openstack/tripleo-heat-templates
Code Issues Proposed changes
3f52eb5b4c
tripleo-heat-templates/puppet/services/mistral-api.yaml
Alex Schultz fb0e8f62fc Convert dynamic lookups to use colon notation 
With the upgrade to puppet 5, we can no longer use dots in the hieradata
key lookups. This change updates the THT for firewall_rules,
haproxy_endpoints and haproxy_userlists to use the colon notation.

Change-Id: I6f67153e04aed191acb715fe8cfa976ee2e75878
Related-Bug: #1803024
2018-11-12 21:21:49 -07:00

164 lines
6.2 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
Openstack Mistral API service configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
MistralWorkers:
default: 1
description: The number of workers for the mistral-api.
type: number
MistralApiPolicies:
description: |
A hash of policies to configure for Mistral API.
e.g. { mistral-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
EnableInternalTLS:
type: boolean
default: false
MistralExecutionInterval:
default: 600
description: This setting defines how frequently Mistral checks for cron
triggers that need execution. The default is 10 minutes and
reduces the load that is has on the system.
type: number
MistralCorsAllowedOrigin:
type: string
default: ''
description: Indicate whether this resource may be shared with the domain received in the request
"origin" header.
conditions:
mistral_workers_zero: {equals : [{get_param: MistralWorkers}, 0]}
cors_allowed_origin_unset: {equals : [{get_param: MistralCorsAllowedOrigin}, '']}
resources:
ApacheServiceBase:
type: ./apache.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
EnableInternalTLS: {get_param: EnableInternalTLS}
MistralBase:
type: ./mistral-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Mistral API role.
value:
service_name: mistral_api
config_settings:
map_merge:
- get_attr: [MistralBase, role_data, config_settings]
-
if:
- cors_allowed_origin_unset
- {}
- mistral::cors::allowed_origin: {get_param: MistralCorsAllowedOrigin}
- mistral::api::api_workers: {get_param: MistralWorkers}
mistral::api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
mistral::wsgi::apache::ssl: {get_param: EnableInternalTLS}
mistral::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
mistral::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
mistral::policy::policies: {get_param: MistralApiPolicies}
mistral::cron_trigger::execution_interval: {get_param: MistralExecutionInterval}
mistral::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
mistral::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
mistral::api::allow_action_execution_deletion: true
tripleo::mistral_api::firewall_rules:
'133 mistral':
dport:
- 8989
- 13989
mistral::api::service_name: 'httpd'
mistral::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
mistral::wsgi::apache::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
- if:
- mistral_workers_zero
- {}
- mistral::wsgi::apache::workers: {get_param: MistralWorkers}
service_config_settings:
get_attr: [MistralBase, role_data, service_config_settings]
step_config: |
include ::tripleo::profile::base::mistral::api
upgrade_tasks:
- name: Check if mistral api is deployed
command: systemctl is-enabled openstack-mistral-api
tags: common
ignore_errors: True
register: mistral_api_enabled
- name: "PreUpgrade step0,validation: Check if openstack-mistral-api is running"
shell: >
/usr/bin/systemctl show 'openstack-mistral-api' --property ActiveState |
grep '\bactive\b'
when:
- step|int == 0
- mistral_api_enabled.rc == 0
tags: validation
- name: check for mistral_api running under apache (post upgrade)
when: step|int == 1
shell: "httpd -t -D DUMP_VHOSTS | grep -q mistral_api_wsgi"
register: mistral_api_apache
ignore_errors: true
- name: Stop mistral_api service (running under httpd)
service: name=httpd state=stopped
when:
- step|int == 1
- mistral_api_apache.rc == 0
- name: Stop and disable mistral_api service (pre-upgrade not under httpd)
when:
- step|int == 1
- mistral_api_enabled.rc == 0
service: name=openstack-mistral-api state=stopped enabled=no
View Git Blame Copy Permalink