fb0e8f62fc
With the upgrade to puppet 5, we can no longer use dots in the hieradata key lookups. This change updates the THT for firewall_rules, haproxy_endpoints and haproxy_userlists to use the colon notation. Change-Id: I6f67153e04aed191acb715fe8cfa976ee2e75878 Related-Bug: #1803024
147 lines
5.1 KiB
YAML
147 lines
5.1 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
RabbitMQ service for messaging RPCs configured with Puppet
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
RpcPort:
|
|
default: 5672
|
|
description: The network port for messaging backend
|
|
type: number
|
|
RpcUserName:
|
|
default: guest
|
|
description: The username for messaging backend
|
|
type: string
|
|
RpcPassword:
|
|
description: The password for messaging backend
|
|
type: string
|
|
hidden: true
|
|
RpcUseSSL:
|
|
default: false
|
|
description: >
|
|
Messaging client subscriber parameter to specify
|
|
an SSL connection to the messaging host.
|
|
type: string
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
|
|
resources:
|
|
RabbitMQServiceBase:
|
|
type: ../rabbitmq.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
conditions:
|
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the OsloMessagingRpc role.
|
|
value:
|
|
service_name: oslo_messaging_rpc
|
|
monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]}
|
|
global_config_settings:
|
|
map_merge:
|
|
- get_attr: [RabbitMQServiceBase, role_data, global_config_settings]
|
|
- oslo_messaging_rpc_scheme: rabbit
|
|
oslo_messaging_rpc_user_name: {get_param: RpcUserName}
|
|
oslo_messaging_rpc_password: {get_param: RpcPassword}
|
|
oslo_messaging_rpc_use_ssl: {get_param: RpcUseSSL}
|
|
oslo_messaging_rpc_port: {get_param: RpcPort }
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [RabbitMQServiceBase, role_data, config_settings]
|
|
- rabbitmq::default_user: {get_param: RpcUserName}
|
|
rabbitmq::default_pass: {get_param: RpcPassword}
|
|
tripleo::oslo_messaging_rpc::firewall_rules:
|
|
'109 rabbitmq':
|
|
dport:
|
|
- 4369
|
|
- {get_param: RpcPort}
|
|
- 25672
|
|
rabbitmq::port: {get_param: RpcPort}
|
|
rabbitmq::interface:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
|
rabbitmq::ssl: {get_param: EnableInternalTLS}
|
|
rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
|
|
rabbitmq::ssl_port: {get_param: RpcPort}
|
|
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
|
|
rabbitmq::ssl_interface:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
|
tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}
|
|
-
|
|
if:
|
|
- internal_tls_enabled
|
|
- generate_service_certificates: true
|
|
tripleo::profile::base::rabbitmq::certificate_specs:
|
|
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
|
service_key: '/etc/pki/tls/private/rabbitmq.key'
|
|
hostname:
|
|
str_replace:
|
|
template: "%{hiera('fqdn_NETWORK')}"
|
|
params:
|
|
NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
|
principal:
|
|
str_replace:
|
|
template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
|
|
params:
|
|
NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
|
- {}
|
|
step_config: |
|
|
include ::tripleo::profile::base::rabbitmq
|
|
upgrade_tasks:
|
|
- name: Stop rabbitmq service
|
|
when: step|int == 2
|
|
service: name=rabbitmq-server state=stopped
|
|
- name: Start rabbitmq service
|
|
when: step|int == 4
|
|
service: name=rabbitmq-server state=started
|
|
metadata_settings:
|
|
if:
|
|
- internal_tls_enabled
|
|
-
|
|
- service: rabbitmq
|
|
network: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
|
type: node
|
|
- null
|