Code Review / apex-tripleo-heat-templates.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Merge "Switch mistral to use authtoken configuration"
[apex-tripleo-heat-templates.git] / puppet / services / heat-engine.yaml
diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml
index fba80c5..3f0e410 100644 (file)
--- a/puppet/services/heat-engine.yaml
+++ b/puppet/services/heat-engine.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
 
 description: >
   Openstack Heat Engine service configured with Puppet
@@ -35,6 +35,19 @@ parameters:
     description: Password for heat_stack_domain_admin user.
     type: string
     hidden: true
+  HeatAuthEncryptionKey:
+    description: Auth encryption key for heat-engine
+    type: string
+    hidden: true
+    default: ''
+  MonitoringSubscriptionHeatEngine:
+    default: 'overcloud-heat-engine'
+    type: string
+  HeatEngineLoggingSource:
+    type: json
+    default:
+      tag: openstack.heat.engine
+      path: /var/log/heat/heat-engine.log
 
 resources:
   HeatBase:
@@ -49,6 +62,10 @@ outputs:
     description: Role data for the Heat Engine role.
     value:
       service_name: heat_engine
+      monitoring_subscription: {get_param: MonitoringSubscriptionHeatEngine}
+      logging_source: {get_param: HeatEngineLoggingSource}
+      logging_groups:
+        - heat
       config_settings:
         map_merge:
           - get_attr: [HeatBase, role_data, config_settings]
@@ -66,15 +83,26 @@ outputs:
                   - {get_param: [EndpointMap, MysqlInternal, host]}
                   - '/heat'
             heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]}
-            heat::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
-            heat::keystone_password: {get_param: HeatPassword}
-            heat::db::mysql::password: {get_param: HeatPassword}
             heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword}
-            heat::db::mysql::user: heat
-            heat::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
-            heat::db::mysql::dbname: heat
-            heat::db::mysql::allowed_hosts:
-              - '%'
-              - "%{hiera('mysql_bind_host')}"
+            heat::engine::auth_encryption_key:
+              yaql:
+                expression: $.data.passwords.where($ != '').first()
+                data:
+                  passwords:
+                    - {get_param: HeatAuthEncryptionKey}
+                    - {get_param: [DefaultPasswords, heat_auth_encryption_key]}
       step_config: |
         include ::tripleo::profile::base::heat::engine
+
+      service_config_settings:
+        mysql:
+          heat::db::mysql::password: {get_param: HeatPassword}
+          heat::db::mysql::user: heat
+          heat::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+          heat::db::mysql::dbname: heat
+          heat::db::mysql::allowed_hosts:
+            - '%'
+            - "%{hiera('mysql_bind_host')}"
+        keystone:
+            # This is needed because the keystone profile handles creating the domain
+            tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword}