puppet/services/cinder-api.yaml

   1 heat_template_version: pike
   2
   3 description: >
   4   OpenStack Cinder API service configured with Puppet
   5
   6 parameters:
   7   CinderEnableDBPurge:
   8     default: true
   9     description: |
  10       Whether to create cron job for purging soft deleted rows in Cinder database.
  11     type: boolean
  12   CinderPassword:
  13     description: The password for the cinder service account, used by cinder-api.
  14     type: string
  15     hidden: true
  16   ServiceData:
  17     default: {}
  18     description: Dictionary packing service data
  19     type: json
  20   ServiceNetMap:
  21     default: {}
  22     description: Mapping of service_name -> network name. Typically set
  23                  via parameter_defaults in the resource registry.  This
  24                  mapping overrides those in ServiceNetMapDefaults.
  25     type: json
  26   DefaultPasswords:
  27     default: {}
  28     type: json
  29   RoleName:
  30     default: ''
  31     description: Role name on which the service is applied
  32     type: string
  33   RoleParameters:
  34     default: {}
  35     description: Parameters specific to the role
  36     type: json
  37   EndpointMap:
  38     default: {}
  39     description: Mapping of service endpoint -> protocol. Typically set
  40                  via parameter_defaults in the resource registry.
  41     type: json
  42   KeystoneRegion:
  43     type: string
  44     default: 'regionOne'
  45     description: Keystone region for endpoint
  46   MonitoringSubscriptionCinderApi:
  47     default: 'overcloud-cinder-api'
  48     type: string
  49   CinderApiLoggingSource:
  50     type: json
  51     default:
  52       tag: openstack.cinder.api
  53       path: /var/log/cinder/cinder-api.log
  54   CinderWorkers:
  55     type: string
  56     description: Set the number of workers for cinder::wsgi::apache
  57     default: '%{::os_workers}'
  58   EnableInternalTLS:
  59     type: boolean
  60     default: false
  61   CinderApiPolicies:
  62     description: |
  63       A hash of policies to configure for Cinder API.
  64       e.g. { cinder-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
  65     default: {}
  66     type: json
  67   NotificationDriver:
  68     type: string
  69     default: 'messagingv2'
  70     description: Driver or drivers to handle sending notifications.
  71     constraints:
  72       - allowed_values: [ 'messagingv2', 'noop' ]
  73
  74 conditions:
  75   cinder_workers_zero: {equals : [{get_param: CinderWorkers}, 0]}
  76
  77 resources:
  78
  79   ApacheServiceBase:
  80     type: ./apache.yaml
  81     properties:
  82       ServiceData: {get_param: ServiceData}
  83       ServiceNetMap: {get_param: ServiceNetMap}
  84       DefaultPasswords: {get_param: DefaultPasswords}
  85       EndpointMap: {get_param: EndpointMap}
  86       RoleName: {get_param: RoleName}
  87       RoleParameters: {get_param: RoleParameters}
  88       EnableInternalTLS: {get_param: EnableInternalTLS}
  89
  90   CinderBase:
  91     type: ./cinder-base.yaml
  92     properties:
  93       ServiceData: {get_param: ServiceData}
  94       ServiceNetMap: {get_param: ServiceNetMap}
  95       DefaultPasswords: {get_param: DefaultPasswords}
  96       EndpointMap: {get_param: EndpointMap}
  97       RoleName: {get_param: RoleName}
  98       RoleParameters: {get_param: RoleParameters}
  99
 100 outputs:
 101   role_data:
 102     description: Role data for the Cinder API role.
 103     value:
 104       service_name: cinder_api
 105       monitoring_subscription: {get_param: MonitoringSubscriptionCinderApi}
 106       logging_source: {get_param: CinderApiLoggingSource}
 107       logging_groups:
 108         - cinder
 109       config_settings:
 110         map_merge:
 111           - get_attr: [CinderBase, role_data, config_settings]
 112           - get_attr: [ApacheServiceBase, role_data, config_settings]
 113           - cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 114             cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 115             cinder::keystone::authtoken::password: {get_param: CinderPassword}
 116             cinder::keystone::authtoken::project_name: 'service'
 117             cinder::keystone::authtoken::user_domain_name: 'Default'
 118             cinder::keystone::authtoken::project_domain_name: 'Default'
 119             cinder::policy::policies: {get_param: CinderApiPolicies}
 120             cinder::ceilometer::notification_driver: {get_param: NotificationDriver}
 121             cinder::api::enable_proxy_headers_parsing: true
 122
 123             cinder::api::nova_catalog_info: 'compute:nova:internalURL'
 124             cinder::api::nova_catalog_admin_info: 'compute:nova:adminURL'
 125             # TODO(emilien) move it to puppet-cinder
 126             cinder::config:
 127               DEFAULT/swift_catalog_info:
 128                 value: 'object-store:swift:internalURL'
 129             tripleo::profile::base::cinder::cinder_enable_db_purge: {get_param: CinderEnableDBPurge}
 130             tripleo.cinder_api.firewall_rules:
 131               '119 cinder':
 132                 dport:
 133                   - 8776
 134                   - 13776
 135             cinder::api::bind_host:
 136               str_replace:
 137                 template:
 138                   "%{hiera('fqdn_$NETWORK')}"
 139                 params:
 140                   $NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
 141             cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS}
 142             cinder::api::service_name: 'httpd'
 143             # NOTE: bind IP is found in Heat replacing the network name with the local node IP
 144             # for the given network; replacement examples (eg. for internal_api):
 145             # internal_api -> IP
 146             # internal_api_uri -> [IP]
 147             # internal_api_subnet - > IP/CIDR
 148             cinder::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
 149             cinder::wsgi::apache::servername:
 150               str_replace:
 151                 template:
 152                   "%{hiera('fqdn_$NETWORK')}"
 153                 params:
 154                   $NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
 155           -
 156             if:
 157             - cinder_workers_zero
 158             - {}
 159             - cinder::wsgi::apache::workers: {get_param: CinderWorkers}
 160       step_config: |
 161         include ::tripleo::profile::base::cinder::api
 162       service_config_settings:
 163         keystone:
 164           cinder::keystone::auth::tenant: 'service'
 165           cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]}
 166           cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
 167           cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
 168           cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
 169           cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
 170           cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
 171           cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]}
 172           cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]}
 173           cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]}
 174           cinder::keystone::auth::password: {get_param: CinderPassword}
 175           cinder::keystone::auth::region: {get_param: KeystoneRegion}
 176         mysql:
 177           cinder::db::mysql::password: {get_param: CinderPassword}
 178           cinder::db::mysql::user: cinder
 179           cinder::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
 180           cinder::db::mysql::dbname: cinder
 181           cinder::db::mysql::allowed_hosts:
 182             - '%'
 183             - "%{hiera('mysql_bind_host')}"
 184       metadata_settings:
 185         get_attr: [ApacheServiceBase, role_data, metadata_settings]
 186       upgrade_tasks:
 187         list_concat:
 188           - get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
 189           -
 190             - name: Check if cinder_api is deployed
 191               command: systemctl is-enabled openstack-cinder-api
 192               tags: common
 193               ignore_errors: True
 194               register: cinder_api_enabled
 195             - name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running"
 196               shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b'
 197               when: cinder_api_enabled.rc == 0
 198               tags: step0,validation
 199             - name: check for cinder running under apache (post upgrade)
 200               tags: step1
 201               shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder"
 202               register: cinder_apache
 203               ignore_errors: true
 204             - name: Stop cinder_api service (running under httpd)
 205               tags: step1
 206               service: name=httpd state=stopped
 207               when: cinder_apache.rc == 0
 208             - name: Stop and disable cinder_api service (pre-upgrade not under httpd)
 209               tags: step1
 210               when: cinder_api_enabled.rc == 0
 211               service: name=openstack-cinder-api state=stopped enabled=no