heat_template_version: rocky description: > Openstack Zaqar service. Shared for all Heat services. parameters: ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json DefaultPasswords: default: {} type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json Debug: default: false description: Set to True to enable debugging on all services. type: boolean ZaqarDebug: default: '' description: Set to True to enable debugging Zaqar service. type: string constraints: - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE'] ZaqarPassword: description: The password for Zaqar type: string hidden: true KeystoneRegion: type: string default: 'regionOne' description: Keystone region for endpoint ZaqarPolicies: description: | A hash of policies to configure for Zaqar. e.g. { zaqar-context_is_admin: { key: context_is_admin, value: 'role:admin' } } default: {} type: json ZaqarWorkers: type: string description: Set the number of workers for zaqar::wsgi::apache default: '%{::os_workers}' ZaqarMessageStore: type: string description: The messaging store for Zaqar default: redis ZaqarManagementStore: type: string description: The management store for Zaqar default: redis EnableInternalTLS: type: boolean default: false RedisPassword: description: The password for the redis service account. type: string hidden: true conditions: zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]} service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']} zaqar_messaging_store_swift: {equals : [{get_param: ZaqarMessageStore}, 'swift']} zaqar_messaging_store_redis: {equals : [{get_param: ZaqarMessageStore}, 'redis']} zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']} resources: ApacheServiceBase: type: ./apache.yaml properties: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} EnableInternalTLS: {get_param: EnableInternalTLS} outputs: role_data: description: Shared role data for the Zaqar services. value: service_name: zaqar_api config_settings: map_merge: - get_attr: [ApacheServiceBase, role_data, config_settings] - zaqar::policy::policies: {get_param: ZaqarPolicies} zaqar::keystone::authtoken::password: {get_param: ZaqarPassword} zaqar::keystone::authtoken::project_name: 'service' zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} zaqar::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} zaqar::keystone::trust::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} zaqar::logging::debug: if: - service_debug_unset - {get_param: Debug } - {get_param: ZaqarDebug } zaqar::server::service_name: 'httpd' zaqar::transport::websocket::bind: str_replace: template: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]} zaqar::transport::websocket::notification_bind: str_replace: template: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]} zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS} zaqar::wsgi::apache::bind_host: str_replace: template: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]} zaqar::message_pipeline: 'zaqar.notification.notifier' zaqar::max_messages_post_size: 1048576 zaqar::unreliable: true zaqar::wsgi::apache::servername: str_replace: template: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]} zaqar::message_store: {get_param: ZaqarMessageStore} zaqar::management_store: {get_param: ZaqarManagementStore} - if: - zaqar_messaging_store_swift - zaqar::messaging::swift::uri: list_join: - '' - ['swift://zaqar:', {get_param: ZaqarPassword}, '@/service'] zaqar::messaging::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } tripleo::profile::base::zaqar::messaging_store: 'swift' - {} - if: - zaqar_messaging_store_redis - zaqar_redis_password: {get_param: RedisPassword} tripleo::profile::base::zaqar::messaging_store: 'redis' - {} - if: - zaqar_management_store_sqlalchemy - tripleo::profile::base::zaqar::management_store: 'sqlalchemy' zaqar::management::sqlalchemy::uri: make_url: scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} username: zaqar password: {get_param: ZaqarPassword} host: {get_param: [EndpointMap, MysqlInternal, host]} path: /zaqar query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - {} - if: - zaqar_workers_zero - {} - zaqar::wsgi::apache::workers: {get_param: ZaqarWorkers} service_config_settings: map_merge: - keystone: zaqar::keystone::auth::password: {get_param: ZaqarPassword} zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]} zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]} zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]} zaqar::keystone::auth::region: {get_param: KeystoneRegion} zaqar::keystone::auth::tenant: 'service' zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword} zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]} zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]} zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]} zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion} zaqar::keystone::auth_websocket::tenant: 'service' zaqar::keystone::trust::password: {get_param: ZaqarPassword} zaqar::keystone::trust::user_domain_name: 'Default' tripleo.zaqar_api.firewall_rules: '113 zaqar_api': dport: - 9000 - 8888 - 3000 #SSL for websocket - 13888 #SSL for api - if: - zaqar_management_store_sqlalchemy - mysql: zaqar::db::mysql::user: zaqar zaqar::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} zaqar::db::mysql::dbname: zaqar zaqar::db::mysql::password: {get_param: ZaqarPassword} zaqar::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" - {} step_config: | include ::tripleo::profile::base::zaqar metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: list_concat: - get_attr: [ApacheServiceBase, role_data, upgrade_tasks] - - name: Check if zaqar is deployed command: systemctl is-enabled openstack-zaqar tags: common ignore_errors: True register: zaqar_enabled - name: "PreUpgrade step0,validation: Check if openstack-zaqar is running" shell: > /usr/bin/systemctl show 'openstack-zaqar' --property ActiveState | grep '\bactive\b' when: - step|int == 0 - zaqar_enabled.rc == 0 tags: validation - name: Check for zaqar running under apache (post upgrade) when: step|int == 1 shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi" register: zaqar_apache ignore_errors: true - name: Stop zaqar service (running under httpd) service: name=httpd state=stopped when: - step|int == 1 - zaqar_apache.rc == 0 - name: Stop and disable zaqar service (pre-upgrade not under httpd) when: - step|int == 1 - zaqar_enabled.rc == 0 service: name=openstack-zaqar state=stopped enabled=no - name: Install openstack-zaqar package if it was disabled yum: name=openstack-zaqar state=latest when: - step|int == 3 - zaqar_enabled.rc != 0