heat_template_version: wallaby description: > Openstack Heat base service. Shared for all Heat services. parameters: Debug: default: false description: Set to True to enable debugging on all services. type: boolean HeatDebug: default: false description: Set to True to enable debugging Heat services. type: boolean ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. Use parameter_merge_strategies to merge it with the defaults. type: json HeatPassword: description: The password for the Heat service and db account, used by the Heat services. type: string hidden: true KeystoneRegion: type: string default: 'regionOne' description: Keystone region for endpoint RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json EnableCache: description: Enable caching with memcached type: boolean default: true HeatCronPurgeDeletedEnsure: type: string description: > Cron to purge db entries marked as deleted and older than $age - Ensure default: 'present' HeatCronPurgeDeletedMinute: type: string description: > Cron to purge db entries marked as deleted and older than $age - Minute default: '1' HeatCronPurgeDeletedHour: type: string description: > Cron to purge db entries marked as deleted and older than $age - Hour default: '0' HeatCronPurgeDeletedMonthday: type: string description: > Cron to purge db entries marked as deleted and older than $age - Month Day default: '*' HeatCronPurgeDeletedMonth: type: string description: > Cron to purge db entries marked as deleted and older than $age - Month default: '*' HeatCronPurgeDeletedWeekday: type: string description: > Cron to purge db entries marked as deleted and older than $age - Week Day default: '*' HeatCronPurgeDeletedMaxDelay: type: string description: > Cron to purge db entries marked as deleted and older than $age - Max Delay default: '3600' HeatCronPurgeDeletedUser: type: string description: > Cron to purge db entries marked as deleted and older than $age - User default: 'heat' HeatCronPurgeDeletedAge: type: string description: > Cron to purge db entries marked as deleted and older than $age - Age default: '30' HeatCronPurgeDeletedAgeType: type: string description: > Cron to purge db entries marked as deleted and older than $age - Age type default: 'days' HeatCronPurgeDeletedDestination: type: string description: > Cron to purge db entries marked as deleted and older than $age - Log destination default: '/dev/null' HeatYaqlLimitIterators: type: number description: > The maximum number of elements in collection yaql expressions can take for its evaluation. default: 1000 HeatYaqlMemoryQuota: type: number description: > The maximum size of memory in bytes that yaql exrpessions can take for its evaluation. default: 100000 HeatMaxJsonBodySize: default: 4194304 description: Maximum raw byte size of the Heat API JSON request body. type: number NotificationDriver: type: comma_delimited_list default: 'noop' description: Driver or drivers to handle sending notifications. HeatCorsAllowedOrigin: type: string default: '' description: Indicate whether this resource may be shared with the domain received in the request "origin" header. HeatRpcResponseTimeout: default: 600 description: Heat's RPC response timeout, in seconds. type: number MemcachedTLS: default: false description: Set to True to enable TLS on Memcached service. Because not all services support Memcached TLS, during the migration period, Memcached will listen on 2 ports - on the port set with MemcachedPort parameter (above) and on 11211, without TLS. type: boolean MemcacheUseAdvancedPool: type: boolean description: | Use the advanced (eventlet safe) memcached client pool. default: true EnforceSecureRbac: type: boolean default: false description: >- Setting this option to True will configure each OpenStack service to enforce Secure RBAC by setting `[oslo_policy] enforce_new_defaults` and `[oslo_policy] enforce_scope` to True. This introduces a consistent set of RBAC personas across OpenStack services that include support for system and project scope, as well as keystone's default roles, admin, member, and reader. Do not enable this functionality until all services in your deployment actually support secure RBAC. conditions: tls_cache_enabled: and: - {get_param: EnableCache} - {get_param: MemcachedTLS} cors_allowed_origin_set: not: {equals : [{get_param: HeatCorsAllowedOrigin}, '']} outputs: role_data: description: Shared role data for the Heat services. value: service_name: heat_base config_settings: map_merge: - if: - {get_param: EnforceSecureRbac} - heat::policy::enforce_scope: true heat::policy::enforce_new_defaults: true - if: - cors_allowed_origin_set - heat::cors::allowed_origin: {get_param: HeatCorsAllowedOrigin} - heat::notification_driver: {get_param: NotificationDriver} heat::logging::debug: if: - {get_param: HeatDebug} - true - {get_param: Debug} heat::enable_proxy_headers_parsing: true heat::rpc_response_timeout: {get_param: HeatRpcResponseTimeout} heat::rabbit_heartbeat_timeout_threshold: 60 heat::region_name: {get_param: KeystoneRegion} heat::keystone::authtoken::project_name: 'service' heat::keystone::authtoken::user_domain_name: 'Default' heat::keystone::authtoken::project_domain_name: 'Default' heat::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] } heat::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } heat::keystone::authtoken::password: {get_param: HeatPassword} heat::keystone::authtoken::region_name: {get_param: KeystoneRegion} heat::keystone::authtoken::interface: 'internal' heat::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} heat::keystone::domain::domain_name: 'heat_stack' heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost' heat::db::database_db_max_retries: -1 heat::db::database_max_retries: -1 heat::yaql_memory_quota: {get_param: HeatYaqlMemoryQuota} heat::yaql_limit_iterators: {get_param: HeatYaqlLimitIterators} heat::cors::max_age: 3600 heat::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' heat::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' heat::cron::purge_deleted::ensure: {get_param: HeatCronPurgeDeletedEnsure} heat::cron::purge_deleted::minute: {get_param: HeatCronPurgeDeletedMinute} heat::cron::purge_deleted::hour: {get_param: HeatCronPurgeDeletedHour} heat::cron::purge_deleted::monthday: {get_param: HeatCronPurgeDeletedMonthday} heat::cron::purge_deleted::month: {get_param: HeatCronPurgeDeletedMonth} heat::cron::purge_deleted::weekday: {get_param: HeatCronPurgeDeletedWeekday} heat::cron::purge_deleted::maxdelay: {get_param: HeatCronPurgeDeletedMaxDelay} heat::cron::purge_deleted::user: {get_param: HeatCronPurgeDeletedUser} heat::cron::purge_deleted::age: {get_param: HeatCronPurgeDeletedAge} heat::cron::purge_deleted::age_type: {get_param: HeatCronPurgeDeletedAgeType} heat::cron::purge_deleted::destination: {get_param: HeatCronPurgeDeletedDestination} heat::max_json_body_size: {get_param: HeatMaxJsonBodySize} - heat::cache::enabled: {get_param: EnableCache} heat::cache::tls_enabled: {get_param: MemcachedTLS} heat::cache::resource_finder_caching: false - if: - tls_cache_enabled - heat::cache::backend: 'dogpile.cache.pymemcache' - heat::cache::backend: 'dogpile.cache.memcached'