Add IPv6 disable option

[apex-tripleo-heat-templates.git] / puppet / services / congress.yaml

diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml
index 6855a83..1d9eecb 100644 (file)
--- a/puppet/services/congress.yaml
+++ b/puppet/services/congress.yaml
@@ -47,6 +47,12 @@ parameters:
     default: 5672
     description: Set rabbit subscriber port, change this if using SSL
     type: number
+  CongressPolicies:
+    description: |
+      A hash of policies to configure for Congress.
+      e.g. { congress-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
+    default: {}
+    type: json
 
 outputs:
   role_data:
@@ -65,9 +71,6 @@ outputs:
               - {get_param: [EndpointMap, MysqlInternal, host]}
               - '/congress'
               - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
-        congress::keystone::auth::tenant: 'service'
-        congress::keystone::auth::password: {get_param: CongressPassword}
-        congress::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
         congress::debug: {get_param: Debug}
         congress::rpc_backend: rabbit
         congress::rabbit_userid: {get_param: RabbitUserName}
@@ -76,6 +79,12 @@ outputs:
         congress::rabbit_port: {get_param: RabbitClientPort}
         congress::server::bind_host: {get_param: [ServiceNetMap, CongressApiNetwork]}
 
+        congress::keystone::authtoken::project_name: 'service'
+        congress::keystone::authtoken::user_domain_name: 'Default'
+        congress::keystone::authtoken::project_domain_name: 'Default'
+        congress::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+        congress::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+
         congress::db::mysql::password: {get_param: CongressPassword}
         congress::db::mysql::user: congress
         congress::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
@@ -83,15 +92,35 @@ outputs:
         congress::db::mysql::allowed_hosts:
           - '%'
           - {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+        congress::policy::policies: {get_param: CongressPolicies}
 
+      service_config_settings:
+        keystone:
+          congress::keystone::auth::tenant: 'service'
+          congress::keystone::auth::region: {get_param: KeystoneRegion}
+          congress::keystone::auth::password: {get_param: CongressPassword}
+          congress::keystone::auth::public_url: {get_param: [EndpointMap, CongressPublic, uri]}
+          congress::keystone::auth::internal_url: {get_param: [EndpointMap, CongressInternal, uri]}
+          congress::keystone::auth::admin_url: {get_param: [EndpointMap, CongressAdmin, uri]}
 
       step_config: |
         include ::tripleo::profile::base::congress
 
       upgrade_tasks:
+        - name: Check if congress is deployed
+          command: systemctl is-enabled openstack-congress-server
+          tags: common
+          ignore_errors: True
+          register: congress_enabled
         - name: "PreUpgrade step0,validation: Check service openstack-congress-server is running"
           shell: /usr/bin/systemctl show 'openstack-congress-server' --property ActiveState | grep '\bactive\b'
+          when: congress_enabled.rc == 0
           tags: step0,validation
         - name: Stop congress service
-          tags: step2
+          tags: step1
+          when: congress_enabled.rc == 0
           service: name=openstack-congress-server state=stopped
+        - name: Install openstack-congress package if it was disabled
+          tags: step3
+          yum: name=openstack-congress state=latest
+          when: congress_enabled.rc != 0