puppet/services/heat-api.yaml

   1 heat_template_version: pike
   2
   3 description: >
   4   Openstack Heat API service configured with Puppet
   5
   6 parameters:
   7   ServiceData:
   8     default: {}
   9     description: Dictionary packing service data
  10     type: json
  11   ServiceNetMap:
  12     default: {}
  13     description: Mapping of service_name -> network name. Typically set
  14                  via parameter_defaults in the resource registry.  This
  15                  mapping overrides those in ServiceNetMapDefaults.
  16     type: json
  17   DefaultPasswords:
  18     default: {}
  19     type: json
  20   RoleName:
  21     default: ''
  22     description: Role name on which the service is applied
  23     type: string
  24   RoleParameters:
  25     default: {}
  26     description: Parameters specific to the role
  27     type: json
  28   EndpointMap:
  29     default: {}
  30     description: Mapping of service endpoint -> protocol. Typically set
  31                  via parameter_defaults in the resource registry.
  32     type: json
  33   HeatWorkers:
  34     default: 0
  35     description: Number of workers for Heat service.
  36     type: number
  37   HeatPassword:
  38     description: The password for the Heat service and db account, used by the Heat services.
  39     type: string
  40     hidden: true
  41   KeystoneRegion:
  42     type: string
  43     default: 'regionOne'
  44     description: Keystone region for endpoint
  45   MonitoringSubscriptionHeatApi:
  46     default: 'overcloud-heat-api'
  47     type: string
  48   HeatApiLoggingSource:
  49     type: json
  50     default:
  51       tag: openstack.heat.api
  52       path: /var/log/heat/heat-api.log
  53   EnableInternalTLS:
  54     type: boolean
  55     default: false
  56   HeatApiPolicies:
  57     description: |
  58       A hash of policies to configure for Heat API.
  59       e.g. { heat-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
  60     default: {}
  61     type: json
  62
  63 conditions:
  64   heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]}
  65
  66 resources:
  67
  68   ApacheServiceBase:
  69     type: ./apache.yaml
  70     properties:
  71       ServiceData: {get_param: ServiceData}
  72       ServiceNetMap: {get_param: ServiceNetMap}
  73       DefaultPasswords: {get_param: DefaultPasswords}
  74       EndpointMap: {get_param: EndpointMap}
  75       RoleName: {get_param: RoleName}
  76       RoleParameters: {get_param: RoleParameters}
  77       EnableInternalTLS: {get_param: EnableInternalTLS}
  78
  79   HeatBase:
  80     type: ./heat-base.yaml
  81     properties:
  82       ServiceData: {get_param: ServiceData}
  83       ServiceNetMap: {get_param: ServiceNetMap}
  84       DefaultPasswords: {get_param: DefaultPasswords}
  85       EndpointMap: {get_param: EndpointMap}
  86       RoleName: {get_param: RoleName}
  87       RoleParameters: {get_param: RoleParameters}
  88
  89 outputs:
  90   role_data:
  91     description: Role data for the Heat API role.
  92     value:
  93       service_name: heat_api
  94       monitoring_subscription: {get_param: MonitoringSubscriptionHeatApi}
  95       logging_source: {get_param: HeatApiLoggingSource}
  96       logging_groups:
  97         - heat
  98       config_settings:
  99         map_merge:
 100           - get_attr: [HeatBase, role_data, config_settings]
 101           - get_attr: [ApacheServiceBase, role_data, config_settings]
 102           - tripleo.heat_api.firewall_rules:
 103               '125 heat_api':
 104                 dport:
 105                   - 8004
 106                   - 13004
 107             heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
 108             heat::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
 109             heat::policy::policies: {get_param: HeatApiPolicies}
 110             heat::api::service_name: 'httpd'
 111             # NOTE: bind IP is found in Heat replacing the network name with the local node IP
 112             # for the given network; replacement examples (eg. for internal_api):
 113             # internal_api -> IP
 114             # internal_api_uri -> [IP]
 115             # internal_api_subnet - > IP/CIDR
 116             heat::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
 117             heat::wsgi::apache_api::servername:
 118               str_replace:
 119                 template:
 120                   "%{hiera('fqdn_$NETWORK')}"
 121                 params:
 122                   $NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]}
 123           -
 124             if:
 125             - heat_workers_zero
 126             - {}
 127             - heat::wsgi::apache_api::workers: {get_param: HeatWorkers}
 128       step_config: |
 129         include ::tripleo::profile::base::heat::api
 130       service_config_settings:
 131         keystone:
 132           map_merge:
 133             - get_attr: [HeatBase, role_data, service_config_settings, keystone]
 134             - heat::keystone::auth::tenant: 'service'
 135               heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]}
 136               heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]}
 137               heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
 138               heat::keystone::auth::password: {get_param: HeatPassword}
 139               heat::keystone::auth::region: {get_param: KeystoneRegion}
 140       metadata_settings:
 141         get_attr: [ApacheServiceBase, role_data, metadata_settings]
 142       upgrade_tasks:
 143         - name: Check is heat_api is deployed
 144           command: systemctl is-enabled openstack-heat-api
 145           tags: common
 146           ignore_errors: True
 147           register: heat_api_enabled
 148         - name: "PreUpgrade step0,validation: Check service openstack-heat-api is running"
 149           shell: /usr/bin/systemctl show 'openstack-heat-api' --property ActiveState | grep '\bactive\b'
 150           when: heat_api_enabled.rc == 0
 151           tags: step0,validation
 152         - name: check for heat_api running under apache (post upgrade)
 153           tags: step1
 154           shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_wsgi"
 155           register: heat_api_apache
 156           ignore_errors: true
 157         - name: Stop heat_api service (running under httpd)
 158           tags: step1
 159           service: name=httpd state=stopped
 160           when: heat_api_apache.rc == 0
 161         - name: Stop and disable heat_api service (pre-upgrade not under httpd)
 162           tags: step1
 163           when: heat_api_enabled.rc == 0
 164           service: name=openstack-heat-api state=stopped enabled=no