X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fservices%2Fheat-api-cfn.yaml;h=92d73cfb30df1fcb19fad677ee6fb072f4a9c1e6;hb=7ad4da51a2c22fa2f9c9362b78048099b5804dcc;hp=7908baae8e1df1e48c6dc42edd31bab1e2ad7ddb;hpb=378d831ebf4a160bc470b599e251409fce0b85ef;p=apex-tripleo-heat-templates.git

diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml
index 7908baae..92d73cfb 100644
--- a/puppet/services/heat-api-cfn.yaml
+++ b/puppet/services/heat-api-cfn.yaml
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Heat CloudFormation API service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -38,14 +46,33 @@ parameters:
     default:
       tag: openstack.heat.api.cfn
       path: /var/log/heat/heat-api-cfn.log
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+  heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]}
 
 resources:
+
+  ApacheServiceBase:
+    type: ./apache.yaml
+    properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+      EnableInternalTLS: {get_param: EnableInternalTLS}
+
   HeatBase:
     type: ./heat-base.yaml
     properties:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -59,19 +86,32 @@ outputs:
       config_settings:
         map_merge:
           - get_attr: [HeatBase, role_data, config_settings]
-          - heat::api_cfn::workers: {get_param: HeatWorkers}
-            tripleo.heat_api_cfn.firewall_rules:
+          - get_attr: [ApacheServiceBase, role_data, config_settings]
+          - tripleo.heat_api_cfn.firewall_rules:
               '125 heat_cfn':
                 dport:
                   - 8000
                   - 13800
-            # NOTE: bind IP is found in Heat replacing the network name with the
-            # local node IP for the given network; replacement examples
-            # (eg. for internal_api):
+            heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
+            heat::wsgi::apache_api_cfn::ssl: {get_param: EnableInternalTLS}
+            heat::api_cfn::service_name: 'httpd'
+            # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+            # for the given network; replacement examples (eg. for internal_api):
             # internal_api -> IP
             # internal_api_uri -> [IP]
             # internal_api_subnet - > IP/CIDR
-            heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
+            heat::wsgi::apache_api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
+            heat::wsgi::apache_api_cfn::servername:
+              str_replace:
+                template:
+                  "%{hiera('fqdn_$NETWORK')}"
+                params:
+                  $NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
+          -
+            if:
+            - heat_workers_zero
+            - {}
+            - heat::wsgi::apache_api_cfn::workers: {get_param: HeatWorkers}
       step_config: |
         include ::tripleo::profile::base::heat::api_cfn
       service_config_settings:
@@ -85,9 +125,25 @@ outputs:
               heat::keystone::auth_cfn::password: {get_param: HeatPassword}
               heat::keystone::auth_cfn::region: {get_param: KeystoneRegion}
       upgrade_tasks:
+        - name: Check if heat_api_cfn is deployed
+          command: systemctl is-enabled openstack-heat-api-cfn
+          tags: common
+          ignore_errors: True
+          register: heat_api_cfn_enabled
         - name: "PreUpgrade step0,validation: Check service openstack-heat-api-cfn is running"
           shell: /usr/bin/systemctl show 'openstack-heat-api-cfn' --property ActiveState | grep '\bactive\b'
+          when: heat_api_cfn_enabled.rc == 0
           tags: step0,validation
-        - name: Stop heat_api_cfn service
+        - name: check for heat_api_cfn running under apache (post upgrade)
+          tags: step1
+          shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_cfn_wsgi"
+          register: heat_api_cfn_apache
+          ignore_errors: true
+        - name: Stop heat_api_cfn service (running under httpd)
+          tags: step1
+          service: name=httpd state=stopped
+          when: heat_api_cfn_apache.rc == 0
+        - name: Stop and disable heat_api_cfn service (pre-upgrade not under httpd)
           tags: step1
-          service: name=openstack-heat-api-cfn state=stopped
+          when: heat_api_cfn_apache.rc == 0
+          service: name=openstack-heat-api-cfn state=stopped enabled=no