Change flat network name for nosdn fdio scenario

[apex-tripleo-heat-templates.git] / puppet / services / heat-api-cfn.yaml

heat_template_version: pike

description: >
  Openstack Heat CloudFormation API service configured with Puppet

parameters:
  ServiceData:
    default: {}
    description: Dictionary packing service data
    type: json
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  HeatWorkers:
    default: 0
    description: Number of workers for Heat service.
    type: number
  HeatPassword:
    description: The password for the Heat service and db account, used by the Heat services.
    type: string
    hidden: true
  KeystoneRegion:
    type: string
    default: 'regionOne'
    description: Keystone region for endpoint
  MonitoringSubscriptionHeatApiCnf:
    default: 'overcloud-heat-api-cfn'
    type: string
  HeatApiCfnLoggingSource:
    type: json
    default:
      tag: openstack.heat.api.cfn
      path: /var/log/heat/heat-api-cfn.log
  EnableInternalTLS:
    type: boolean
    default: false

conditions:
  heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]}

resources:

  ApacheServiceBase:
    type: ./apache.yaml
    properties:
      ServiceData: {get_param: ServiceData}
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      EndpointMap: {get_param: EndpointMap}
      RoleName: {get_param: RoleName}
      RoleParameters: {get_param: RoleParameters}
      EnableInternalTLS: {get_param: EnableInternalTLS}

  HeatBase:
    type: ./heat-base.yaml
    properties:
      ServiceData: {get_param: ServiceData}
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      EndpointMap: {get_param: EndpointMap}
      RoleName: {get_param: RoleName}
      RoleParameters: {get_param: RoleParameters}

outputs:
  role_data:
    description: Role data for the Heat CloudFormation API role.
    value:
      service_name: heat_api_cfn
      monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCnf}
      logging_source: {get_param: HeatApiCfnLoggingSource}
      logging_groups:
        - heat
      config_settings:
        map_merge:
          - get_attr: [HeatBase, role_data, config_settings]
          - get_attr: [ApacheServiceBase, role_data, config_settings]
          - tripleo.heat_api_cfn.firewall_rules:
              '125 heat_cfn':
                dport:
                  - 8000
                  - 13800
            heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
            heat::wsgi::apache_api_cfn::ssl: {get_param: EnableInternalTLS}
            heat::api_cfn::service_name: 'httpd'
            # NOTE: bind IP is found in Heat replacing the network name with the local node IP
            # for the given network; replacement examples (eg. for internal_api):
            # internal_api -> IP
            # internal_api_uri -> [IP]
            # internal_api_subnet - > IP/CIDR
            heat::wsgi::apache_api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
            heat::wsgi::apache_api_cfn::servername:
              str_replace:
                template:
                  "%{hiera('fqdn_$NETWORK')}"
                params:
                  $NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
          -
            if:
            - heat_workers_zero
            - {}
            - heat::wsgi::apache_api_cfn::workers: {get_param: HeatWorkers}
      step_config: |
        include ::tripleo::profile::base::heat::api_cfn
      service_config_settings:
        keystone:
          map_merge:
            - get_attr: [HeatBase, role_data, service_config_settings, keystone]
            - heat::keystone::auth_cfn::tenant: 'service'
              heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]}
              heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]}
              heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
              heat::keystone::auth_cfn::password: {get_param: HeatPassword}
              heat::keystone::auth_cfn::region: {get_param: KeystoneRegion}
      metadata_settings:
        get_attr: [ApacheServiceBase, role_data, metadata_settings]
      upgrade_tasks:
        - name: Check if heat_api_cfn is deployed
          command: systemctl is-enabled openstack-heat-api-cfn
          tags: common
          ignore_errors: True
          register: heat_api_cfn_enabled
        - name: "PreUpgrade step0,validation: Check service openstack-heat-api-cfn is running"
          shell: /usr/bin/systemctl show 'openstack-heat-api-cfn' --property ActiveState | grep '\bactive\b'
          when: heat_api_cfn_enabled.rc == 0
          tags: step0,validation
        - name: check for heat_api_cfn running under apache (post upgrade)
          tags: step1
          shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_cfn_wsgi"
          register: heat_api_cfn_apache
          ignore_errors: true
        - name: Stop heat_api_cfn service (running under httpd)
          tags: step1
          service: name=httpd state=stopped
          when: heat_api_cfn_apache.rc == 0
        - name: Stop and disable heat_api_cfn service (pre-upgrade not under httpd)
          tags: step1
          when: heat_api_cfn_enabled.rc == 0
          service: name=openstack-heat-api-cfn state=stopped enabled=no