heat_template_version: rocky description: > RabbitMQ service for messaging RPCs configured with Puppet parameters: ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json RpcPort: default: 5672 description: The network port for messaging backend type: number RpcUserName: default: guest description: The username for messaging backend type: string RpcPassword: description: The password for messaging backend type: string hidden: true RpcUseSSL: default: false description: > Messaging client subscriber parameter to specify an SSL connection to the messaging host. type: string EnableInternalTLS: type: boolean default: false resources: RabbitMQServiceBase: type: ../rabbitmq.yaml properties: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} conditions: internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} outputs: role_data: description: Role data for the OsloMessagingRpc role. value: service_name: oslo_messaging_rpc monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]} global_config_settings: map_merge: - get_attr: [RabbitMQServiceBase, role_data, global_config_settings] - oslo_messaging_rpc_scheme: rabbit oslo_messaging_rpc_user_name: {get_param: RpcUserName} oslo_messaging_rpc_password: {get_param: RpcPassword} oslo_messaging_rpc_use_ssl: {get_param: RpcUseSSL} oslo_messaging_rpc_port: {get_param: RpcPort } config_settings: map_merge: - get_attr: [RabbitMQServiceBase, role_data, config_settings] - rabbitmq::default_user: {get_param: RpcUserName} rabbitmq::default_pass: {get_param: RpcPassword} tripleo::oslo_messaging_rpc::firewall_rules: '109 rabbitmq': dport: - 4369 - {get_param: RpcPort} - 25672 rabbitmq::port: {get_param: RpcPort} rabbitmq::interface: str_replace: template: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]} rabbitmq::ssl: {get_param: EnableInternalTLS} rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS} rabbitmq::ssl_port: {get_param: RpcPort} rabbitmq::ssl_only: {get_param: EnableInternalTLS} rabbitmq::ssl_interface: str_replace: template: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]} tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS} - if: - internal_tls_enabled - generate_service_certificates: true tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' tripleo::profile::base::rabbitmq::certificate_specs: service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' service_key: '/etc/pki/tls/private/rabbitmq.key' hostname: str_replace: template: "%{hiera('fqdn_NETWORK')}" params: NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]} principal: str_replace: template: "rabbitmq/%{hiera('fqdn_NETWORK')}" params: NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]} postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh" - {} step_config: | include ::tripleo::profile::base::rabbitmq upgrade_tasks: - name: Stop rabbitmq service when: step|int == 2 service: name=rabbitmq-server state=stopped - name: Start rabbitmq service when: step|int == 4 service: name=rabbitmq-server state=started metadata_settings: if: - internal_tls_enabled - - service: rabbitmq network: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]} type: node - null