44ef2a3ec1
The new master branch should point now to rocky. So, HOT templates should specify that they might contain features for rocky release [1] Also, this submission updates the yaml validation to use only latest heat_version alias. There are cases in which we will need to set the version for specific templates i.e. mixed versions, so there is added a variable to assign specific templates to specific heat_version aliases, avoiding the introductions of error by bulk replacing the the old version in new releases. [1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#rocky Change-Id: Ib17526d9cc453516d99d4659ee5fa51a5aa7fb4b
185 lines
7.1 KiB
YAML
185 lines
7.1 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
Gnocchi service configured with Puppet
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
GnocchiPassword:
|
|
description: The password for the gnocchi service and db account.
|
|
type: string
|
|
hidden: true
|
|
GnocchiBackend:
|
|
default: swift
|
|
description: The short name of the Gnocchi backend to use. Should be one
|
|
of swift, rbd, file or s3.
|
|
type: string
|
|
constraints:
|
|
- allowed_values: ['swift', 'file', 'rbd', 's3']
|
|
GnocchiIncomingStorageDriver:
|
|
default: redis
|
|
description: Storage driver to use for incoming metric data
|
|
type: string
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
MonitoringSubscriptionGnocchiApi:
|
|
default: 'overcloud-gnocchi-api'
|
|
type: string
|
|
GnocchiApiLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: openstack.gnocchi.api
|
|
path: /var/log/gnocchi/app.log
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
GnocchiApiPolicies:
|
|
description: |
|
|
A hash of policies to configure for Gnocchi API.
|
|
e.g. { gnocchi-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
|
default: {}
|
|
type: json
|
|
|
|
resources:
|
|
|
|
GnocchiServiceBase:
|
|
type: ./gnocchi-base.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
ApacheServiceBase:
|
|
type: ./apache.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
EnableInternalTLS: {get_param: EnableInternalTLS}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Gnocchi role.
|
|
value:
|
|
service_name: gnocchi_api
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
|
- get_attr: [GnocchiServiceBase, role_data, config_settings]
|
|
- tripleo.gnocchi_api.firewall_rules:
|
|
'129 gnocchi-api':
|
|
dport:
|
|
- 8041
|
|
- 13041
|
|
gnocchi::api::enabled: true
|
|
gnocchi::api::enable_proxy_headers_parsing: true
|
|
gnocchi::api::service_name: 'httpd'
|
|
gnocchi::policy::policies: {get_param: GnocchiApiPolicies}
|
|
gnocchi::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword}
|
|
gnocchi::keystone::authtoken::project_name: 'service'
|
|
gnocchi::keystone::authtoken::user_domain_name: 'Default'
|
|
gnocchi::keystone::authtoken::project_domain_name: 'Default'
|
|
gnocchi::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
|
gnocchi::wsgi::apache::servername:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('fqdn_$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
|
|
tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend}
|
|
tripleo::profile::base::gnocchi::api::incoming_storage_driver: {get_param: GnocchiIncomingStorageDriver}
|
|
# NOTE: bind IP is found in hiera replacing the network name with the
|
|
# local node IP for the given network; replacement examples
|
|
# (eg. for internal_api):
|
|
# internal_api -> IP
|
|
# internal_api_uri -> [IP]
|
|
# internal_api_subnet - > IP/CIDR
|
|
gnocchi::wsgi::apache::bind_host:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
|
|
gnocchi::wsgi::apache::wsgi_process_display_name: 'gnocchi_wsgi'
|
|
step_config: |
|
|
include ::tripleo::profile::base::gnocchi::api
|
|
service_config_settings:
|
|
fluentd:
|
|
tripleo_fluentd_groups_gnocchi_api:
|
|
- gnocchi
|
|
tripleo_fluentd_sources_gnocchi_api:
|
|
- {get_param: GnocchiApiLoggingSource}
|
|
keystone:
|
|
gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
|
|
gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
|
|
gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
|
|
gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
|
|
gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
|
|
gnocchi::keystone::auth::tenant: 'service'
|
|
mysql:
|
|
gnocchi::db::mysql::password: {get_param: GnocchiPassword}
|
|
gnocchi::db::mysql::user: gnocchi
|
|
gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
|
gnocchi::db::mysql::dbname: gnocchi
|
|
gnocchi::db::mysql::allowed_hosts:
|
|
- '%'
|
|
- "%{hiera('mysql_bind_host')}"
|
|
metadata_settings:
|
|
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
|
upgrade_tasks:
|
|
list_concat:
|
|
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
|
|
-
|
|
- name: Stop gnocchi_api service (running under httpd)
|
|
when: step|int == 1
|
|
service: name=httpd state=stopped
|
|
- name: get bootstrap nodeid
|
|
tags: common
|
|
command: hiera bootstrap_nodeid
|
|
register: bootstrap_node
|
|
- name: set is_bootstrap_node fact
|
|
tags: common
|
|
set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
|
|
- name: Setup gnocchi db during upgrade
|
|
command: gnocchi-upgrade
|
|
when:
|
|
- step|int == 5
|
|
- is_bootstrap_node|bool
|