You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
228 lines
8.0 KiB
228 lines
8.0 KiB
heat_template_version: wallaby |
|
|
|
description: > |
|
OpenStack containerized Heat API CFN service |
|
|
|
parameters: |
|
ContainerHeatApiCfnImage: |
|
description: image |
|
type: string |
|
# puppet needs the heat-wsgi-api-cfn binary from centos-binary-heat-api-cfn |
|
ContainerHeatApiCfnConfigImage: |
|
description: The container image to use for the heat_api_cfn config_volume |
|
type: string |
|
HeatApiCfnLoggingSource: |
|
type: json |
|
default: |
|
tag: openstack.heat.api.cfn |
|
file: /var/log/containers/heat/heat_api_cfn.log |
|
EndpointMap: |
|
default: {} |
|
description: Mapping of service endpoint -> protocol. Typically set |
|
via parameter_defaults in the resource registry. |
|
type: json |
|
ServiceData: |
|
default: {} |
|
description: Dictionary packing service data |
|
type: json |
|
ServiceNetMap: |
|
default: {} |
|
description: Mapping of service_name -> network name. Typically set |
|
via parameter_defaults in the resource registry. This |
|
mapping overrides those in ServiceNetMapDefaults. |
|
type: json |
|
RoleName: |
|
default: '' |
|
description: Role name on which the service is applied |
|
type: string |
|
RoleParameters: |
|
default: {} |
|
description: Parameters specific to the role |
|
type: json |
|
EnableInternalTLS: |
|
type: boolean |
|
default: false |
|
HeatWorkers: |
|
default: 0 |
|
description: Number of workers for Heat service. |
|
type: number |
|
HeatPassword: |
|
description: The password for the Heat service and db account, used by the Heat services. |
|
type: string |
|
hidden: true |
|
KeystoneRegion: |
|
type: string |
|
default: 'regionOne' |
|
description: Keystone region for endpoint |
|
MonitoringSubscriptionHeatApiCnf: |
|
default: 'overcloud-heat-api-cfn' |
|
type: string |
|
|
|
conditions: |
|
heat_workers_set: |
|
not: {equals : [{get_param: HeatWorkers}, 0]} |
|
|
|
resources: |
|
|
|
ContainersCommon: |
|
type: ../containers-common.yaml |
|
|
|
ApacheServiceBase: |
|
type: ../../deployment/apache/apache-baremetal-puppet.yaml |
|
properties: |
|
ServiceData: {get_param: ServiceData} |
|
ServiceNetMap: {get_param: ServiceNetMap} |
|
EndpointMap: {get_param: EndpointMap} |
|
RoleName: {get_param: RoleName} |
|
RoleParameters: {get_param: RoleParameters} |
|
EnableInternalTLS: {get_param: EnableInternalTLS} |
|
|
|
HeatBase: |
|
type: ./heat-base-puppet.yaml |
|
properties: |
|
EndpointMap: {get_param: EndpointMap} |
|
ServiceData: {get_param: ServiceData} |
|
ServiceNetMap: {get_param: ServiceNetMap} |
|
RoleName: {get_param: RoleName} |
|
RoleParameters: {get_param: RoleParameters} |
|
|
|
HeatApiCfnLogging: |
|
type: OS::TripleO::Services::Logging::HeatApiCfn |
|
|
|
outputs: |
|
role_data: |
|
description: Role data for the Heat API CFN role. |
|
value: |
|
service_name: heat_api_cfn |
|
firewall_rules: |
|
'125 heat_cfn': |
|
dport: |
|
- 8000 |
|
- 13800 |
|
keystone_resources: |
|
heat-cfn: |
|
endpoints: |
|
public: {get_param: [EndpointMap, HeatCfnPublic, uri]} |
|
internal: {get_param: [EndpointMap, HeatCfnInternal, uri]} |
|
admin: {get_param: [EndpointMap, HeatCfnAdmin, uri]} |
|
users: |
|
heat-cfn: |
|
password: {get_param: HeatPassword} |
|
region: {get_param: KeystoneRegion} |
|
service: 'cloudformation' |
|
monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCnf} |
|
config_settings: |
|
map_merge: |
|
- get_attr: [HeatBase, role_data, config_settings] |
|
- get_attr: [HeatApiCfnLogging, config_settings] |
|
- apache::default_vhost: false |
|
heat::api_cfn::bind_host: |
|
str_replace: |
|
template: |
|
"%{hiera('$NETWORK')}" |
|
params: |
|
$NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]} |
|
heat::wsgi::apache_api_cfn::ssl: {get_param: EnableInternalTLS} |
|
heat::api_cfn::service_name: 'httpd' |
|
# NOTE: bind IP is found in hiera replacing the network name with the local node IP |
|
# for the given network; replacement examples (eg. for internal_api): |
|
# internal_api -> IP |
|
# internal_api_uri -> [IP] |
|
# internal_api_subnet - > IP/CIDR |
|
heat::wsgi::apache_api_cfn::bind_host: |
|
str_replace: |
|
template: |
|
"%{hiera('$NETWORK')}" |
|
params: |
|
$NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]} |
|
heat::wsgi::apache_api_cfn::servername: |
|
str_replace: |
|
template: |
|
"%{hiera('fqdn_$NETWORK')}" |
|
params: |
|
$NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]} |
|
- if: |
|
- heat_workers_set |
|
- heat::wsgi::apache_api_cfn::workers: {get_param: HeatWorkers} |
|
service_config_settings: |
|
rsyslog: |
|
tripleo_logging_sources_heat_api_cfn: |
|
- {get_param: HeatApiCfnLoggingSource} |
|
# BEGIN DOCKER SETTINGS |
|
puppet_config: |
|
config_volume: heat_api_cfn |
|
puppet_tags: heat_config,file,concat,file_line |
|
step_config: | |
|
include tripleo::profile::base::heat::api_cfn |
|
config_image: {get_param: ContainerHeatApiCfnConfigImage} |
|
kolla_config: |
|
/var/lib/kolla/config_files/heat_api_cfn.json: |
|
command: /usr/sbin/httpd -DFOREGROUND |
|
config_files: |
|
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d" |
|
dest: "/etc/httpd/conf.d" |
|
merge: false |
|
preserve_properties: true |
|
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.modules.d" |
|
dest: "/etc/httpd/conf.modules.d" |
|
# TODO(emilien) remove optional flag once we get a promotion |
|
# https://launchpad.net/bugs/1884115 |
|
optional: true |
|
merge: false |
|
preserve_properties: true |
|
- source: "/var/lib/kolla/config_files/src/*" |
|
dest: "/" |
|
merge: true |
|
preserve_properties: true |
|
permissions: |
|
- path: /var/log/heat |
|
owner: heat:heat |
|
recurse: true |
|
docker_config: |
|
step_2: |
|
get_attr: [HeatApiCfnLogging, docker_config, step_2] |
|
step_4: |
|
heat_api_cfn: |
|
image: {get_param: ContainerHeatApiCfnImage} |
|
net: host |
|
privileged: false |
|
restart: always |
|
# NOTE(mandre) kolla image changes the user to 'heat', we need it |
|
# to be root to run httpd |
|
user: root |
|
healthcheck: |
|
test: /openstack/healthcheck |
|
volumes: |
|
list_concat: |
|
- {get_attr: [ContainersCommon, volumes]} |
|
- {get_attr: [HeatApiCfnLogging, volumes]} |
|
- |
|
- /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro |
|
- /var/lib/config-data/puppet-generated/heat_api_cfn:/var/lib/kolla/config_files/src:ro |
|
- if: |
|
- {get_param: EnableInternalTLS} |
|
- - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro |
|
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro |
|
environment: |
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS |
|
host_prep_tasks: {get_attr: [HeatApiCfnLogging, host_prep_tasks]} |
|
upgrade_tasks: [] |
|
metadata_settings: |
|
get_attr: [ApacheServiceBase, role_data, metadata_settings] |
|
deploy_steps_tasks: |
|
get_attr: [ApacheServiceBase, role_data, deploy_steps_tasks] |
|
external_upgrade_tasks: |
|
- when: |
|
- step|int == 1 |
|
tags: |
|
- never |
|
- system_upgrade_transfer_data |
|
- system_upgrade_stop_services |
|
block: |
|
- name: Stop heat cfn container |
|
import_role: |
|
name: tripleo_container_stop |
|
vars: |
|
tripleo_containers_to_stop: |
|
- heat_api_cfn |
|
tripleo_delegate_to: "{{ groups['heat_api_cfn'] | default([]) }}"
|
|
|