heat_template_version: rocky description: > OpenStack EC2-API service configured with Puppet parameters: ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json Ec2ApiWorkers: default: 0 description: Number of workers for EC2-API service. type: number Ec2ApiPassword: description: The password for the nova service and db account, used by nova-api. type: string hidden: true KeystoneRegion: type: string default: 'regionOne' description: Keystone region for endpoint Ec2ApiExternalNetwork: type: string default: '' description: Name of the external network, which is used to connect VPCs to Internet and to allocate Elastic IPs NovaDefaultFloatingPool: default: 'public' description: Default pool for floating IP addresses type: string MonitoringSubscriptionEc2Api: default: 'overcloud-ec2-api' type: string Ec2ApiLoggingSource: type: json default: tag: openstack.ec2.api path: /var/log/ec2api/ec2api.log EnablePackageInstall: default: 'false' description: Set to true to enable package installation at deploy time type: boolean Ec2ApiPolicies: description: | A hash of policies to configure for EC2-API. e.g. { ec2api-context_is_admin: { key: context_is_admin, value: 'role:admin' } } default: {} type: json EnableInternalTLS: type: boolean default: false conditions: nova_workers_zero: {equals : [{get_param: Ec2ApiWorkers}, 0]} external_network_unset: {equals : [{get_param: Ec2ApiExternalNetwork}, '']} use_tls_proxy: {equals: [{get_param: EnableInternalTLS}, true]} resources: TLSProxyBase: type: OS::TripleO::Services::TLSProxyBase properties: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} EnableInternalTLS: {get_param: EnableInternalTLS} outputs: role_data: description: Role data for the EC2-API service. value: service_name: ec2_api monitoring_subscription: {get_param: MonitoringSubscriptionEc2Api} config_settings: map_merge: - get_attr: [TLSProxyBase, role_data, config_settings] - tripleo::ec2_api::firewall_rules: '113 ec2_api': dport: - 8788 - 13788 ec2api::keystone::authtoken::project_name: 'service' ec2api::keystone::authtoken::password: {get_param: Ec2ApiPassword} ec2api::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } ec2api::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } ec2api::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} ec2api::policy::policies: {get_param: Ec2ApiPolicies} ec2api::api::enabled: true ec2api::package_manage: {get_param: EnablePackageInstall} ec2api::api::ec2api_listen: if: - use_tls_proxy - 'localhost' - str_replace: template: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]} ec2api::metadata::metadata_listen: if: - use_tls_proxy - 'localhost' - str_replace: template: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]} ec2api::db::database_connection: make_url: scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} username: ec2_api password: {get_param: Ec2ApiPassword} host: {get_param: [EndpointMap, MysqlInternal, host]} path: /ec2_api query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo ec2api::api::keystone_ec2_tokens_url: list_join: - '' - - {get_param: [EndpointMap, KeystoneV3Internal, uri]} - '/ec2tokens' - if: - nova_workers_zero - {} - ec2api::api::ec2api_workers: {get_param: Ec2ApiWorkers} ec2api::metadata::metadata_workers: {get_param: Ec2ApiWorkers} - if: - external_network_unset - ec2api::api::external_network: {get_param: NovaDefaultFloatingPool} - ec2api::api::external_network: {get_param: Ec2ApiExternalNetwork} - if: - use_tls_proxy - tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_bind_ip: str_replace: template: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]} tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_fqdn: str_replace: template: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]} tripleo::profile::base::nova::ec2api::metadata_tls_proxy_bind_ip: str_replace: template: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]} tripleo::profile::base::nova::ec2api::metadata_tls_proxy_fqdn: str_replace: template: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]} - {} step_config: | include tripleo::profile::base::nova::ec2api service_config_settings: fluentd: tripleo_fluentd_groups_ec2_api: - nova tripleo_fluentd_sources_ec2_api: - {get_param: Ec2ApiLoggingSource} keystone: ec2api::keystone::auth::tenant: 'service' ec2api::keystone::auth::public_url: {get_param: [EndpointMap, Ec2ApiPublic, uri]} ec2api::keystone::auth::internal_url: {get_param: [EndpointMap, Ec2ApiInternal, uri]} ec2api::keystone::auth::admin_url: {get_param: [EndpointMap, Ec2ApiAdmin, uri]} ec2api::keystone::auth::password: {get_param: Ec2ApiPassword} ec2api::keystone::auth::region: {get_param: KeystoneRegion} mysql: ec2api::db::mysql::password: {get_param: Ec2ApiPassword} ec2api::db::mysql::user: ec2_api ec2api::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} ec2api::db::mysql::dbname: ec2_api ec2api::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" upgrade_tasks: [] metadata_settings: get_attr: [TLSProxyBase, role_data, metadata_settings]