diff --git a/etc/openstack_deploy/user_secrets.yml b/etc/openstack_deploy/user_secrets.yml index 38ceb37541..eb6c46e035 100644 --- a/etc/openstack_deploy/user_secrets.yml +++ b/etc/openstack_deploy/user_secrets.yml @@ -56,6 +56,7 @@ heat_auth_encryption_key: ### THE HEAT AUTH KEY NEEDS TO BE 32 CHARACTERS LONG ## heat_service_password: heat_cfn_service_password: +heat_profiler_hmac_key: ## Horizon Options horizon_container_mysql_password: diff --git a/playbooks/roles/os_heat/defaults/main.yml b/playbooks/roles/os_heat/defaults/main.yml index afdb96b0b4..48115e8c32 100644 --- a/playbooks/roles/os_heat/defaults/main.yml +++ b/playbooks/roles/os_heat/defaults/main.yml @@ -24,7 +24,8 @@ debug: False verbose: True heat_fatal_deprecations: False -heat_client_endpoint: internalURL +heat_clients_endpoint: internalURL +heat_clients_heat_endpoint: externalURL ## DB heat_galera_user: heat @@ -52,7 +53,15 @@ heat_stack_domain_description: Owns users and projects created by heat heat_stack_user_domain_name: heat heat_stack_admin_user_name: admin heat_stack_admin_tenant_name: admin +heat_max_nested_stack_depth: 5 + heat_deferred_auth_method: trusts +heat_trusts_delegated_roles: [] + +# osprofiler +heat_profiler_enabled: false +# heat_profiler_hmac_key is set in user_secrets.yml +heat_profiler_trace_sqlalchemy: false ## Auth heat_service_tenant_name: "service" diff --git a/playbooks/roles/os_heat/files/environment.d/default.yaml b/playbooks/roles/os_heat/files/environment.d/default.yaml index 388f37af82..143ee48c54 100644 --- a/playbooks/roles/os_heat/files/environment.d/default.yaml +++ b/playbooks/roles/os_heat/files/environment.d/default.yaml @@ -1,8 +1,9 @@ + resource_registry: # allow older templates with Quantum in them. "OS::Quantum*": "OS::Neutron*" # Choose your implementation of AWS::CloudWatch::Alarm - #"AWS::CloudWatch::Alarm": "file:///etc/heat/templates/AWS_CloudWatch_Alarm.yaml" - "AWS::CloudWatch::Alarm": "OS::Heat::CWLiteAlarm" + "AWS::CloudWatch::Alarm": "file:///etc/heat/templates/AWS_CloudWatch_Alarm.yaml" + #"AWS::CloudWatch::Alarm": "OS::Heat::CWLiteAlarm" "OS::Metering::Alarm": "OS::Ceilometer::Alarm" "AWS::RDS::DBInstance": "file:///etc/heat/templates/AWS_RDS_DBInstance.yaml" diff --git a/playbooks/roles/os_heat/files/templates/AWS_CloudWatch_Alarm.yaml b/playbooks/roles/os_heat/files/templates/AWS_CloudWatch_Alarm.yaml index e21e500d69..2e5f366251 100644 --- a/playbooks/roles/os_heat/files/templates/AWS_CloudWatch_Alarm.yaml +++ b/playbooks/roles/os_heat/files/templates/AWS_CloudWatch_Alarm.yaml @@ -43,6 +43,7 @@ Parameters: Default: '' Dimensions: Type: CommaDelimitedList + Default: '' Mappings: ComparisonOperatorMap: diff --git a/playbooks/roles/os_heat/tasks/heat_post_install.yml b/playbooks/roles/os_heat/tasks/heat_post_install.yml index 1b7a38ce40..7f60b1f3f5 100644 --- a/playbooks/roles/os_heat/tasks/heat_post_install.yml +++ b/playbooks/roles/os_heat/tasks/heat_post_install.yml @@ -21,6 +21,7 @@ group: "{{ heat_system_group_name }}" with_items: - { src: "heat.conf.j2", dest: "/etc/heat/heat.conf" } + - { src: "api-paste.ini.j2", dest: "/etc/heat/api-paste.ini" } notify: - Restart heat services tags: @@ -33,7 +34,6 @@ owner: "{{ heat_system_user_name }}" group: "{{ heat_system_group_name }}" with_items: - - { src: "api-paste.ini", dest: "/etc/heat/api-paste.ini" } - { src: "environment.d/default.yaml", dest: "/etc/heat/environment.d/default.yaml" } - { src: "policy.json", dest: "/etc/heat/policy.json" } - { src: "templates/AWS_CloudWatch_Alarm.yaml", dest: "/etc/heat/templates/AWS_CloudWatch_Alarm.yaml" } diff --git a/playbooks/roles/os_heat/files/api-paste.ini b/playbooks/roles/os_heat/templates/api-paste.ini.j2 similarity index 97% rename from playbooks/roles/os_heat/files/api-paste.ini rename to playbooks/roles/os_heat/templates/api-paste.ini.j2 index a0b48fe47e..0e8185dfa0 100644 --- a/playbooks/roles/os_heat/files/api-paste.ini +++ b/playbooks/roles/os_heat/templates/api-paste.ini.j2 @@ -100,5 +100,5 @@ paste.filter_factory = oslo.middleware.request_id:RequestId.factory [filter:osprofiler] paste.filter_factory = osprofiler.web:WsgiMiddleware.factory -hmac_keys = SECRET_KEY -enabled = yes +hmac_keys = {{ heat_profiler_hmac_key }} +enabled = {{ heat_profiler_enabled }} diff --git a/playbooks/roles/os_heat/templates/heat.conf.j2 b/playbooks/roles/os_heat/templates/heat.conf.j2 index d667d72eed..395104afd2 100644 --- a/playbooks/roles/os_heat/templates/heat.conf.j2 +++ b/playbooks/roles/os_heat/templates/heat.conf.j2 @@ -11,14 +11,16 @@ log_file = /var/log/heat/heat.log stack_domain_admin_password = {{ heat_stack_domain_admin_password }} stack_domain_admin = {{ heat_stack_domain_admin }} stack_user_domain_id = {{ hostvars[groups['heat_api'][0]]['stack_user_domain_id'] }} -deferred_auth_method = {{ heat_deferred_auth_method }} - -auth_encryption_key = {{ heat_auth_encryption_key }} - +max_nested_stack_depth = {{ heat_max_nested_stack_depth }} heat_watch_server_url = {{ heat_watch_server_url }} heat_waitcondition_server_url = {{ heat_waitcondition_server_url }} heat_metadata_server_url = {{ heat_metadata_server_url }} +deferred_auth_method = {{ heat_deferred_auth_method }} +trusts_delegated_roles = {{ heat_trusts_delegated_roles | join(',') }} + +auth_encryption_key = {{ heat_auth_encryption_key }} + ## RPC Backend rpc_backend = {{ heat_rpc_backend }} @@ -27,34 +29,10 @@ plugin_dirs = {{ heat_plugin_dirs | join(',') }} [clients] -endpoint_type = {{ heat_client_endpoint }} - -[clients_ceilometer] -endpoint_type = {{ heat_client_endpoint }} - -[clients_cinder] -endpoint_type = {{ heat_client_endpoint }} - -[clients_glance] -endpoint_type = {{ heat_client_endpoint }} +endpoint_type = {{ heat_clients_endpoint }} [clients_heat] -endpoint_type = {{ heat_client_endpoint }} - -[clients_keystone] -endpoint_type = {{ heat_client_endpoint }} - -[clients_neutron] -endpoint_type = {{ heat_client_endpoint }} - -[clients_nova] -endpoint_type = {{ heat_client_endpoint }} - -[clients_swift] -endpoint_type = {{ heat_client_endpoint }} - -[clients_trove] -endpoint_type = {{ heat_client_endpoint }} +endpoint_type = {{ heat_clients_heat_endpoint }} [database] connection = mysql://{{ heat_galera_user }}:{{ heat_container_mysql_password }}@{{ galera_address }}/{{ heat_galera_database }}?charset=utf8 @@ -79,6 +57,11 @@ rabbit_password = {{ rabbitmq_password }} rabbit_hosts = {{ rabbitmq_servers }} +[profiler] +profiler_enabled = {{ heat_profiler_enabled }} +trace_sqlalchemy = {{ heat_profiler_trace_sqlalchemy }} + + [keystone_authtoken] signing_dir = /var/cache/heat identity_uri = {{ keystone_service_adminuri }}