Heat templates for deploying OpenStack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

228 lines
8.0 KiB

heat_template_version: wallaby
description: >
OpenStack containerized Heat API CFN service
parameters:
ContainerHeatApiCfnImage:
description: image
type: string
# puppet needs the heat-wsgi-api-cfn binary from centos-binary-heat-api-cfn
ContainerHeatApiCfnConfigImage:
description: The container image to use for the heat_api_cfn config_volume
type: string
HeatApiCfnLoggingSource:
type: json
default:
tag: openstack.heat.api.cfn
file: /var/log/containers/heat/heat_api_cfn.log
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
HeatWorkers:
default: 0
description: Number of workers for Heat service.
type: number
HeatPassword:
description: The password for the Heat service and db account, used by the Heat services.
type: string
hidden: true
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
MonitoringSubscriptionHeatApiCnf:
default: 'overcloud-heat-api-cfn'
type: string
conditions:
heat_workers_set:
not: {equals : [{get_param: HeatWorkers}, 0]}
resources:
ContainersCommon:
type: ../containers-common.yaml
ApacheServiceBase:
type: ../../deployment/apache/apache-baremetal-puppet.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
EnableInternalTLS: {get_param: EnableInternalTLS}
HeatBase:
type: ./heat-base-puppet.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
HeatApiCfnLogging:
type: OS::TripleO::Services::Logging::HeatApiCfn
outputs:
role_data:
description: Role data for the Heat API CFN role.
value:
service_name: heat_api_cfn
firewall_rules:
'125 heat_cfn':
dport:
- 8000
- 13800
keystone_resources:
heat-cfn:
endpoints:
public: {get_param: [EndpointMap, HeatCfnPublic, uri]}
internal: {get_param: [EndpointMap, HeatCfnInternal, uri]}
admin: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
users:
heat-cfn:
password: {get_param: HeatPassword}
region: {get_param: KeystoneRegion}
service: 'cloudformation'
monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCnf}
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- get_attr: [HeatApiCfnLogging, config_settings]
- apache::default_vhost: false
heat::api_cfn::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
heat::wsgi::apache_api_cfn::ssl: {get_param: EnableInternalTLS}
heat::api_cfn::service_name: 'httpd'
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
heat::wsgi::apache_api_cfn::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
heat::wsgi::apache_api_cfn::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
- if:
- heat_workers_set
- heat::wsgi::apache_api_cfn::workers: {get_param: HeatWorkers}
service_config_settings:
rsyslog:
tripleo_logging_sources_heat_api_cfn:
- {get_param: HeatApiCfnLoggingSource}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: heat_api_cfn
puppet_tags: heat_config,file,concat,file_line
step_config: |
include tripleo::profile::base::heat::api_cfn
config_image: {get_param: ContainerHeatApiCfnConfigImage}
kolla_config:
/var/lib/kolla/config_files/heat_api_cfn.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d"
dest: "/etc/httpd/conf.d"
merge: false
preserve_properties: true
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.modules.d"
dest: "/etc/httpd/conf.modules.d"
# TODO(emilien) remove optional flag once we get a promotion
# https://launchpad.net/bugs/1884115
optional: true
merge: false
preserve_properties: true
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/heat
owner: heat:heat
recurse: true
docker_config:
step_2:
get_attr: [HeatApiCfnLogging, docker_config, step_2]
step_4:
heat_api_cfn:
image: {get_param: ContainerHeatApiCfnImage}
net: host
privileged: false
restart: always
# NOTE(mandre) kolla image changes the user to 'heat', we need it
# to be root to run httpd
user: root
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [HeatApiCfnLogging, volumes]}
-
- /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/heat_api_cfn:/var/lib/kolla/config_files/src:ro
- if:
- {get_param: EnableInternalTLS}
- - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
host_prep_tasks: {get_attr: [HeatApiCfnLogging, host_prep_tasks]}
upgrade_tasks: []
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
deploy_steps_tasks:
get_attr: [ApacheServiceBase, role_data, deploy_steps_tasks]
external_upgrade_tasks:
- when:
- step|int == 1
tags:
- never
- system_upgrade_transfer_data
- system_upgrade_stop_services
block:
- name: Stop heat cfn container
import_role:
name: tripleo_container_stop
vars:
tripleo_containers_to_stop:
- heat_api_cfn
tripleo_delegate_to: "{{ groups['heat_api_cfn'] | default([]) }}"