From 5865d302c6a72a891620694bec31e83cc601c63c Mon Sep 17 00:00:00 2001 From: Matt Thompson Date: Wed, 25 Mar 2015 15:41:06 +0000 Subject: [PATCH] Heat config changes for kilo This commit does the following: - refreshes files/environment.d/default.yaml and files/templates/AWS_CloudWatch_Alarm.yaml from kilo - adds heat_max_nested_stack_depth and heat_trusts_delegated_roles variables (the default values of the config options these variables represent changed between juno and kilo and we now default to the kilo values while giving operators the ability to upgrade to kilo with the juno values) - adds heat_profiler_hmac_key, heat_profiler_enabled, and heat_profiler_trace_sqlalchemy variables which control the enablement of osprofiler - removes unneeded [clients_*] sections from templates/heat.conf.j2 - renames heat_clients_endpoint variable to heat_clients_endpoint - adds heat_clients_heat_endpoint so we can set [clients_heat] to use externalURL rather than internalURL Partially implements blueprint: master-kilofication Change-Id: If445d2ad394539a13fece656cb4089b042df542a --- etc/openstack_deploy/user_secrets.yml | 1 + playbooks/roles/os_heat/defaults/main.yml | 11 ++++- .../os_heat/files/environment.d/default.yaml | 5 ++- .../files/templates/AWS_CloudWatch_Alarm.yaml | 1 + .../roles/os_heat/tasks/heat_post_install.yml | 2 +- .../api-paste.ini.j2} | 4 +- .../roles/os_heat/templates/heat.conf.j2 | 43 ++++++------------- 7 files changed, 31 insertions(+), 36 deletions(-) rename playbooks/roles/os_heat/{files/api-paste.ini => templates/api-paste.ini.j2} (97%) diff --git a/etc/openstack_deploy/user_secrets.yml b/etc/openstack_deploy/user_secrets.yml index 38ceb37541..eb6c46e035 100644 --- a/etc/openstack_deploy/user_secrets.yml +++ b/etc/openstack_deploy/user_secrets.yml @@ -56,6 +56,7 @@ heat_auth_encryption_key: ### THE HEAT AUTH KEY NEEDS TO BE 32 CHARACTERS LONG ## heat_service_password: heat_cfn_service_password: +heat_profiler_hmac_key: ## Horizon Options horizon_container_mysql_password: diff --git a/playbooks/roles/os_heat/defaults/main.yml b/playbooks/roles/os_heat/defaults/main.yml index afdb96b0b4..48115e8c32 100644 --- a/playbooks/roles/os_heat/defaults/main.yml +++ b/playbooks/roles/os_heat/defaults/main.yml @@ -24,7 +24,8 @@ debug: False verbose: True heat_fatal_deprecations: False -heat_client_endpoint: internalURL +heat_clients_endpoint: internalURL +heat_clients_heat_endpoint: externalURL ## DB heat_galera_user: heat @@ -52,7 +53,15 @@ heat_stack_domain_description: Owns users and projects created by heat heat_stack_user_domain_name: heat heat_stack_admin_user_name: admin heat_stack_admin_tenant_name: admin +heat_max_nested_stack_depth: 5 + heat_deferred_auth_method: trusts +heat_trusts_delegated_roles: [] + +# osprofiler +heat_profiler_enabled: false +# heat_profiler_hmac_key is set in user_secrets.yml +heat_profiler_trace_sqlalchemy: false ## Auth heat_service_tenant_name: "service" diff --git a/playbooks/roles/os_heat/files/environment.d/default.yaml b/playbooks/roles/os_heat/files/environment.d/default.yaml index 388f37af82..143ee48c54 100644 --- a/playbooks/roles/os_heat/files/environment.d/default.yaml +++ b/playbooks/roles/os_heat/files/environment.d/default.yaml @@ -1,8 +1,9 @@ + resource_registry: # allow older templates with Quantum in them. "OS::Quantum*": "OS::Neutron*" # Choose your implementation of AWS::CloudWatch::Alarm - #"AWS::CloudWatch::Alarm": "file:///etc/heat/templates/AWS_CloudWatch_Alarm.yaml" - "AWS::CloudWatch::Alarm": "OS::Heat::CWLiteAlarm" + "AWS::CloudWatch::Alarm": "file:///etc/heat/templates/AWS_CloudWatch_Alarm.yaml" + #"AWS::CloudWatch::Alarm": "OS::Heat::CWLiteAlarm" "OS::Metering::Alarm": "OS::Ceilometer::Alarm" "AWS::RDS::DBInstance": "file:///etc/heat/templates/AWS_RDS_DBInstance.yaml" diff --git a/playbooks/roles/os_heat/files/templates/AWS_CloudWatch_Alarm.yaml b/playbooks/roles/os_heat/files/templates/AWS_CloudWatch_Alarm.yaml index e21e500d69..2e5f366251 100644 --- a/playbooks/roles/os_heat/files/templates/AWS_CloudWatch_Alarm.yaml +++ b/playbooks/roles/os_heat/files/templates/AWS_CloudWatch_Alarm.yaml @@ -43,6 +43,7 @@ Parameters: Default: '' Dimensions: Type: CommaDelimitedList + Default: '' Mappings: ComparisonOperatorMap: diff --git a/playbooks/roles/os_heat/tasks/heat_post_install.yml b/playbooks/roles/os_heat/tasks/heat_post_install.yml index 1b7a38ce40..7f60b1f3f5 100644 --- a/playbooks/roles/os_heat/tasks/heat_post_install.yml +++ b/playbooks/roles/os_heat/tasks/heat_post_install.yml @@ -21,6 +21,7 @@ group: "{{ heat_system_group_name }}" with_items: - { src: "heat.conf.j2", dest: "/etc/heat/heat.conf" } + - { src: "api-paste.ini.j2", dest: "/etc/heat/api-paste.ini" } notify: - Restart heat services tags: @@ -33,7 +34,6 @@ owner: "{{ heat_system_user_name }}" group: "{{ heat_system_group_name }}" with_items: - - { src: "api-paste.ini", dest: "/etc/heat/api-paste.ini" } - { src: "environment.d/default.yaml", dest: "/etc/heat/environment.d/default.yaml" } - { src: "policy.json", dest: "/etc/heat/policy.json" } - { src: "templates/AWS_CloudWatch_Alarm.yaml", dest: "/etc/heat/templates/AWS_CloudWatch_Alarm.yaml" } diff --git a/playbooks/roles/os_heat/files/api-paste.ini b/playbooks/roles/os_heat/templates/api-paste.ini.j2 similarity index 97% rename from playbooks/roles/os_heat/files/api-paste.ini rename to playbooks/roles/os_heat/templates/api-paste.ini.j2 index a0b48fe47e..0e8185dfa0 100644 --- a/playbooks/roles/os_heat/files/api-paste.ini +++ b/playbooks/roles/os_heat/templates/api-paste.ini.j2 @@ -100,5 +100,5 @@ paste.filter_factory = oslo.middleware.request_id:RequestId.factory [filter:osprofiler] paste.filter_factory = osprofiler.web:WsgiMiddleware.factory -hmac_keys = SECRET_KEY -enabled = yes +hmac_keys = {{ heat_profiler_hmac_key }} +enabled = {{ heat_profiler_enabled }} diff --git a/playbooks/roles/os_heat/templates/heat.conf.j2 b/playbooks/roles/os_heat/templates/heat.conf.j2 index d667d72eed..395104afd2 100644 --- a/playbooks/roles/os_heat/templates/heat.conf.j2 +++ b/playbooks/roles/os_heat/templates/heat.conf.j2 @@ -11,14 +11,16 @@ log_file = /var/log/heat/heat.log stack_domain_admin_password = {{ heat_stack_domain_admin_password }} stack_domain_admin = {{ heat_stack_domain_admin }} stack_user_domain_id = {{ hostvars[groups['heat_api'][0]]['stack_user_domain_id'] }} -deferred_auth_method = {{ heat_deferred_auth_method }} - -auth_encryption_key = {{ heat_auth_encryption_key }} - +max_nested_stack_depth = {{ heat_max_nested_stack_depth }} heat_watch_server_url = {{ heat_watch_server_url }} heat_waitcondition_server_url = {{ heat_waitcondition_server_url }} heat_metadata_server_url = {{ heat_metadata_server_url }} +deferred_auth_method = {{ heat_deferred_auth_method }} +trusts_delegated_roles = {{ heat_trusts_delegated_roles | join(',') }} + +auth_encryption_key = {{ heat_auth_encryption_key }} + ## RPC Backend rpc_backend = {{ heat_rpc_backend }} @@ -27,34 +29,10 @@ plugin_dirs = {{ heat_plugin_dirs | join(',') }} [clients] -endpoint_type = {{ heat_client_endpoint }} - -[clients_ceilometer] -endpoint_type = {{ heat_client_endpoint }} - -[clients_cinder] -endpoint_type = {{ heat_client_endpoint }} - -[clients_glance] -endpoint_type = {{ heat_client_endpoint }} +endpoint_type = {{ heat_clients_endpoint }} [clients_heat] -endpoint_type = {{ heat_client_endpoint }} - -[clients_keystone] -endpoint_type = {{ heat_client_endpoint }} - -[clients_neutron] -endpoint_type = {{ heat_client_endpoint }} - -[clients_nova] -endpoint_type = {{ heat_client_endpoint }} - -[clients_swift] -endpoint_type = {{ heat_client_endpoint }} - -[clients_trove] -endpoint_type = {{ heat_client_endpoint }} +endpoint_type = {{ heat_clients_heat_endpoint }} [database] connection = mysql://{{ heat_galera_user }}:{{ heat_container_mysql_password }}@{{ galera_address }}/{{ heat_galera_database }}?charset=utf8 @@ -79,6 +57,11 @@ rabbit_password = {{ rabbitmq_password }} rabbit_hosts = {{ rabbitmq_servers }} +[profiler] +profiler_enabled = {{ heat_profiler_enabled }} +trace_sqlalchemy = {{ heat_profiler_trace_sqlalchemy }} + + [keystone_authtoken] signing_dir = /var/cache/heat identity_uri = {{ keystone_service_adminuri }}