Pass hieradata relevant for httpd in the Heat APIs

The patch this depends on passes through the classes some parameters
that are meant to be passed via t-h-t. This patch addresses these and
other things required for deploying these services over httpd:

* Set the number of workers taking care not to set this value to 0.
* Add the apache base hieradata to the service profiles.
* Set the servernames and other httpd-specific values.

bp tls-via-certmonger

Change-Id: I88e5ea7b9bbf35ae03f84fdc3ec76ae09f11a1b6
Depends-On: I23971b0164468e67c9b3577772af84bd947e16f1
This commit is contained in:
Juan Antonio Osorio Robles 2017-03-03 10:19:34 +02:00 committed by Carlos Camacho
parent 1f79a5b76c
commit aedb22be76
4 changed files with 110 additions and 18 deletions

View File

@ -38,8 +38,23 @@ parameters:
default:
tag: openstack.heat.api.cfn
path: /var/log/heat/heat-api-cfn.log
EnableInternalTLS:
type: boolean
default: false
conditions:
heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]}
resources:
ApacheServiceBase:
type: ./apache.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
EnableInternalTLS: {get_param: EnableInternalTLS}
HeatBase:
type: ./heat-base.yaml
properties:
@ -59,19 +74,32 @@ outputs:
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- heat::api_cfn::workers: {get_param: HeatWorkers}
tripleo.heat_api_cfn.firewall_rules:
- get_attr: [ApacheServiceBase, role_data, config_settings]
- tripleo.heat_api_cfn.firewall_rules:
'125 heat_cfn':
dport:
- 8000
- 13800
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
heat::wsgi::apache_api_cfn::ssl: {get_param: EnableInternalTLS}
heat::api_cfn::service_name: 'httpd'
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
heat::wsgi::apache_api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
heat::wsgi::apache_api_cfn::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
-
if:
- heat_workers_zero
- {}
- heat::wsgi::apache_api_cfn::workers: {get_param: HeatWorkers}
step_config: |
include ::tripleo::profile::base::heat::api_cfn
service_config_settings:

View File

@ -30,8 +30,23 @@ parameters:
default:
tag: openstack.heat.api.cloudwatch
path: /var/log/heat/heat-api-cloudwatch.log
EnableInternalTLS:
type: boolean
default: false
conditions:
heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]}
resources:
ApacheServiceBase:
type: ./apache.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
EnableInternalTLS: {get_param: EnableInternalTLS}
HeatBase:
type: ./heat-base.yaml
properties:
@ -51,19 +66,34 @@ outputs:
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- heat::api_cloudwatch::workers: {get_param: HeatWorkers}
tripleo.heat_api_cloudwatch.firewall_rules:
- get_attr: [ApacheServiceBase, role_data, config_settings]
- tripleo.heat_api_cloudwatch.firewall_rules:
'125 heat_cloudwatch':
dport:
- 8003
- 13003
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
heat::api_cloudwatch::bind_host:
get_param: [ServiceNetMap, HeatApiCloudwatchNetwork]
heat::wsgi::apache_api_cloudwatch::ssl: {get_param: EnableInternalTLS}
heat::api_cloudwatch::service_name: 'httpd'
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
heat::api_cloudwatch::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
heat::wsgi::apache_api_cloudwatch::bind_host:
get_param: [ServiceNetMap, HeatApiCloudwatchNetwork]
heat::wsgi::apache_api_cloudwatch::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HeatApiCloudwatchNetwork]}
-
if:
- heat_workers_zero
- {}
- heat::wsgi::apache_api_cloudwatch::workers: {get_param: HeatWorkers}
step_config: |
include ::tripleo::profile::base::heat::api_cloudwatch
upgrade_tasks:

View File

@ -38,8 +38,23 @@ parameters:
default:
tag: openstack.heat.api
path: /var/log/heat/heat-api.log
EnableInternalTLS:
type: boolean
default: false
conditions:
heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]}
resources:
ApacheServiceBase:
type: ./apache.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
EnableInternalTLS: {get_param: EnableInternalTLS}
HeatBase:
type: ./heat-base.yaml
properties:
@ -59,19 +74,32 @@ outputs:
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- heat::api::workers: {get_param: HeatWorkers}
tripleo.heat_api.firewall_rules:
- get_attr: [ApacheServiceBase, role_data, config_settings]
- tripleo.heat_api.firewall_rules:
'125 heat_api':
dport:
- 8004
- 13004
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
heat::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
heat::api::service_name: 'httpd'
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
heat::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
heat::wsgi::apache_api::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]}
-
if:
- heat_workers_zero
- {}
- heat::wsgi::apache_api::workers: {get_param: HeatWorkers}
step_config: |
include ::tripleo::profile::base::heat::api
service_config_settings:

View File

@ -0,0 +1,6 @@
---
features:
- The relevant parameters have been added to deploy the heat APIs over httpd.
This means that the HeatWorkers now affect httpd instead of the heat API
themselves, and that the apache hieradata will also be deployed in the
nodes where the heat APIs run.