Heat Configuration overrides

This commit moves Heat to use the configuration methods from Nova,
Neutron and Keystone.

To make reviewing easier, volume configuration will be summited in
a seperate PS.

Change-Id: I3714f885cf4a6a9a34ba13fc9ea4a37e5bcef638

heat/templates/configmap-etc.yaml

@@ -12,14 +12,77 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+{{- include "heat.conf.heat_values_skeleton" .Values.conf.heat | trunc 0 -}}
+
+{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.auth_uri -}}
+{{- tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup"| set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "auth_uri" | quote | trunc 0 -}}
+{{- end -}}
+
+# FIXME(alanmeadows) fix for broken keystonemiddleware oslo config gen in newton - will remove in future
+{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.auth_url -}}
+{{- tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup"| set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
+{{- end -}}
+
+{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
+{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.hostname_endpoint_uri_lookup" | set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
+{{- end -}}
+
+{{- if empty .Values.conf.heat.database.oslo.db.connection -}}
+{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup"| set .Values.conf.heat.database.oslo.db "connection" | quote | trunc 0 -}}
+{{- end -}}
+
+{{- if empty .Values.conf.heat.default.oslo.messaging.transport_url -}}
+{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | set .Values.conf.heat.default.oslo.messaging "transport_url" | quote | trunc 0 -}}
+{{- end -}}
+
+{{- if empty .Values.conf.heat.default.heat.common.config.heat_metadata_server_url -}}
+{{- tuple "cloudformation" "public" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" | trimSuffix .Values.endpoints.cloudformation.path | set .Values.conf.heat.default.heat.common.config "heat_metadata_server_url" | quote | trunc 0 -}}
+{{- end -}}
+
+{{- if empty .Values.conf.heat.default.heat.common.config.heat_waitcondition_server_url -}}
+{{- cat (tuple "cloudformation" "public" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup") "waitcondition" | replace " " "/" | set .Values.conf.heat.default.heat.common.config "heat_waitcondition_server_url" | quote | trunc 0 -}}
+{{- end -}}
+
+{{- if empty .Values.conf.heat.default.heat.common.config.heat_watch_server_url -}}
+{{- tuple "cloudwatch" "public" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" | trimSuffix "/" | set .Values.conf.heat.default.heat.common.config "heat_watch_server_url" | quote | trunc 0 -}}
+{{- end -}}
+
+{{- if empty .Values.conf.heat.clients_keystone.heat.common.config.auth_uri -}}
+{{- tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" | trimSuffix .Values.endpoints.identity.path | set .Values.conf.heat.clients_keystone.heat.common.config "auth_uri" | quote | trunc 0 -}}
+{{- end -}}
+
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: heat-etc
 data:
   heat.conf: |+
+{{ if .Values.conf.heat.override -}}
+{{ .Values.conf.heat.override | indent 4 }}
+{{- else -}}
+{{- if .Values.conf.heat.prefix -}}
+{{ .Values.conf.heat.prefix | indent 4 }}
+{{- end }}
 {{ tuple "etc/_heat.conf.tpl" . | include "helm-toolkit.template" | indent 4 }}
+{{- end }}
+{{- if .Values.conf.heat.append -}}
+{{ .Values.conf.heat.append | indent 4 }}
+{{- end }}
   api-paste.ini: |+
-{{ tuple "etc/_heat-api-paste.ini.tpl" . | include "helm-toolkit.template" | indent 4 }}
+{{ if .Values.conf.paste.override -}}
+{{ .Values.conf.paste.override | indent 4 }}
+{{- else -}}
+{{- if .Values.conf.paste.prefix -}}
+{{ .Values.conf.paste.prefix | indent 4 }}
+{{- end }}
+{{ tuple "etc/_api-paste.ini.tpl" . | include "helm-toolkit.template" | indent 4 }}
+{{- end }}
+{{- if .Values.conf.paste.append -}}
+{{ .Values.conf.paste.append | indent 4 }}
+{{- end }}
   policy.json: |+
-{{ tuple "etc/_heat-policy.json.tpl" . | include "helm-toolkit.template" | indent 4 }}
+{{ if .Values.conf.policy.override -}}
+{{ .Values.conf.policy.override | indent 4 }}
+{{- else -}}
+{{ tuple "etc/_policy.json.tpl" . | include "helm-toolkit.template" | indent 4 }}
+{{- end }}

heat/templates/deployment-api.yaml

@@ -49,10 +49,10 @@ spec:
             - --config-dir
             - /etc/heat/conf
           ports:
-            - containerPort: {{ .Values.network.api.port }}
+            - containerPort: {{ .Values.conf.heat.heat_api.heat.common.wsgi.bind_port }}
           readinessProbe:
             tcpSocket:
-              port: {{ .Values.network.api.port }}
+              port: {{ .Values.conf.heat.heat_api.heat.common.wsgi.bind_port }}
           volumeMounts:
             - name: pod-etc-heat
               mountPath: /etc/heat

heat/templates/deployment-cfn.yaml

@@ -49,10 +49,10 @@ spec:
             - --config-dir
             - /etc/heat/conf
           ports:
-            - containerPort: {{ .Values.network.cfn.port }}
+            - containerPort: {{ .Values.conf.heat.heat_api_cfn.heat.common.wsgi.bind_port }}
           readinessProbe:
             tcpSocket:
-              port: {{ .Values.network.cfn.port }}
+              port: {{ .Values.conf.heat.heat_api_cfn.heat.common.wsgi.bind_port }}
           volumeMounts:
             - name: pod-etc-heat
               mountPath: /etc/heat

heat/templates/deployment-cloudwatch.yaml

@@ -49,10 +49,10 @@ spec:
             - --config-dir
             - /etc/heat/conf
           ports:
-            - containerPort: {{ .Values.network.cloudwatch.port }}
+            - containerPort: {{ .Values.conf.heat.heat_api_cloudwatch.heat.common.wsgi.bind_port }}
           readinessProbe:
             tcpSocket:
-              port: {{ .Values.network.cloudwatch.port }}
+              port: {{ .Values.conf.heat.heat_api_cloudwatch.heat.common.wsgi.bind_port }}
           volumeMounts:
             - name: pod-etc-heat
               mountPath: /etc/heat

heat/templates/etc/_api-paste.ini.tpl

@@ -1,16 +1,3 @@
-# Copyright 2017 The Openstack-Helm Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
 
 # heat-api pipeline
 [pipeline:heat-api]
@@ -37,12 +24,12 @@ pipeline = cors request_id faultwrap versionnegotiation context custombackendaut
 
 # heat-api-cfn pipeline
 [pipeline:heat-api-cfn]
-pipeline = cors cfnversionnegotiation osprofiler ec2authtoken authtoken context apicfnv1app
+pipeline = cors http_proxy_to_wsgi cfnversionnegotiation osprofiler ec2authtoken authtoken context apicfnv1app
 
 # heat-api-cfn pipeline for standalone heat
 # relies exclusively on authenticating with ec2 signed requests
 [pipeline:heat-api-cfn-standalone]
-pipeline = cors cfnversionnegotiation ec2authtoken context apicfnv1app
+pipeline = cors http_proxy_to_wsgi cfnversionnegotiation ec2authtoken context apicfnv1app
 
 # heat-api-cloudwatch pipeline
 [pipeline:heat-api-cloudwatch]

heat/templates/secret-keystone-stack-user.env.yaml

@@ -23,8 +23,8 @@ data:
   OS_REGION_NAME: |
 {{ .Values.keystone.heat_stack_region_name  | b64enc | indent 4 }}
   OS_DOMAIN_NAME: |
-{{ .Values.keystone.heat_stack_domain  | b64enc | indent 4 }}
+{{ .Values.conf.heat.default.heat.common.config.stack_user_domain_name | b64enc | indent 4 }}
   OS_USERNAME: |
-{{ .Values.keystone.heat_stack_user  | b64enc | indent 4 }}
+{{ .Values.conf.heat.default.heat.common.config.stack_domain_admin | b64enc | indent 4 }}
   OS_PASSWORD: |
-{{ .Values.keystone.heat_stack_password  | b64enc | indent 4 }}
+{{ .Values.conf.heat.default.heat.common.config.stack_domain_admin_password | b64enc | indent 4 }}

heat/templates/secret-keystone-trustee.env.yaml

@@ -23,12 +23,12 @@ data:
   OS_REGION_NAME: |
 {{ .Values.keystone.heat_trustee_region_name  | b64enc | indent 4 }}
   OS_PROJECT_DOMAIN_NAME: |
-{{ .Values.keystone.heat_trustee_project_domain  | b64enc | indent 4 }}
+{{ .Values.conf.heat.trustee.heat.common.context.project_domain_name | b64enc | indent 4 }}
   OS_PROJECT_NAME: |
-{{ .Values.keystone.heat_trustee_project_name  | b64enc | indent 4 }}
+{{ .Values.conf.heat.trustee.heat.common.context.project_name | b64enc | indent 4 }}
   OS_USER_DOMAIN_NAME: |
-{{ .Values.keystone.heat_trustee_user_domain  | b64enc | indent 4 }}
+{{ .Values.conf.heat.trustee.heat.common.context.user_domain_name | b64enc | indent 4 }}
   OS_USERNAME: |
-{{ .Values.keystone.heat_trustee_user  | b64enc | indent 4 }}
+{{ .Values.conf.heat.trustee.heat.common.context.username | b64enc | indent 4 }}
   OS_PASSWORD: |
-{{ .Values.keystone.heat_trustee_password  | b64enc | indent 4 }}
+{{ .Values.conf.heat.trustee.heat.common.context.password | b64enc | indent 4 }}

heat/templates/secret-keystone-user.env.yaml

@@ -21,14 +21,14 @@ data:
   OS_AUTH_URL: |
 {{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
   OS_REGION_NAME: |
-{{ .Values.keystone.heat_region_name  | b64enc | indent 4 }}
+{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.region_name | b64enc | indent 4 }}
   OS_PROJECT_DOMAIN_NAME: |
-{{ .Values.keystone.heat_project_domain  | b64enc | indent 4 }}
+{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name | b64enc | indent 4 }}
   OS_PROJECT_NAME: |
-{{ .Values.keystone.heat_project_name  | b64enc | indent 4 }}
+{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.project_name | b64enc | indent 4 }}
   OS_USER_DOMAIN_NAME: |
-{{ .Values.keystone.heat_user_domain  | b64enc | indent 4 }}
+{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name | b64enc | indent 4 }}
   OS_USERNAME: |
-{{ .Values.keystone.heat_user  | b64enc | indent 4 }}
+{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.username | b64enc | indent 4 }}
   OS_PASSWORD: |
-{{ .Values.keystone.heat_password  | b64enc | indent 4 }}
+{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.password | b64enc | indent 4 }}

heat/templates/service-api.yaml

@@ -18,7 +18,7 @@ metadata:
   name: heat-api
 spec:
   ports:
-    - port: {{ .Values.network.api.port }}
+    - port: {{ .Values.conf.heat.heat_api.heat.common.wsgi.bind_port }}
     {{ if .Values.network.api.node_port.enabled }}
       nodePort: {{ .Values.network.api.node_port.port }}
     {{ end }}
@@ -27,4 +27,3 @@ spec:
   {{ if .Values.network.api.node_port.enabled }}
   type: NodePort
   {{ end }}
-  

heat/templates/service-cfn.yaml

@@ -18,7 +18,7 @@ metadata:
   name: heat-cfn
 spec:
   ports:
-    - port: {{ .Values.network.cfn.port }}
+    - port: {{ .Values.conf.heat.heat_api_cfn.heat.common.wsgi.bind_port }}
     {{ if .Values.network.cfn.node_port.enabled }}
       nodePort: {{ .Values.network.cfn.node_port.port }}
     {{ end }}
@@ -27,4 +27,3 @@ spec:
   {{ if .Values.network.cfn.node_port.enabled }}
   type: NodePort
   {{ end }}
-  

heat/templates/service-cloudwatch.yaml

@@ -18,7 +18,7 @@ metadata:
   name: heat-cloudwatch
 spec:
   ports:
-    - port: {{ .Values.network.cloudwatch.port }}
+    - port: {{ .Values.conf.heat.heat_api_cloudwatch.heat.common.wsgi.bind_port }}
     {{ if .Values.network.cloudwatch.node_port.enabled }}
       nodePort: {{ .Values.network.cloudwatch.node_port.port }}
     {{ end }}
@@ -27,4 +27,3 @@ spec:
   {{ if .Values.network.cloudwatch.node_port.enabled }}
   type: NodePort
   {{ end }}
-  

heat/values.yaml

@@ -55,66 +55,107 @@ keystone:
   admin_project_domain: "default"
   admin_region_name: "RegionOne"
 
-  heat_user: "heat"
-  heat_user_domain: "default"
   heat_user_role: "admin"
-  heat_password: "password"
-  heat_project_name: "service"
-  heat_project_domain: "default"
-  heat_region_name: "RegionOne"
 
-  heat_trustee_user: "heat-trust"
-  heat_trustee_user_domain: "default"
   heat_trustee_role: "admin"
-  heat_trustee_password: "password"
-  heat_trustee_project_name: "service"
-  heat_trustee_project_domain: "default"
   heat_trustee_region_name: "RegionOne"
 
-  heat_stack_user: "heat-domain"
-  heat_stack_domain: "heat"
   heat_stack_user_role: "admin"
-  heat_stack_password: "password"
   heat_stack_region_name: "RegionOne"
 
+
+conf:
+  paste:
+    override:
+    append:
+  policy:
+    override:
+    append:
+  heat:
+    override:
+    append:
+    default:
+      heat:
+        common:
+          config:
+            stack_user_domain_name: heat
+            stack_domain_admin: heat-domain
+            stack_domain_admin_password: password
+            num_engine_workers: 4
+            trusts_delegated_roles: Member
+    keystone_authtoken:
+      keystonemiddleware:
+        auth_token:
+          auth_type: password
+          auth_version: v3
+          region_name: RegionOne
+          project_domain_name: default
+          project_name: service
+          user_domain_name: default
+          username: heat
+          password: password
+    trustee:
+      heat:
+        common:
+          context:
+            password: password
+            user_domain_name: default
+            username: heat-trust
+            project_domain_name: default
+            project_name: service
+    heat_api:
+      heat:
+        common:
+          wsgi:
+            bind_port: 8004
+            workers: 4
+    heat_api_cloudwatch:
+      heat:
+        common:
+          wsgi:
+            bind_port: 8003
+            workers: 4
+    heat_api_cfn:
+      heat:
+        common:
+          wsgi:
+            bind_port: 8000
+            workers: 4
+    paste_deploy:
+      heat.common:
+        config:
+          api_paste_config: /etc/heat/api-paste.ini
+    clients:
+      heat:
+        common:
+          config:
+            endpoint_type: internalURL
+    clients_keystone:
+      heat:
+        common:
+          config:
+            endpoint_type: internalURL
+
 network:
   api:
     name: "heat-api"
-    port: 8004
     proto: "http"
     node_port:
       enabled: false
       port: 30004
   cfn:
     name: "heat-cfn"
-    port: 8000
     proto: "http"
     node_port:
       enabled: false
       port: 30800
   cloudwatch:
     name: "heat-cloudwatch"
-    port: 8003
     proto: "http"
     node_port:
       enabled: false
       port: 30003
 
-messaging:
-  hosts: rabbitmq
-  user: rabbitmq
-  password: password
-
-memcached:
-  host: memcached
-  port: 11211
-
-misc:
-  debug: true
-
-secrets:
-  keystone_admin:
-
 dependencies:
   db_init:
     jobs:
@@ -223,6 +264,25 @@ endpoints:
     scheme: mysql+pymysql
     port:
       mysql: 3306
+  oslo_cache:
+    hosts:
+      default: memcache
+    port:
+      memcache: 11211
+  oslo_messaging:
+    auth:
+      admin:
+        username: admin
+        password: password
+      user:
+        username: rabbitmq
+        password: password
+    hosts:
+      default: rabbitmq
+    path: /
+    scheme: rabbit
+    port:
+      amqp: 5672
 
 resources:
   enabled: false
@@ -289,11 +349,3 @@ resources:
     limits:
       memory: "1024Mi"
       cpu: "2000m"
-  api:
-    workers: 8
-  cfn:
-    workers: 8
-  cloudwatch:
-    workers: 8
-  engine:
-    workers: 8