0cb5c847f3
If we use variables defined in later step in conditional before checking which step are we on we will fail. Resolves: rhbz#1535457 Closes-Bug: #1743764 Change-Id: Ic21f6eb5c4101f230fa894cd0829a11e2f0ef39b
238 lines
9.5 KiB
YAML
238 lines
9.5 KiB
YAML
heat_template_version: queens
|
|
|
|
description: >
|
|
Openstack Zaqar service. Shared for all Heat services.
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
Debug:
|
|
default: false
|
|
description: Set to True to enable debugging on all services.
|
|
type: boolean
|
|
ZaqarDebug:
|
|
default: ''
|
|
description: Set to True to enable debugging Zaqar service.
|
|
type: string
|
|
constraints:
|
|
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
|
|
ZaqarPassword:
|
|
description: The password for Zaqar
|
|
type: string
|
|
hidden: true
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
ZaqarPolicies:
|
|
description: |
|
|
A hash of policies to configure for Zaqar.
|
|
e.g. { zaqar-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
|
default: {}
|
|
type: json
|
|
ZaqarWorkers:
|
|
type: string
|
|
description: Set the number of workers for zaqar::wsgi::apache
|
|
default: '%{::os_workers}'
|
|
ZaqarMessageStore:
|
|
type: string
|
|
description: The messaging store for Zaqar
|
|
default: mongodb
|
|
ZaqarManagementStore:
|
|
type: string
|
|
description: The management store for Zaqar
|
|
default: mongodb
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
RedisPassword:
|
|
description: The password for the redis service account.
|
|
type: string
|
|
hidden: true
|
|
|
|
conditions:
|
|
zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]}
|
|
service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']}
|
|
zaqar_messaging_store_swift: {equals : [{get_param: ZaqarMessageStore}, 'swift']}
|
|
zaqar_messaging_store_redis: {equals : [{get_param: ZaqarMessageStore}, 'redis']}
|
|
zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']}
|
|
|
|
resources:
|
|
|
|
ApacheServiceBase:
|
|
type: ./apache.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
EnableInternalTLS: {get_param: EnableInternalTLS}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Shared role data for the Zaqar services.
|
|
value:
|
|
service_name: zaqar_api
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
|
- zaqar::policy::policies: {get_param: ZaqarPolicies}
|
|
zaqar::keystone::authtoken::password: {get_param: ZaqarPassword}
|
|
zaqar::keystone::authtoken::project_name: 'service'
|
|
zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
|
zaqar::keystone::trust::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
zaqar::debug:
|
|
if:
|
|
- service_debug_unset
|
|
- {get_param: Debug }
|
|
- {get_param: ZaqarDebug }
|
|
zaqar::server::service_name: 'httpd'
|
|
zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]}
|
|
zaqar::transport::websocket::notification_bind: {get_param: [EndpointMap, ZaqarInternal, host]}
|
|
zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
|
zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
|
zaqar::message_pipeline: 'zaqar.notification.notifier'
|
|
zaqar::unreliable: true
|
|
zaqar::wsgi::apache::servername:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('fqdn_$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
|
zaqar::message_store: {get_param: ZaqarMessageStore}
|
|
zaqar::management_store: {get_param: ZaqarManagementStore}
|
|
-
|
|
if:
|
|
- zaqar_messaging_store_swift
|
|
-
|
|
zaqar::messaging::swift::uri:
|
|
list_join:
|
|
- ''
|
|
- ['swift://zaqar:', {get_param: ZaqarPassword}, '@/service']
|
|
zaqar::messaging::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
|
tripleo::profile::base::zaqar::messaging_store: 'swift'
|
|
- {}
|
|
-
|
|
if:
|
|
- zaqar_messaging_store_redis
|
|
-
|
|
zaqar_redis_password: {get_param: RedisPassword}
|
|
tripleo::profile::base::zaqar::messaging_store: 'redis'
|
|
- {}
|
|
-
|
|
if:
|
|
- zaqar_management_store_sqlalchemy
|
|
-
|
|
tripleo::profile::base::zaqar::management_store: 'sqlalchemy'
|
|
zaqar::management::sqlalchemy::uri:
|
|
make_url:
|
|
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
|
|
username: zaqar
|
|
password: {get_param: ZaqarPassword}
|
|
host: {get_param: [EndpointMap, MysqlInternal, host]}
|
|
path: /zaqar
|
|
query:
|
|
read_default_file: /etc/my.cnf.d/tripleo.cnf
|
|
read_default_group: tripleo
|
|
- {}
|
|
-
|
|
if:
|
|
- zaqar_workers_zero
|
|
- {}
|
|
- zaqar::wsgi::apache::workers: {get_param: ZaqarWorkers}
|
|
service_config_settings:
|
|
map_merge:
|
|
- keystone:
|
|
zaqar::keystone::auth::password: {get_param: ZaqarPassword}
|
|
zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]}
|
|
zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]}
|
|
zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]}
|
|
zaqar::keystone::auth::region: {get_param: KeystoneRegion}
|
|
zaqar::keystone::auth::tenant: 'service'
|
|
zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword}
|
|
zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]}
|
|
zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]}
|
|
zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
|
|
zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion}
|
|
zaqar::keystone::auth_websocket::tenant: 'service'
|
|
zaqar::keystone::trust::password: {get_param: ZaqarPassword}
|
|
zaqar::keystone::trust::user_domain_name: 'Default'
|
|
-
|
|
if:
|
|
- zaqar_management_store_sqlalchemy
|
|
- mysql:
|
|
zaqar::db::mysql::user: zaqar
|
|
zaqar::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
|
zaqar::db::mysql::dbname: zaqar
|
|
zaqar::db::mysql::password: {get_param: ZaqarPassword}
|
|
zaqar::db::mysql::allowed_hosts:
|
|
- '%'
|
|
- "%{hiera('mysql_bind_host')}"
|
|
- {}
|
|
step_config: |
|
|
include ::tripleo::profile::base::zaqar
|
|
metadata_settings:
|
|
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
|
upgrade_tasks:
|
|
list_concat:
|
|
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
|
|
-
|
|
- name: Check if zaqar is deployed
|
|
command: systemctl is-enabled openstack-zaqar
|
|
tags: common
|
|
ignore_errors: True
|
|
register: zaqar_enabled
|
|
- name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
|
|
shell: >
|
|
/usr/bin/systemctl show 'openstack-zaqar' --property ActiveState |
|
|
grep '\bactive\b'
|
|
when:
|
|
- step|int == 0
|
|
- zaqar_enabled.rc == 0
|
|
tags: validation
|
|
- name: Check for zaqar running under apache (post upgrade)
|
|
when: step|int == 1
|
|
shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi"
|
|
register: zaqar_apache
|
|
ignore_errors: true
|
|
- name: Stop zaqar service (running under httpd)
|
|
service: name=httpd state=stopped
|
|
when:
|
|
- step|int == 1
|
|
- zaqar_apache.rc == 0
|
|
- name: Stop and disable zaqar service (pre-upgrade not under httpd)
|
|
when:
|
|
- step|int == 1
|
|
- zaqar_enabled.rc == 0
|
|
service: name=openstack-zaqar state=stopped enabled=no
|
|
- name: Install openstack-zaqar package if it was disabled
|
|
yum: name=openstack-zaqar state=latest
|
|
when:
|
|
- step|int == 3
|
|
- zaqar_enabled.rc != 0
|