heat_template_version: queens description: > OpenStack Panko API service configured with Puppet. Note, This service is deprecated in Pike release and will be disabled in future releases. parameters: ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json MonitoringSubscriptionPankoApi: default: 'overcloud-ceilometer-panko-api' type: string EnableInternalTLS: type: boolean default: false PankoApiPolicies: description: | A hash of policies to configure for Panko API. e.g. { panko-context_is_admin: { key: context_is_admin, value: 'role:admin' } } default: {} type: json resources: PankoBase: type: ./panko-base.yaml properties: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} ApacheServiceBase: type: ./apache.yaml properties: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} EnableInternalTLS: {get_param: EnableInternalTLS} outputs: role_data: description: Role data for the Panko API service. value: service_name: panko_api monitoring_subscription: {get_param: MonitoringSubscriptionPankoApi} config_settings: map_merge: - get_attr: [PankoBase, role_data, config_settings] - get_attr: [ApacheServiceBase, role_data, config_settings] - panko::wsgi::apache::ssl: {get_param: EnableInternalTLS} panko::wsgi::apache::servername: str_replace: template: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} panko::policy::policies: {get_param: PankoApiPolicies} panko::api::service_name: 'httpd' panko::api::enable_proxy_headers_parsing: true tripleo.panko_api.firewall_rules: '140 panko-api': dport: - 8977 - 13977 panko::api::host: str_replace: template: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR panko::wsgi::apache::bind_host: {get_param: [ServiceNetMap, PankoApiNetwork]} service_config_settings: get_attr: [PankoBase, role_data, service_config_settings] step_config: | include tripleo::profile::base::panko::api metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: list_concat: - get_attr: [ApacheServiceBase, role_data, upgrade_tasks] - - name: Check if httpd is deployed command: systemctl is-enabled httpd tags: common ignore_errors: True register: httpd_enabled - name: "PreUpgrade step0,validation: Check if httpd is running" shell: > /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b' when: (httpd_enabled.rc == 0) and (step|int == 0) tags: validation - name: Stop panko-api service (running under httpd) service: name=httpd state=stopped when: (httpd_enabled.rc == 0) and (step|int == 1) - name: Install openstack-panko-api package if it was not installed when: step|int == 3 yum: name=openstack-panko-api state=latest