Code Review / apex-tripleo-heat-templates.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Adds service for managing securetty
[apex-tripleo-heat-templates.git] / puppet / services / ec2-api.yaml
diff --git a/puppet/services/ec2-api.yaml b/puppet/services/ec2-api.yaml
index 002342b..d1adefe 100644 (file)
--- a/puppet/services/ec2-api.yaml
+++ b/puppet/services/ec2-api.yaml
@@ -42,6 +42,12 @@ parameters:
     default: 'false'
     description: Set to true to enable package installation via Puppet
     type: boolean
+  Ec2ApiPolicies:
+    description: |
+      A hash of policies to configure for EC2-API.
+      e.g. { ec2api-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
+    default: {}
+    type: json
 
 
 conditions:
@@ -67,18 +73,19 @@ outputs:
           ec2api::keystone::authtoken::password: {get_param: Ec2ApiPassword}
           ec2api::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
           ec2api::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+          ec2api::policy::policies: {get_param: Ec2ApiPolicies}
           ec2api::api::enabled: true
           ec2api::package_manage: {get_param: EnablePackageInstall}
           ec2api::api::ec2api_listen:
             str_replace:
               template:
-                '"%{::fqdn_$NETWORK}"'
+                "%{hiera('fqdn_$NETWORK')}"
               params:
                 $NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
           ec2api::metadata::metadata_listen:
             str_replace:
               template:
-                '"%{::fqdn_$NETWORK}"'
+                "%{hiera('fqdn_$NETWORK')}"
               params:
                 $NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
           ec2api::db::database_connection:
@@ -90,8 +97,12 @@ outputs:
                 - '@'
                 - {get_param: [EndpointMap, MysqlInternal, host]}
                 - '/ec2_api'
-                - '?bind_address='
-                - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+                - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+          ec2api::api::keystone_ec2_tokens_url:
+            list_join:
+              - ''
+              - - {get_param: [EndpointMap, KeystoneV3Internal, uri]}
+                - '/ec2tokens'
         -
           if:
           - nova_workers_zero
@@ -116,3 +127,24 @@ outputs:
           ec2api::db::mysql::allowed_hosts:
             - '%'
             - "%{hiera('mysql_bind_host')}"
+      upgrade_tasks:
+        - name: Check if ec2-api is deployed
+          command: systemctl is-enabled openstack-ec2-api
+          tags: common
+          ignore_errors: True
+          register: ec2_api_enabled
+        - name: "PreUpgrade step0,validation: Check if openstack-ec2-api is running"
+          shell: >
+            /usr/bin/systemctl show 'openstack-ec2-api' --property ActiveState |
+            grep '\bactive\b'
+          when: ec2_api_enabled.rc == 0
+          tags: step0,validation
+        - name: Stop openstack-ec2-api service
+          tags: step1
+          when: ec2_api_enabled.rc == 0
+          service: name=openstack-ec2-api state=stopped
+        - name: Install openstack-ec2-api package if it was disabled
+          tags: step3
+          yum: name=openstack-ec2-api state=latest
+          when: ec2_api_enabled.rc != 0
+