diff --git a/ci/environments/scenario001-standalone.yaml b/ci/environments/scenario001-standalone.yaml index 11f6b8b7fb..e9eea1e711 100644 --- a/ci/environments/scenario001-standalone.yaml +++ b/ci/environments/scenario001-standalone.yaml @@ -15,10 +15,10 @@ resource_registry: OS::TripleO::Services::GnocchiApi: ../../docker/services/gnocchi-api.yaml OS::TripleO::Services::GnocchiMetricd: ../../docker/services/gnocchi-metricd.yaml OS::TripleO::Services::GnocchiStatsd: ../../docker/services/gnocchi-statsd.yaml - OS::TripleO::Services::HeatApi: ../../docker/services/heat-api.yaml - OS::TripleO::Services::HeatApiCfn: ../../docker/services/heat-api-cfn.yaml - OS::TripleO::Services::HeatApiCloudwatch: ../../puppet/services/disabled/heat-api-cloudwatch-disabled.yaml - OS::TripleO::Services::HeatEngine: ../../docker/services/heat-engine.yaml + OS::TripleO::Services::HeatApi: ../../deployment/heat/heat-api-container-puppet.yaml + OS::TripleO::Services::HeatApiCfn: ../../deployment/heat/heat-api-cfn-container-puppet.yaml + OS::TripleO::Services::HeatApiCloudwatch: ../../deployment/heat/heat-api-cloudwatch-disabled-puppet.yaml + OS::TripleO::Services::HeatEngine: ../../deployment/heat/heat-engine-container-puppet.yaml OS::TripleO::Services::MetricsQdr: ../../docker/services/metrics/qdr.yaml OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml diff --git a/ci/environments/scenario002-standalone.yaml b/ci/environments/scenario002-standalone.yaml index 567244b508..a16841e66b 100644 --- a/ci/environments/scenario002-standalone.yaml +++ b/ci/environments/scenario002-standalone.yaml @@ -9,10 +9,10 @@ resource_registry: OS::TripleO::Services::GnocchiApi: ../../docker/services/gnocchi-api.yaml OS::TripleO::Services::GnocchiMetricd: ../../docker/services/gnocchi-metricd.yaml OS::TripleO::Services::GnocchiStatsd: ../../docker/services/gnocchi-statsd.yaml - OS::TripleO::Services::HeatApi: ../../docker/services/heat-api.yaml - OS::TripleO::Services::HeatApiCfn: ../../docker/services/heat-api-cfn.yaml - OS::TripleO::Services::HeatApiCloudwatch: ../../puppet/services/disabled/heat-api-cloudwatch-disabled.yaml - OS::TripleO::Services::HeatEngine: ../../docker/services/heat-engine.yaml + OS::TripleO::Services::HeatApi: ../../deployment/heat/heat-api-container-puppet.yaml + OS::TripleO::Services::HeatApiCfn: ../../deployment/heat/heat-api-cfn-container-puppet.yaml + OS::TripleO::Services::HeatApiCloudwatch: ../../deployment/heat/heat-api-cloudwatch-disabled-puppet.yaml + OS::TripleO::Services::HeatEngine: ../../deployment/heat/heat-engine-container-puppet.yaml OS::TripleO::Services::BarbicanApi: ../../docker/services/barbican-api.yaml OS::TripleO::Services::Zaqar: ../../deployment/zaqar/zaqar-container-puppet.yaml OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml diff --git a/docker/services/heat-api-cfn.yaml b/deployment/heat/heat-api-cfn-container-puppet.yaml similarity index 59% rename from docker/services/heat-api-cfn.yaml rename to deployment/heat/heat-api-cfn-container-puppet.yaml index 9505cf0868..347b19993a 100644 --- a/docker/services/heat-api-cfn.yaml +++ b/deployment/heat/heat-api-cfn-container-puppet.yaml @@ -45,18 +45,45 @@ parameters: EnableInternalTLS: type: boolean default: false + HeatWorkers: + default: 0 + description: Number of workers for Heat service. + type: number + HeatPassword: + description: The password for the Heat service and db account, used by the Heat services. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + MonitoringSubscriptionHeatApiCnf: + default: 'overcloud-heat-api-cfn' + type: string conditions: internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]} resources: ContainersCommon: - type: ./containers-common.yaml + type: ../../docker/services/containers-common.yaml + + ApacheServiceBase: + type: ../../puppet/services/apache.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + EnableInternalTLS: {get_param: EnableInternalTLS} HeatBase: - type: ../../puppet/services/heat-api-cfn.yaml + type: ./heat-base-puppet.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} @@ -72,26 +99,69 @@ outputs: role_data: description: Role data for the Heat API CFN role. value: - service_name: {get_attr: [HeatBase, role_data, service_name]} + service_name: heat_api_cfn + monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCnf} config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] - get_attr: [HeatApiCfnLogging, config_settings] - apache::default_vhost: false + tripleo::heat_api_cfn::firewall_rules: + '125 heat_cfn': + dport: + - 8000 + - 13800 + heat::api_cfn::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]} + heat::wsgi::apache_api_cfn::ssl: {get_param: EnableInternalTLS} + heat::api_cfn::service_name: 'httpd' + # NOTE: bind IP is found in hiera replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + heat::wsgi::apache_api_cfn::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]} + heat::wsgi::apache_api_cfn::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]} + - + if: + - heat_workers_zero + - {} + - heat::wsgi::apache_api_cfn::workers: {get_param: HeatWorkers} service_config_settings: - map_merge: - - get_attr: [HeatBase, role_data, service_config_settings] - - fluentd: - tripleo_fluentd_groups_heat_api_cfn: - - heat - tripleo_fluentd_sources_heat_api_cfn: - - {get_param: HeatApiCfnLoggingSource} + fluentd: + tripleo_fluentd_groups_heat_api_cfn: + - heat + tripleo_fluentd_sources_heat_api_cfn: + - {get_param: HeatApiCfnLoggingSource} + keystone: + map_merge: + - get_attr: [HeatBase, role_data, service_config_settings, keystone] + - heat::keystone::auth_cfn::tenant: 'service' + heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]} + heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]} + heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} + heat::keystone::auth_cfn::password: {get_param: HeatPassword} + heat::keystone::auth_cfn::region: {get_param: KeystoneRegion} # BEGIN DOCKER SETTINGS puppet_config: config_volume: heat_api_cfn puppet_tags: heat_config,file,concat,file_line - step_config: - get_attr: [HeatBase, role_data, step_config] + step_config: | + include ::tripleo::profile::base::heat::api_cfn config_image: {get_param: DockerHeatApiCfnConfigImage} kolla_config: /var/lib/kolla/config_files/heat_api_cfn.json: @@ -141,7 +211,7 @@ outputs: host_prep_tasks: {get_attr: [HeatApiCfnLogging, host_prep_tasks]} upgrade_tasks: [] metadata_settings: - get_attr: [HeatBase, role_data, metadata_settings] + get_attr: [ApacheServiceBase, role_data, metadata_settings] post_upgrade_tasks: - when: step|int == 1 import_role: diff --git a/puppet/services/disabled/heat-api-cloudwatch-disabled.yaml b/deployment/heat/heat-api-cloudwatch-disabled-puppet.yaml similarity index 100% rename from puppet/services/disabled/heat-api-cloudwatch-disabled.yaml rename to deployment/heat/heat-api-cloudwatch-disabled-puppet.yaml diff --git a/docker/services/heat-api.yaml b/deployment/heat/heat-api-container-puppet.yaml similarity index 64% rename from docker/services/heat-api.yaml rename to deployment/heat/heat-api-container-puppet.yaml index dea696c123..249ee349fd 100644 --- a/docker/services/heat-api.yaml +++ b/deployment/heat/heat-api-container-puppet.yaml @@ -53,18 +53,51 @@ parameters: default: [] description: list of optional environment variables type: comma_delimited_list + HeatWorkers: + default: 0 + description: Number of workers for Heat service. + type: number + HeatPassword: + description: The password for the Heat service and db account, used by the Heat services. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + MonitoringSubscriptionHeatApi: + default: 'overcloud-heat-api' + type: string + HeatApiPolicies: + description: | + A hash of policies to configure for Heat API. + e.g. { heat-context_is_admin: { key: context_is_admin, value: 'role:admin' } } + default: {} + type: json conditions: internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]} resources: ContainersCommon: - type: ./containers-common.yaml + type: ../../docker/services/containers-common.yaml + + ApacheServiceBase: + type: ../../puppet/services/apache.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + EnableInternalTLS: {get_param: EnableInternalTLS} HeatBase: - type: ../../puppet/services/heat-api.yaml + type: ./heat-base-puppet.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} @@ -80,26 +113,71 @@ outputs: role_data: description: Role data for the Heat API role. value: - service_name: {get_attr: [HeatBase, role_data, service_name]} + service_name: heat_api + monitoring_subscription: {get_param: MonitoringSubscriptionHeatApi} config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] - get_attr: [HeatApiLogging, config_settings] + - get_attr: [ApacheServiceBase, role_data, config_settings] - apache::default_vhost: false + tripleo::heat_api::firewall_rules: + '125 heat_api': + dport: + - 8004 + - 13004 + heat::api::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]} + heat::wsgi::apache_api::ssl: {get_param: EnableInternalTLS} + heat::policy::policies: {get_param: HeatApiPolicies} + heat::api::service_name: 'httpd' + # NOTE: bind IP is found in hiera replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + heat::wsgi::apache_api::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]} + heat::wsgi::apache_api::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]} + - + if: + - heat_workers_zero + - {} + - heat::wsgi::apache_api::workers: {get_param: HeatWorkers} service_config_settings: - map_merge: - - get_attr: [HeatBase, role_data, service_config_settings] - - fluentd: - tripleo_fluentd_groups_heat_api: - - heat - tripleo_fluentd_sources_heat_api: - - {get_param: HeatApiLoggingSource} + fluentd: + tripleo_fluentd_groups_heat_api: + - heat + tripleo_fluentd_sources_heat_api: + - {get_param: HeatApiLoggingSource} + keystone: + map_merge: + - get_attr: [HeatBase, role_data, service_config_settings, keystone] + - heat::keystone::auth::tenant: 'service' + heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]} + heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]} + heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} + heat::keystone::auth::password: {get_param: HeatPassword} + heat::keystone::auth::region: {get_param: KeystoneRegion} # BEGIN DOCKER SETTINGS puppet_config: config_volume: heat_api puppet_tags: heat_config,file,concat,file_line - step_config: - get_attr: [HeatBase, role_data, step_config] + step_config: | + include ::tripleo::profile::base::heat::api config_image: {get_param: DockerHeatApiConfigImage} kolla_config: /var/lib/kolla/config_files/heat_api.json: @@ -179,7 +257,7 @@ outputs: host_prep_tasks: {get_attr: [HeatApiLogging, host_prep_tasks]} upgrade_tasks: [] metadata_settings: - get_attr: [HeatBase, role_data, metadata_settings] + get_attr: [ApacheServiceBase, role_data, metadata_settings] post_upgrade_tasks: - when: step|int == 1 import_role: diff --git a/puppet/services/heat-base.yaml b/deployment/heat/heat-base-puppet.yaml similarity index 100% rename from puppet/services/heat-base.yaml rename to deployment/heat/heat-base-puppet.yaml diff --git a/docker/services/heat-engine.yaml b/deployment/heat/heat-engine-container-puppet.yaml similarity index 55% rename from docker/services/heat-engine.yaml rename to deployment/heat/heat-engine-container-puppet.yaml index 33b9baed7b..3427bb8a32 100644 --- a/docker/services/heat-engine.yaml +++ b/deployment/heat/heat-engine-container-puppet.yaml @@ -49,17 +49,68 @@ parameters: default: [] description: list of optional environment variables type: comma_delimited_list + HeatEnableDBPurge: + type: boolean + default: true + description: | + Whether to create cron job for purging soft deleted rows in the Heat database. + HeatWorkers: + default: 0 + description: Number of workers for Heat service. + type: number + HeatMaxNestedStackDepth: + default: 6 + description: Maximum number of nested stack depth. + type: number + HeatReauthenticationAuthMethod: + description: Allow reauthentication on token expiry, such that long-running tasks + may complete. Note this defeats the expiry of any provided user tokens. + type: string + default: '' + constraints: + - allowed_values: [ '', 'trusts' ] + HeatPassword: + description: The password for the Heat service and db account, used by the Heat services. + type: string + hidden: true + HeatStackDomainAdminPassword: + description: Password for heat_stack_domain_admin user. + type: string + hidden: true + HeatAuthEncryptionKey: + description: Auth encryption key for heat-engine + type: string + hidden: true + default: '' + MonitoringSubscriptionHeatEngine: + default: 'overcloud-heat-engine' + type: string + HeatConvergenceEngine: + type: boolean + default: true + description: Enables the heat engine with the convergence architecture. + HeatMaxResourcesPerStack: + type: number + default: 1000 + description: Maximum resources allowed per top-level stack. -1 stands for unlimited. + HeatEnginePluginDirs: + type: comma_delimited_list + default: [] + description: An array of directories to search for plug-ins. + +conditions: + heat_workers_unset: {equals : [{get_param: HeatWorkers}, 0]} resources: ContainersCommon: - type: ./containers-common.yaml + type: ../../docker/services/containers-common.yaml MySQLClient: type: ../../puppet/services/database/mysql-client.yaml HeatBase: - type: ../../puppet/services/heat-engine.yaml + type: ./heat-base-puppet.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} @@ -75,19 +126,78 @@ outputs: role_data: description: Role data for the Heat Engine role. value: - service_name: {get_attr: [HeatBase, role_data, service_name]} + service_name: heat_engine + monitoring_subscription: {get_param: MonitoringSubscriptionHeatEngine} config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] - apache::default_vhost: false + heat::engine::configure_delegated_roles: false + heat::engine::trusts_delegated_roles: [] + heat::engine::max_nested_stack_depth: {get_param: HeatMaxNestedStackDepth} + heat::engine::max_resources_per_stack: {get_param: HeatMaxResourcesPerStack} + heat::engine::reauthentication_auth_method: {get_param: HeatReauthenticationAuthMethod} + heat::engine::heat_metadata_server_url: + make_url: + scheme: {get_param: [EndpointMap, HeatCfnPublic, protocol]} + host: {get_param: [EndpointMap, HeatCfnPublic, host]} + port: {get_param: [EndpointMap, HeatCfnPublic, port]} + heat::engine::heat_waitcondition_server_url: + make_url: + scheme: {get_param: [EndpointMap, HeatCfnPublic, protocol]} + host: {get_param: [EndpointMap, HeatCfnPublic, host]} + port: {get_param: [EndpointMap, HeatCfnPublic, port]} + path: /v1/waitcondition + heat::engine::convergence_engine: {get_param: HeatConvergenceEngine} + tripleo::profile::base::heat::manage_db_purge: {get_param: HeatEnableDBPurge} + heat::database_connection: + make_url: + scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} + username: heat + password: {get_param: HeatPassword} + host: {get_param: [EndpointMap, MysqlInternal, host]} + path: /heat + query: + read_default_file: /etc/my.cnf.d/tripleo.cnf + read_default_group: tripleo + heat::keystone_ec2_uri: + list_join: + - '' + - - {get_param: [EndpointMap, KeystoneV3Internal, uri]} + - '/ec2tokens' + heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} + heat::engine::auth_encryption_key: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: HeatAuthEncryptionKey} + - {get_param: [DefaultPasswords, heat_auth_encryption_key]} + heat::engine::plugin_dirs: {get_param: HeatEnginePluginDirs} + - + if: + - heat_workers_unset + - {} + - heat::engine::num_engine_workers: {get_param: HeatWorkers} service_config_settings: - map_merge: - - get_attr: [HeatBase, role_data, service_config_settings] - - fluentd: - tripleo_fluentd_groups_heat_engine: - - heat - tripleo_fluentd_sources_heat_engine: - - {get_param: HeatEngineLoggingSource} + + fluentd: + tripleo_fluentd_groups_heat_engine: + - heat + tripleo_fluentd_sources_heat_engine: + - {get_param: HeatEngineLoggingSource} + mysql: + heat::db::mysql::password: {get_param: HeatPassword} + heat::db::mysql::user: heat + heat::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + heat::db::mysql::dbname: heat + heat::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + keystone: + map_merge: + - get_attr: [HeatBase, role_data, service_config_settings, keystone] + - tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword} # BEGIN DOCKER SETTINGS puppet_config: config_volume: heat @@ -95,7 +205,7 @@ outputs: step_config: list_join: - "\n" - - - {get_attr: [HeatBase, role_data, step_config]} + - - include ::tripleo::profile::base::heat::engine - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_param: DockerHeatConfigImage} kolla_config: diff --git a/environments/baremetal-services.yaml b/environments/baremetal-services.yaml index d6c5ca30c2..a59519f7e6 100644 --- a/environments/baremetal-services.yaml +++ b/environments/baremetal-services.yaml @@ -21,9 +21,9 @@ resource_registry: OS::TripleO::Services::GnocchiMetricd: ../puppet/services/gnocchi-metricd.yaml OS::TripleO::Services::GnocchiStatsd: ../puppet/services/gnocchi-statsd.yaml OS::TripleO::Services::HAproxy: ../puppet/services/haproxy.yaml - OS::TripleO::Services::HeatApi: ../puppet/services/heat-api.yaml - OS::TripleO::Services::HeatApiCfn: ../puppet/services/heat-api-cfn.yaml - OS::TripleO::Services::HeatEngine: ../puppet/services/heat-engine.yaml + OS::TripleO::Services::HeatApi: ../deployment/heat/heat-api-container-puppet.yaml + OS::TripleO::Services::HeatApiCfn: ../deployment/heat/heat-api-cfn-container-puppet.yaml + OS::TripleO::Services::HeatEngine: ../deployment/heat/heat-engine-container-puppet.yaml OS::TripleO::Services::Horizon: ../puppet/services/horizon.yaml OS::TripleO::Services::Iscsid: ../puppet/services/iscsid.yaml OS::TripleO::Services::Keystone: ../deployment/keystone/keystone-container-puppet.yaml diff --git a/environments/docker-uc-light.yaml b/environments/docker-uc-light.yaml index 094427f71a..a4a8247f1a 100644 --- a/environments/docker-uc-light.yaml +++ b/environments/docker-uc-light.yaml @@ -7,9 +7,9 @@ resource_registry: OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml OS::TripleO::Services::ContainersLogrotateCrond: ../docker/services/logrotate-crond.yaml - OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml - OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml - OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml + OS::TripleO::Services::HeatApi: ../deployment/heat/heat-api-container-puppet.yaml + OS::TripleO::Services::HeatApiCfn: ../deployment/heat/heat-api-cfn-container-puppet.yaml + OS::TripleO::Services::HeatEngine: ../deployment/heat/heat-engine-container-puppet.yaml OS::TripleO::Services::Keystone: ../deployment/keystone/keystone-container.yaml OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml OS::TripleO::Services::MistralApi: ../docker/services/mistral-api.yaml diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index a34b21a447..f0ce520bbc 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -124,10 +124,10 @@ resource_registry: OS::TripleO::Services::Keystone: deployment/keystone/keystone-container-puppet.yaml OS::TripleO::Services::GlanceApi: deployment/glance/glance-api-container-puppet.yaml OS::TripleO::Services::GlanceRegistry: deployment/glance/glance-registry-disabled-puppet.yaml - OS::TripleO::Services::HeatApi: docker/services/heat-api.yaml - OS::TripleO::Services::HeatApiCfn: docker/services/heat-api-cfn.yaml - OS::TripleO::Services::HeatApiCloudwatch: puppet/services/disabled/heat-api-cloudwatch-disabled.yaml - OS::TripleO::Services::HeatEngine: docker/services/heat-engine.yaml + OS::TripleO::Services::HeatApi: deployment/heat/heat-api-container-puppet.yaml + OS::TripleO::Services::HeatApiCfn: deployment/heat/heat-api-cfn-container-puppet.yaml + OS::TripleO::Services::HeatApiCloudwatch: deployment/heat/heat-api-cloudwatch-disabled-puppet.yaml + OS::TripleO::Services::HeatEngine: deployment/heat/heat-engine-container-puppet.yaml OS::TripleO::Services::Kernel: puppet/services/kernel.yaml OS::TripleO::Services::Kubernetes::Master: extraconfig/services/kubernetes-master.yaml OS::TripleO::Services::Kubernetes::Worker: extraconfig/services/kubernetes-worker.yaml diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml deleted file mode 100644 index 750446cfbb..0000000000 --- a/puppet/services/heat-api-cfn.yaml +++ /dev/null @@ -1,147 +0,0 @@ -heat_template_version: rocky - -description: > - Openstack Heat CloudFormation API service configured with Puppet - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - HeatWorkers: - default: 0 - description: Number of workers for Heat service. - type: number - HeatPassword: - description: The password for the Heat service and db account, used by the Heat services. - type: string - hidden: true - KeystoneRegion: - type: string - default: 'regionOne' - description: Keystone region for endpoint - MonitoringSubscriptionHeatApiCnf: - default: 'overcloud-heat-api-cfn' - type: string - HeatApiCfnLoggingSource: - type: json - default: - tag: openstack.heat.api.cfn - path: /var/log/heat/heat_api_cfn.log - EnableInternalTLS: - type: boolean - default: false - -conditions: - heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]} - -resources: - - ApacheServiceBase: - type: ./apache.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - EnableInternalTLS: {get_param: EnableInternalTLS} - - HeatBase: - type: ./heat-base.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - -outputs: - role_data: - description: Role data for the Heat CloudFormation API role. - value: - service_name: heat_api_cfn - monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCnf} - config_settings: - map_merge: - - get_attr: [HeatBase, role_data, config_settings] - - get_attr: [ApacheServiceBase, role_data, config_settings] - - tripleo::heat_api_cfn::firewall_rules: - '125 heat_cfn': - dport: - - 8000 - - 13800 - heat::api_cfn::bind_host: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]} - heat::wsgi::apache_api_cfn::ssl: {get_param: EnableInternalTLS} - heat::api_cfn::service_name: 'httpd' - # NOTE: bind IP is found in hiera replacing the network name with the local node IP - # for the given network; replacement examples (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - heat::wsgi::apache_api_cfn::bind_host: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]} - heat::wsgi::apache_api_cfn::servername: - str_replace: - template: - "%{hiera('fqdn_$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]} - - - if: - - heat_workers_zero - - {} - - heat::wsgi::apache_api_cfn::workers: {get_param: HeatWorkers} - step_config: | - include ::tripleo::profile::base::heat::api_cfn - service_config_settings: - fluentd: - tripleo_fluentd_groups_heat_api_cfn: - - heat - tripleo_fluentd_sources_heat_api_cfn: - - {get_param: HeatApiCfnLoggingSource} - keystone: - map_merge: - - get_attr: [HeatBase, role_data, service_config_settings, keystone] - - heat::keystone::auth_cfn::tenant: 'service' - heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]} - heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]} - heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} - heat::keystone::auth_cfn::password: {get_param: HeatPassword} - heat::keystone::auth_cfn::region: {get_param: KeystoneRegion} - metadata_settings: - get_attr: [ApacheServiceBase, role_data, metadata_settings] - upgrade_tasks: [] diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml deleted file mode 100644 index b97e2e5077..0000000000 --- a/puppet/services/heat-api.yaml +++ /dev/null @@ -1,154 +0,0 @@ -heat_template_version: rocky - -description: > - Openstack Heat API service configured with Puppet - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - HeatWorkers: - default: 0 - description: Number of workers for Heat service. - type: number - HeatPassword: - description: The password for the Heat service and db account, used by the Heat services. - type: string - hidden: true - KeystoneRegion: - type: string - default: 'regionOne' - description: Keystone region for endpoint - MonitoringSubscriptionHeatApi: - default: 'overcloud-heat-api' - type: string - HeatApiLoggingSource: - type: json - default: - tag: openstack.heat.api - path: /var/log/heat/heat_api.log - EnableInternalTLS: - type: boolean - default: false - HeatApiPolicies: - description: | - A hash of policies to configure for Heat API. - e.g. { heat-context_is_admin: { key: context_is_admin, value: 'role:admin' } } - default: {} - type: json - -conditions: - heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]} - -resources: - - ApacheServiceBase: - type: ./apache.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - EnableInternalTLS: {get_param: EnableInternalTLS} - - HeatBase: - type: ./heat-base.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - -outputs: - role_data: - description: Role data for the Heat API role. - value: - service_name: heat_api - monitoring_subscription: {get_param: MonitoringSubscriptionHeatApi} - config_settings: - map_merge: - - get_attr: [HeatBase, role_data, config_settings] - - get_attr: [ApacheServiceBase, role_data, config_settings] - - tripleo::heat_api::firewall_rules: - '125 heat_api': - dport: - - 8004 - - 13004 - heat::api::bind_host: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]} - heat::wsgi::apache_api::ssl: {get_param: EnableInternalTLS} - heat::policy::policies: {get_param: HeatApiPolicies} - heat::api::service_name: 'httpd' - # NOTE: bind IP is found in hiera replacing the network name with the local node IP - # for the given network; replacement examples (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - heat::wsgi::apache_api::bind_host: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]} - heat::wsgi::apache_api::servername: - str_replace: - template: - "%{hiera('fqdn_$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]} - - - if: - - heat_workers_zero - - {} - - heat::wsgi::apache_api::workers: {get_param: HeatWorkers} - step_config: | - include ::tripleo::profile::base::heat::api - service_config_settings: - fluentd: - tripleo_fluentd_groups_heat_api: - - heat - tripleo_fluentd_sources_heat_api: - - {get_param: HeatApiLoggingSource} - keystone: - map_merge: - - get_attr: [HeatBase, role_data, service_config_settings, keystone] - - heat::keystone::auth::tenant: 'service' - heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]} - heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]} - heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} - heat::keystone::auth::password: {get_param: HeatPassword} - heat::keystone::auth::region: {get_param: KeystoneRegion} - metadata_settings: - get_attr: [ApacheServiceBase, role_data, metadata_settings] - upgrade_tasks: [] diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml deleted file mode 100644 index a083fe1210..0000000000 --- a/puppet/services/heat-engine.yaml +++ /dev/null @@ -1,177 +0,0 @@ -heat_template_version: rocky - -description: > - Openstack Heat Engine service configured with Puppet - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - HeatEnableDBPurge: - type: boolean - default: true - description: | - Whether to create cron job for purging soft deleted rows in the Heat database. - HeatWorkers: - default: 0 - description: Number of workers for Heat service. - type: number - HeatMaxNestedStackDepth: - default: 6 - description: Maximum number of nested stack depth. - type: number - HeatReauthenticationAuthMethod: - description: Allow reauthentication on token expiry, such that long-running tasks - may complete. Note this defeats the expiry of any provided user tokens. - type: string - default: '' - constraints: - - allowed_values: [ '', 'trusts' ] - HeatPassword: - description: The password for the Heat service and db account, used by the Heat services. - type: string - hidden: true - HeatStackDomainAdminPassword: - description: Password for heat_stack_domain_admin user. - type: string - hidden: true - HeatAuthEncryptionKey: - description: Auth encryption key for heat-engine - type: string - hidden: true - default: '' - MonitoringSubscriptionHeatEngine: - default: 'overcloud-heat-engine' - type: string - HeatEngineLoggingSource: - type: json - default: - tag: openstack.heat.engine - path: /var/log/heat/heat-engine.log - HeatConvergenceEngine: - type: boolean - default: true - description: Enables the heat engine with the convergence architecture. - HeatMaxResourcesPerStack: - type: number - default: 1000 - description: Maximum resources allowed per top-level stack. -1 stands for unlimited. - HeatEnginePluginDirs: - type: comma_delimited_list - default: [] - description: An array of directories to search for plug-ins. - -conditions: - heat_workers_unset: {equals : [{get_param: HeatWorkers}, 0]} - -resources: - HeatBase: - type: ./heat-base.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - -outputs: - role_data: - description: Role data for the Heat Engine role. - value: - service_name: heat_engine - monitoring_subscription: {get_param: MonitoringSubscriptionHeatEngine} - config_settings: - map_merge: - - get_attr: [HeatBase, role_data, config_settings] - - heat::engine::configure_delegated_roles: false - heat::engine::trusts_delegated_roles: [] - heat::engine::max_nested_stack_depth: {get_param: HeatMaxNestedStackDepth} - heat::engine::max_resources_per_stack: {get_param: HeatMaxResourcesPerStack} - heat::engine::reauthentication_auth_method: {get_param: HeatReauthenticationAuthMethod} - heat::engine::heat_metadata_server_url: - make_url: - scheme: {get_param: [EndpointMap, HeatCfnPublic, protocol]} - host: {get_param: [EndpointMap, HeatCfnPublic, host]} - port: {get_param: [EndpointMap, HeatCfnPublic, port]} - heat::engine::heat_waitcondition_server_url: - make_url: - scheme: {get_param: [EndpointMap, HeatCfnPublic, protocol]} - host: {get_param: [EndpointMap, HeatCfnPublic, host]} - port: {get_param: [EndpointMap, HeatCfnPublic, port]} - path: /v1/waitcondition - heat::engine::convergence_engine: {get_param: HeatConvergenceEngine} - tripleo::profile::base::heat::manage_db_purge: {get_param: HeatEnableDBPurge} - heat::database_connection: - make_url: - scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} - username: heat - password: {get_param: HeatPassword} - host: {get_param: [EndpointMap, MysqlInternal, host]} - path: /heat - query: - read_default_file: /etc/my.cnf.d/tripleo.cnf - read_default_group: tripleo - heat::keystone_ec2_uri: - list_join: - - '' - - - {get_param: [EndpointMap, KeystoneV3Internal, uri]} - - '/ec2tokens' - heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} - heat::engine::auth_encryption_key: - yaql: - expression: $.data.passwords.where($ != '').first() - data: - passwords: - - {get_param: HeatAuthEncryptionKey} - - {get_param: [DefaultPasswords, heat_auth_encryption_key]} - heat::engine::plugin_dirs: {get_param: HeatEnginePluginDirs} - - - if: - - heat_workers_unset - - {} - - heat::engine::num_engine_workers: {get_param: HeatWorkers} - step_config: | - include ::tripleo::profile::base::heat::engine - - service_config_settings: - fluentd: - tripleo_fluentd_groups_heat_engine: - - heat - tripleo_fluentd_sources_heat_engine: - - {get_param: HeatEngineLoggingSource} - mysql: - heat::db::mysql::password: {get_param: HeatPassword} - heat::db::mysql::user: heat - heat::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - heat::db::mysql::dbname: heat - heat::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - keystone: - # This is needed because the keystone profile handles creating the domain - tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword} - upgrade_tasks: []