Pass hieradata relevant for httpd in the Heat APIs

The patch this depends on passes through the classes some parameters that are meant to be passed via t-h-t. This patch addresses these and other things required for deploying these services over httpd: * Set the number of workers taking care not to set this value to 0. * Add the apache base hieradata to the service profiles. * Set the servernames and other httpd-specific values. bp tls-via-certmonger Change-Id: I88e5ea7b9bbf35ae03f84fdc3ec76ae09f11a1b6 Depends-On: I23971b0164468e67c9b3577772af84bd947e16f1
2017-03-03 10:19:34 +02:00 · 2017-03-03 10:19:34 +02:00 · aedb22be76
parent 1f79a5b76c
commit aedb22be76
4 changed files with 110 additions and 18 deletions
--- a/puppet/services/heat-api-cfn.yaml
+++ b/puppet/services/heat-api-cfn.yaml
@ -38,8 +38,23 @@ parameters:
    default:
      tag: openstack.heat.api.cfn
      path: /var/log/heat/heat-api-cfn.log
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+  heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]}

 resources:
+
+  ApacheServiceBase:
+    type: ./apache.yaml
+    properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+      EnableInternalTLS: {get_param: EnableInternalTLS}
+
  HeatBase:
    type: ./heat-base.yaml
    properties:
@ -59,19 +74,32 @@ outputs:
      config_settings:
        map_merge:
          - get_attr: [HeatBase, role_data, config_settings]
-          - heat::api_cfn::workers: {get_param: HeatWorkers}
-            tripleo.heat_api_cfn.firewall_rules:
+          - get_attr: [ApacheServiceBase, role_data, config_settings]
+          - tripleo.heat_api_cfn.firewall_rules:
              '125 heat_cfn':
                dport:
                  - 8000
                  - 13800
-            # NOTE: bind IP is found in Heat replacing the network name with the
-            # local node IP for the given network; replacement examples
-            # (eg. for internal_api):
+            heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
+            heat::wsgi::apache_api_cfn::ssl: {get_param: EnableInternalTLS}
+            heat::api_cfn::service_name: 'httpd'
+            # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+            # for the given network; replacement examples (eg. for internal_api):
            # internal_api -> IP
            # internal_api_uri -> [IP]
            # internal_api_subnet - > IP/CIDR
-            heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
+            heat::wsgi::apache_api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
+            heat::wsgi::apache_api_cfn::servername:
+              str_replace:
+                template:
+                  "%{hiera('fqdn_$NETWORK')}"
+                params:
+                  $NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
+          -
+            if:
+            - heat_workers_zero
+            - {}
+            - heat::wsgi::apache_api_cfn::workers: {get_param: HeatWorkers}
      step_config: |
        include ::tripleo::profile::base::heat::api_cfn
      service_config_settings:
--- a/puppet/services/heat-api-cloudwatch.yaml
+++ b/puppet/services/heat-api-cloudwatch.yaml
@ -30,8 +30,23 @@ parameters:
    default:
      tag: openstack.heat.api.cloudwatch
      path: /var/log/heat/heat-api-cloudwatch.log
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+  heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]}

 resources:
+
+  ApacheServiceBase:
+    type: ./apache.yaml
+    properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+      EnableInternalTLS: {get_param: EnableInternalTLS}
+
  HeatBase:
    type: ./heat-base.yaml
    properties:
@ -51,19 +66,34 @@ outputs:
      config_settings:
        map_merge:
          - get_attr: [HeatBase, role_data, config_settings]
-          - heat::api_cloudwatch::workers: {get_param: HeatWorkers}
-            tripleo.heat_api_cloudwatch.firewall_rules:
+          - get_attr: [ApacheServiceBase, role_data, config_settings]
+          - tripleo.heat_api_cloudwatch.firewall_rules:
              '125 heat_cloudwatch':
                dport:
                  - 8003
                  - 13003
-            # NOTE: bind IP is found in Heat replacing the network name with the
-            # local node IP for the given network; replacement examples
-            # (eg. for internal_api):
+            heat::api_cloudwatch::bind_host:
+              get_param: [ServiceNetMap, HeatApiCloudwatchNetwork]
+            heat::wsgi::apache_api_cloudwatch::ssl: {get_param: EnableInternalTLS}
+            heat::api_cloudwatch::service_name: 'httpd'
+            # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+            # for the given network; replacement examples (eg. for internal_api):
            # internal_api -> IP
            # internal_api_uri -> [IP]
            # internal_api_subnet - > IP/CIDR
-            heat::api_cloudwatch::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
+            heat::wsgi::apache_api_cloudwatch::bind_host:
+              get_param: [ServiceNetMap, HeatApiCloudwatchNetwork]
+            heat::wsgi::apache_api_cloudwatch::servername:
+              str_replace:
+                template:
+                  "%{hiera('fqdn_$NETWORK')}"
+                params:
+                  $NETWORK: {get_param: [ServiceNetMap, HeatApiCloudwatchNetwork]}
+          -
+            if:
+            - heat_workers_zero
+            - {}
+            - heat::wsgi::apache_api_cloudwatch::workers: {get_param: HeatWorkers}
      step_config: |
        include ::tripleo::profile::base::heat::api_cloudwatch
      upgrade_tasks:
--- a/puppet/services/heat-api.yaml
+++ b/puppet/services/heat-api.yaml
@ -38,8 +38,23 @@ parameters:
    default:
      tag: openstack.heat.api
      path: /var/log/heat/heat-api.log
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+  heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]}

 resources:
+
+  ApacheServiceBase:
+    type: ./apache.yaml
+    properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+      EnableInternalTLS: {get_param: EnableInternalTLS}
+
  HeatBase:
    type: ./heat-base.yaml
    properties:
@ -59,19 +74,32 @@ outputs:
      config_settings:
        map_merge:
          - get_attr: [HeatBase, role_data, config_settings]
-          - heat::api::workers: {get_param: HeatWorkers}
-            tripleo.heat_api.firewall_rules:
+          - get_attr: [ApacheServiceBase, role_data, config_settings]
+          - tripleo.heat_api.firewall_rules:
              '125 heat_api':
                dport:
                  - 8004
                  - 13004
-            # NOTE: bind IP is found in Heat replacing the network name with the
-            # local node IP for the given network; replacement examples
-            # (eg. for internal_api):
+            heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
+            heat::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
+            heat::api::service_name: 'httpd'
+            # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+            # for the given network; replacement examples (eg. for internal_api):
            # internal_api -> IP
            # internal_api_uri -> [IP]
            # internal_api_subnet - > IP/CIDR
-            heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
+            heat::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
+            heat::wsgi::apache_api::servername:
+              str_replace:
+                template:
+                  "%{hiera('fqdn_$NETWORK')}"
+                params:
+                  $NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]}
+          -
+            if:
+            - heat_workers_zero
+            - {}
+            - heat::wsgi::apache_api::workers: {get_param: HeatWorkers}
      step_config: |
        include ::tripleo::profile::base::heat::api
      service_config_settings:
--- a/releasenotes/notes/add-parameters-for-heat-apis-over-httpd-df83ab04d9f9ebb2.yaml
+++ b/releasenotes/notes/add-parameters-for-heat-apis-over-httpd-df83ab04d9f9ebb2.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - The relevant parameters have been added to deploy the heat APIs over httpd.
+    This means that the HeatWorkers now affect httpd instead of the heat API
+    themselves, and that the apache hieradata will also be deployed in the
+    nodes where the heat APIs run.