heat_template_version: wallaby

description: >
  Ceph Manager service.

parameters:
  ServiceData:
    default: {}
    description: Dictionary packing service data
    type: json
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry. Use
                 parameter_merge_strategies to merge it with the defaults.
    type: json
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  CephDashboardAdminUser:
    default: 'admin'
    description: Admin user for the dashboard component
    type: string
  CephDashboardAdminPassword:
    description: Admin password for the dashboard component
    type: string
    hidden: true
  CephEnableDashboard:
    type: boolean
    default: false
    description: Parameter used to trigger the dashboard deployment.
  CephDashboardPort:
    type: number
    default: 8444
    description: Parameter that defines the ceph dashboard port.
  CephDashboardAdminRO:
    type: boolean
    default: true
    description: Parameter used to set a read-only admin user.
  EnableInternalTLS:
    type: boolean
    default: false
  CertificateKeySize:
    type: string
    default: '2048'
    description: Specifies the private key size used when creating the
                 certificate.
  CephCertificateKeySize:
    type: string
    default: ''
    description: Override the private key size used when creating the
                 certificate for this service

conditions:
  internal_tls_enabled:
    and:
      - {get_param: CephEnableDashboard}
      - {get_param: EnableInternalTLS}
  key_size_override_set:
    not: {equals: [{get_param: CephCertificateKeySize}, '']}

resources:
  CephBase:
    type: ./ceph-base.yaml
    properties:
      ServiceData: {get_param: ServiceData}
      ServiceNetMap: {get_param: ServiceNetMap}
      EndpointMap: {get_param: EndpointMap}
      RoleName: {get_param: RoleName}
      RoleParameters: {get_param: RoleParameters}

  CephMgrAnsibleVars:
    type: OS::Heat::Value
    properties:
      type: json
      value:
        vars:
          tripleo_cephadm_dashboard_admin_user: {get_param: CephDashboardAdminUser}
          tripleo_cephadm_dashboard_admin_password: {get_param: CephDashboardAdminPassword}
          tripleo_cephadm_dashboard_port: {get_param: CephDashboardPort}
          tripleo_cephadm_dashboard_admin_user_ro: {get_param: CephDashboardAdminRO}
          tripleo_cephadm_dashboard_protocol:
            if:
              - internal_tls_enabled
              - 'https'
              - 'http'

outputs:
  role_data:
    description: Role data for the Ceph Manager service.
    value:
      service_name: ceph_mgr
      firewall_rules:
        '113 ceph_mgr':
          dport:
            list_concat:
              - - '6800-7300'
              - if:
                - {get_param: CephEnableDashboard}
                - - {get_param: CephDashboardPort}
      firewall_frontend_rules:
        if:
          - {get_param: CephEnableDashboard}
          - '100 ceph_dashboard':
              dport:
                - {get_param: CephDashboardPort}
      upgrade_tasks: []
      puppet_config: {}
      docker_config: {}
      external_deploy_tasks:
        list_concat:
        - {get_attr: [CephBase, role_data, external_deploy_tasks]}
        - if:
          - {get_param: CephEnableDashboard}
          - - name: set tripleo-ansible ceph dashboard vars
              when: step|int == 1
              set_fact:
                ceph_dashboard_vars:
                  if:
                  - internal_tls_enabled
                  - map_merge:
                      - {get_attr: [CephMgrAnsibleVars, value, vars]}
                      - tripleo_cephadm_dashboard_crt: /etc/pki/tls/certs/ceph_dashboard.crt
                      - tripleo_cephadm_dashboard_key: /etc/pki/tls/private/ceph_dashboard.key
                      - tripleo_cephadm_dashboard_grafana_api_no_ssl_verify: true
                  - {get_attr: [CephMgrAnsibleVars, value, vars]}
      metadata_settings:
        if:
        - internal_tls_enabled
        - - service: ceph_dashboard
            network: {get_param: [ServiceNetMap, CephDashboardNetwork]}
            type: node
      deploy_steps_tasks:
        if:
          - internal_tls_enabled
          - - name: Certificate generation
              when:
                - step|int == 1
              block:
                - include_role:
                    name: linux-system-roles.certificate
                  vars:
                    certificate_requests:
                      - name: ceph_dashboard
                        dns:
                          str_replace:
                            template: "{{fqdn_$NETWORK}}"
                            params:
                              $NETWORK: {get_param: [ServiceNetMap, CephDashboardNetwork]}
                        principal:
                          str_replace:
                            template: "ceph_dashboard/{{fqdn_$NETWORK}}@{{idm_realm}}"
                            params:
                              $NETWORK: {get_param: [ServiceNetMap, CephDashboardNetwork]}
                        run_after: |
                          # Get mgr systemd unit
                          mgr_unit=$(systemctl list-units | awk '/ceph-mgr/ {print $1}')
                          # Restart the mgr systemd unit
                          if [ -n "$mgr_unit" ]; then
                              systemctl restart "$mgr_unit"
                          fi
                        key_size:
                          if:
                            - key_size_override_set
                            - {get_param: CephCertificateKeySize}
                            - {get_param: CertificateKeySize}
                        ca: ipa