Code Review / apex-tripleo-heat-templates.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Adds service for managing securetty
[apex-tripleo-heat-templates.git] / puppet / services / cinder-api.yaml
diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml
index 376ea2c..c1e6b0b 100644 (file)
--- a/puppet/services/cinder-api.yaml
+++ b/puppet/services/cinder-api.yaml
@@ -46,6 +46,12 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
+  CinderApiPolicies:
+    description: |
+      A hash of policies to configure for Cinder API.
+      e.g. { cinder-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
+    default: {}
+    type: json
 
 conditions:
   cinder_workers_zero: {equals : [{get_param: CinderWorkers}, 0]}
@@ -80,18 +86,21 @@ outputs:
         map_merge:
           - get_attr: [CinderBase, role_data, config_settings]
           - get_attr: [ApacheServiceBase, role_data, config_settings]
-          - cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
-            cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+          - cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+            cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
             cinder::keystone::authtoken::password: {get_param: CinderPassword}
             cinder::keystone::authtoken::project_name: 'service'
+            cinder::keystone::authtoken::user_domain_name: 'Default'
+            cinder::keystone::authtoken::project_domain_name: 'Default'
+            cinder::policy::policies: {get_param: CinderApiPolicies}
             cinder::api::enable_proxy_headers_parsing: true
 
-            cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL'
+            cinder::api::nova_catalog_info: 'compute:nova:internalURL'
+            cinder::api::nova_catalog_admin_info: 'compute:nova:adminURL'
             # TODO(emilien) move it to puppet-cinder
             cinder::config:
               DEFAULT/swift_catalog_info:
                 value: 'object-store:swift:internalURL'
-            cinder::glance::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
             tripleo::profile::base::cinder::cinder_enable_db_purge: {get_param: CinderEnableDBPurge}
             tripleo.cinder_api.firewall_rules:
               '119 cinder':
@@ -147,3 +156,28 @@ outputs:
           cinder::db::mysql::allowed_hosts:
             - '%'
             - "%{hiera('mysql_bind_host')}"
+      metadata_settings:
+        get_attr: [ApacheServiceBase, role_data, metadata_settings]
+      upgrade_tasks:
+        - name: Check if cinder_api is deployed
+          command: systemctl is-enabled openstack-cinder-api
+          tags: common
+          ignore_errors: True
+          register: cinder_api_enabled
+        - name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running"
+          shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b'
+          when: cinder_api_enabled.rc == 0
+          tags: step0,validation
+        - name: check for cinder running under apache (post upgrade)
+          tags: step1
+          shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder"
+          register: cinder_apache
+          ignore_errors: true
+        - name: Stop cinder_api service (running under httpd)
+          tags: step1
+          service: name=httpd state=stopped
+          when: cinder_apache.rc == 0
+        - name: Stop and disable cinder_api service (pre-upgrade not under httpd)
+          tags: step1
+          when: cinder_api_enabled.rc == 0
+          service: name=openstack-cinder-api state=stopped enabled=no