fe72598d9c
gnocchi_external_project_owner is to configure who creates resources and metrics in Gnocchi (usually Ceilometer). So Aodh can create the right rbac rules. So the project name is 'service' for tripleo. We can't use the default set because puppet always uses 'services' and not 'service'. Change-Id: I6f7acc3a4cab29bc566d7becdc93ba3393f5c8fe
128 lines
4.4 KiB
YAML
128 lines
4.4 KiB
YAML
heat_template_version: pike
|
|
|
|
description: >
|
|
OpenStack Aodh API service configured with Puppet
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
GnocchiExternalProject:
|
|
default: 'service'
|
|
description: Project name of resources creator in Gnocchi.
|
|
type: string
|
|
MonitoringSubscriptionAodhApi:
|
|
default: 'overcloud-ceilometer-aodh-api'
|
|
type: string
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
AodhApiPolicies:
|
|
description: |
|
|
A hash of policies to configure for Aodh API.
|
|
e.g. { aodh-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
|
default: {}
|
|
type: json
|
|
|
|
resources:
|
|
AodhBase:
|
|
type: ./aodh-base.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
ApacheServiceBase:
|
|
type: ./apache.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
EnableInternalTLS: {get_param: EnableInternalTLS}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Aodh API service.
|
|
value:
|
|
service_name: aodh_api
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionAodhApi}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [AodhBase, role_data, config_settings]
|
|
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
|
- aodh::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
|
aodh::wsgi::apache::servername:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('fqdn_$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]}
|
|
aodh::wsgi::apache::wsgi_process_display_name: 'aodh_wsgi'
|
|
aodh::api::service_name: 'httpd'
|
|
aodh::api::enable_proxy_headers_parsing: true
|
|
aodh::api::gnocchi_external_project_owner: {get_param: GnocchiExternalProject}
|
|
aodh::policy::policies: {get_param: AodhApiPolicies}
|
|
tripleo.aodh_api.firewall_rules:
|
|
'128 aodh-api':
|
|
dport:
|
|
- 8042
|
|
- 13042
|
|
aodh::api::host:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('fqdn_$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]}
|
|
# NOTE: bind IP is found in Heat replacing the network name with the
|
|
# local node IP for the given network; replacement examples
|
|
# (eg. for internal_api):
|
|
# internal_api -> IP
|
|
# internal_api_uri -> [IP]
|
|
# internal_api_subnet - > IP/CIDR
|
|
aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]}
|
|
service_config_settings:
|
|
get_attr: [AodhBase, role_data, service_config_settings]
|
|
step_config: |
|
|
include tripleo::profile::base::aodh::api
|
|
metadata_settings:
|
|
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
|
upgrade_tasks:
|
|
yaql:
|
|
expression: $.data.apache_upgrade + $.data.aodh_api_upgrade
|
|
data:
|
|
apache_upgrade:
|
|
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
|
|
aodh_api_upgrade:
|
|
- name: Stop aodh_api service (running under httpd)
|
|
tags: step1
|
|
service: name=httpd state=stopped
|