Heat config changes for kilo

This commit does the following:

- refreshes files/environment.d/default.yaml and
  files/templates/AWS_CloudWatch_Alarm.yaml from kilo
- adds heat_max_nested_stack_depth and heat_trusts_delegated_roles
  variables (the default values of the config options these variables
  represent changed between juno and kilo and we now default to the
  kilo values while giving operators the ability to upgrade to kilo
  with the juno values)
- adds heat_profiler_hmac_key, heat_profiler_enabled, and
  heat_profiler_trace_sqlalchemy variables which control the enablement of
  osprofiler
- removes unneeded [clients_*] sections from templates/heat.conf.j2
- renames heat_clients_endpoint variable to heat_clients_endpoint
- adds heat_clients_heat_endpoint so we can set [clients_heat] to use
  externalURL rather than internalURL

Partially implements blueprint: master-kilofication

Change-Id: If445d2ad394539a13fece656cb4089b042df542a

etc/openstack_deploy/user_secrets.yml

@@ -56,6 +56,7 @@ heat_auth_encryption_key:
 ### THE HEAT AUTH KEY NEEDS TO BE 32 CHARACTERS LONG ##
 heat_service_password:
 heat_cfn_service_password:
+heat_profiler_hmac_key:
 
 ## Horizon Options
 horizon_container_mysql_password:

playbooks/roles/os_heat/defaults/main.yml

@@ -24,7 +24,8 @@ debug: False
 verbose: True
 heat_fatal_deprecations: False
 
-heat_client_endpoint: internalURL
+heat_clients_endpoint: internalURL
+heat_clients_heat_endpoint: externalURL
 
 ## DB
 heat_galera_user: heat
@@ -52,7 +53,15 @@ heat_stack_domain_description: Owns users and projects created by heat
 heat_stack_user_domain_name: heat
 heat_stack_admin_user_name: admin
 heat_stack_admin_tenant_name: admin
+heat_max_nested_stack_depth: 5
+
 heat_deferred_auth_method: trusts
+heat_trusts_delegated_roles: []
+
+# osprofiler
+heat_profiler_enabled: false
+# heat_profiler_hmac_key is set in user_secrets.yml
+heat_profiler_trace_sqlalchemy: false
 
 ## Auth
 heat_service_tenant_name: "service"

playbooks/roles/os_heat/files/environment.d/default.yaml

@@ -1,8 +1,9 @@
+
 resource_registry:
     # allow older templates with Quantum in them.
     "OS::Quantum*": "OS::Neutron*"
     # Choose your implementation of AWS::CloudWatch::Alarm
-    #"AWS::CloudWatch::Alarm": "file:///etc/heat/templates/AWS_CloudWatch_Alarm.yaml"
-    "AWS::CloudWatch::Alarm": "OS::Heat::CWLiteAlarm"
+    "AWS::CloudWatch::Alarm": "file:///etc/heat/templates/AWS_CloudWatch_Alarm.yaml"
+    #"AWS::CloudWatch::Alarm": "OS::Heat::CWLiteAlarm"
     "OS::Metering::Alarm": "OS::Ceilometer::Alarm"
     "AWS::RDS::DBInstance": "file:///etc/heat/templates/AWS_RDS_DBInstance.yaml"

playbooks/roles/os_heat/files/templates/AWS_CloudWatch_Alarm.yaml

@@ -43,6 +43,7 @@ Parameters:
    Default: ''
   Dimensions:
    Type: CommaDelimitedList
+   Default: ''
 
 Mappings:
   ComparisonOperatorMap:

playbooks/roles/os_heat/tasks/heat_post_install.yml

@@ -21,6 +21,7 @@
     group: "{{ heat_system_group_name }}"
   with_items:
     - { src: "heat.conf.j2", dest: "/etc/heat/heat.conf" }
+    - { src: "api-paste.ini.j2", dest: "/etc/heat/api-paste.ini" }
   notify:
     - Restart heat services
   tags:
@@ -33,7 +34,6 @@
     owner: "{{ heat_system_user_name }}"
     group: "{{ heat_system_group_name }}"
   with_items:
-    - { src: "api-paste.ini", dest: "/etc/heat/api-paste.ini" }
     - { src: "environment.d/default.yaml", dest: "/etc/heat/environment.d/default.yaml" }
     - { src: "policy.json", dest: "/etc/heat/policy.json" }
     - { src: "templates/AWS_CloudWatch_Alarm.yaml", dest: "/etc/heat/templates/AWS_CloudWatch_Alarm.yaml" }

playbooks/roles/os_heat/templates/api-paste.ini.j2

@@ -100,5 +100,5 @@ paste.filter_factory = oslo.middleware.request_id:RequestId.factory
 
 [filter:osprofiler]
 paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
-hmac_keys = SECRET_KEY
-enabled = yes
+hmac_keys = {{ heat_profiler_hmac_key }}
+enabled = {{ heat_profiler_enabled }}

playbooks/roles/os_heat/templates/heat.conf.j2

@@ -11,14 +11,16 @@ log_file = /var/log/heat/heat.log
 stack_domain_admin_password = {{ heat_stack_domain_admin_password }}
 stack_domain_admin = {{ heat_stack_domain_admin }}
 stack_user_domain_id = {{ hostvars[groups['heat_api'][0]]['stack_user_domain_id'] }}
-deferred_auth_method = {{ heat_deferred_auth_method }}
-
-auth_encryption_key = {{ heat_auth_encryption_key }}
-
+max_nested_stack_depth = {{ heat_max_nested_stack_depth }}
 heat_watch_server_url = {{ heat_watch_server_url }}
 heat_waitcondition_server_url = {{ heat_waitcondition_server_url }}
 heat_metadata_server_url = {{ heat_metadata_server_url }}
 
+deferred_auth_method = {{ heat_deferred_auth_method }}
+trusts_delegated_roles = {{ heat_trusts_delegated_roles | join(',') }}
+
+auth_encryption_key = {{ heat_auth_encryption_key }}
+
 ## RPC Backend
 rpc_backend = {{ heat_rpc_backend }}
 
@@ -27,34 +29,10 @@ plugin_dirs = {{ heat_plugin_dirs | join(',') }}
 
 
 [clients]
-endpoint_type = {{ heat_client_endpoint }}
-
-[clients_ceilometer]
-endpoint_type = {{ heat_client_endpoint }}
-
-[clients_cinder]
-endpoint_type = {{ heat_client_endpoint }}
-
-[clients_glance]
-endpoint_type = {{ heat_client_endpoint }}
+endpoint_type = {{ heat_clients_endpoint }}
 
 [clients_heat]
-endpoint_type = {{ heat_client_endpoint }}
-
-[clients_keystone]
-endpoint_type = {{ heat_client_endpoint }}
-
-[clients_neutron]
-endpoint_type = {{ heat_client_endpoint }}
-
-[clients_nova]
-endpoint_type = {{ heat_client_endpoint }}
-
-[clients_swift]
-endpoint_type = {{ heat_client_endpoint }}
-
-[clients_trove]
-endpoint_type = {{ heat_client_endpoint }}
+endpoint_type = {{ heat_clients_heat_endpoint }}
 
 [database]
 connection = mysql://{{ heat_galera_user }}:{{ heat_container_mysql_password }}@{{ galera_address }}/{{ heat_galera_database }}?charset=utf8
@@ -79,6 +57,11 @@ rabbit_password = {{ rabbitmq_password }}
 rabbit_hosts = {{ rabbitmq_servers }}
 
 
+[profiler]
+profiler_enabled = {{ heat_profiler_enabled }}
+trace_sqlalchemy = {{ heat_profiler_trace_sqlalchemy }}
+
+
 [keystone_authtoken]
 signing_dir = /var/cache/heat
 identity_uri = {{ keystone_service_adminuri }}