-heat_template_version: 2016-04-08
+heat_template_version: ocata
description: >
OpenStack Barbican API service configured with Puppet
hidden: true
BarbicanWorkers:
description: Set the number of workers for barbican::wsgi::apache
- default: '"%{::processorcount}"'
+ default: '%{::processorcount}'
type: string
Debug:
default: ''
default: guest
description: The username for RabbitMQ
type: string
+ EnableInternalTLS:
+ type: boolean
+ default: false
resources:
- get_attr: [ApacheServiceBase, role_data, config_settings]
- barbican::keystone::authtoken::password: {get_param: BarbicanPassword}
barbican::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- barbican::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ barbican::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
barbican::keystone::authtoken::project_name: 'service'
barbican::api::host_href: {get_param: [EndpointMap, BarbicanPublic, uri]}
barbican::api::db_auto_create: false
barbican::api::rabbit_heartbeat_timeout_threshold: 60
barbican::api::service_name: 'httpd'
barbican::wsgi::apache::bind_host: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
- barbican::wsgi::apache::ssl: false
+ barbican::wsgi::apache::ssl: {get_param: EnableInternalTLS}
barbican::wsgi::apache::workers: {get_param: BarbicanWorkers}
barbican::wsgi::apache::servername:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ "%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
barbican::db::database_connection:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/barbican'
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
tripleo.barbican_api.firewall_rules:
'117 barbican':
dport:
barbican::keystone::auth::password: {get_param: BarbicanPassword}
barbican::keystone::auth::region: {get_param: KeystoneRegion}
barbican::keystone::auth::tenant: 'service'
+ nova_compute:
+ nova::compute::keymgr_api_class: >
+ castellan.key_manager.barbican_key_manager.BarbicanKeyManager
+ nova::compute::barbican_endpoint:
+ get_param: [EndpointMap, BarbicanInternal, uri]
+ nova::compute::barbican_auth_endpoint:
+ get_param: [EndpointMap, KeystoneV3Internal, uri_no_suffix]
+ cinder_api:
+ cinder::api::keymgr_api_class: >
+ castellan.key_manager.barbican_key_manager.BarbicanKeyManager
+ cinder::api::keymgr_encryption_api_url:
+ get_param: [EndpointMap, BarbicanInternal, uri]
+ cinder::api::keymgr_encryption_auth_url:
+ get_param: [EndpointMap, KeystoneV3Internal, uri_no_suffix]
+ metadata_settings:
+ get_attr: [ApacheServiceBase, role_data, metadata_settings]
+ upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running"
+ shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation