: 'Prod'
+ apache_remote_proxy_ips_network:
+ str_replace:
+ template: "NETWORK_subnet"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
+ apache::mod::prefork::maxclients: { get_param: ApacheMaxRequestWorkers }
+ apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit }
+ apache::mod::remoteip::proxy_ips:
+ - "%{hiera('apache_remote_proxy_ips_network')}"
+ metadata_settings:
+ get_attr: [ApacheTLS, role_data, metadata_settings]
+ upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service httpd is running"
+ shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation