heat_template_version: rocky

description: >
  RabbitMQ service for messaging Notifications configured with Puppet

parameters:
  ServiceData:
    default: {}
    description: Dictionary packing service data
    type: json
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  NotifyPort:
    default: 5672
    description: The network port for messaging Notify backend
    type: number
  NotifyUserName:
    default: guest
    description: The username for messaging Notifications
    type: string
  NotifyPassword:
    description: The password for messaging Notifications
    type: string
    hidden: true
  NotifyUseSSL:
    default: false
    description: Messaging Notification client subscriber parameter to specify
                 an SSL connection to the messaging host.
    type: string
  EnableInternalTLS:
    type: boolean
    default: false

resources:
  RabbitMQServiceBase:
    type: ../rabbitmq.yaml
    properties:
      ServiceData: {get_param: ServiceData}
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      EndpointMap: {get_param: EndpointMap}
      RoleName: {get_param: RoleName}
      RoleParameters: {get_param: RoleParameters}

conditions:
  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}

outputs:
  role_data:
    description: Role data for the OsloMessagingNotify role.
    value:
      service_name: oslo_messaging_notify
      monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]}
      global_config_settings:
        map_merge:
          - get_attr: [RabbitMQServiceBase, role_data, global_config_settings]
          - oslo_messaging_notify_scheme: rabbit
            oslo_messaging_notify_user_name: {get_param: NotifyUserName}
            oslo_messaging_notify_password: {get_param: NotifyPassword}
            oslo_messaging_notify_use_ssl: {get_param: NotifyUseSSL}
            oslo_messaging_notify_port: {get_param: NotifyPort}
      config_settings:
        map_merge:
          - get_attr: [RabbitMQServiceBase, role_data, config_settings]
          - rabbitmq::default_user: {get_param: NotifyUserName}
            rabbitmq::default_pass: {get_param: NotifyPassword}
            tripleo::oslo_messaging_notify::firewall_rules:
              '109 rabbitmq':
                dport:
                  - 4369
                  - {get_param: NotifyPort}
                  - 25672
            rabbitmq::port: {get_param: NotifyPort}
            rabbitmq::interface:
              str_replace:
                template:
                  "%{hiera('$NETWORK')}"
                params:
                  $NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
            rabbitmq::ssl: {get_param: EnableInternalTLS}
            rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
            rabbitmq::ssl_port: {get_param: NotifyPort}
            rabbitmq::ssl_only: {get_param: EnableInternalTLS}
            rabbitmq::ssl_interface:
              str_replace:
                template:
                  "%{hiera('$NETWORK')}"
                params:
                  $NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
            tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}
          -
            if:
            - internal_tls_enabled
            - generate_service_certificates: true
              tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
              tripleo::profile::base::rabbitmq::certificate_specs:
                service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
                service_key: '/etc/pki/tls/private/rabbitmq.key'
                hostname:
                  str_replace:
                    template: "%{hiera('fqdn_NETWORK')}"
                    params:
                      NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
                principal:
                  str_replace:
                    template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
                    params:
                      NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
                postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
            - {}
      step_config: |
        include ::tripleo::profile::base::rabbitmq
      upgrade_tasks:
        - name: Stop rabbitmq service
          when: step|int == 2
          service: name=rabbitmq-server state=stopped
        - name: Start rabbitmq service
          when: step|int == 4
          service: name=rabbitmq-server state=started
      metadata_settings:
        if:
          - internal_tls_enabled
          -
            - service: rabbitmq
              network: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
              type: node
          - null