Heat templates for deploying OpenStack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

260 lines
10 KiB

heat_template_version: queens
description: >
Openstack Zaqar service. Shared for all Heat services.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
Debug:
default: false
description: Set to True to enable debugging on all services.
type: boolean
ZaqarDebug:
default: ''
description: Set to True to enable debugging Zaqar service.
type: string
constraints:
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
ZaqarPassword:
description: The password for Zaqar
type: string
hidden: true
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
ZaqarPolicies:
description: |
A hash of policies to configure for Zaqar.
e.g. { zaqar-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
ZaqarWorkers:
type: string
description: Set the number of workers for zaqar::wsgi::apache
default: '%{::os_workers}'
ZaqarMessageStore:
type: string
description: The messaging store for Zaqar
default: mongodb
ZaqarManagementStore:
type: string
description: The management store for Zaqar
default: mongodb
EnableInternalTLS:
type: boolean
default: false
RedisPassword:
description: The password for the redis service account.
type: string
hidden: true
conditions:
zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]}
service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']}
zaqar_messaging_store_swift: {equals : [{get_param: ZaqarMessageStore}, 'swift']}
zaqar_messaging_store_redis: {equals : [{get_param: ZaqarMessageStore}, 'redis']}
zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']}
resources:
ApacheServiceBase:
type: ./apache.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
EnableInternalTLS: {get_param: EnableInternalTLS}
outputs:
role_data:
description: Shared role data for the Zaqar services.
value:
service_name: zaqar_api
config_settings:
map_merge:
- get_attr: [ApacheServiceBase, role_data, config_settings]
- zaqar::policy::policies: {get_param: ZaqarPolicies}
zaqar::keystone::authtoken::password: {get_param: ZaqarPassword}
zaqar::keystone::authtoken::project_name: 'service'
zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
zaqar::keystone::trust::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
zaqar::logging::debug:
if:
- service_debug_unset
- {get_param: Debug }
- {get_param: ZaqarDebug }
zaqar::server::service_name: 'httpd'
zaqar::transport::websocket::bind:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
zaqar::transport::websocket::notification_bind:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS}
zaqar::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
zaqar::message_pipeline: 'zaqar.notification.notifier'
zaqar::max_messages_post_size: 1048576
zaqar::unreliable: true
zaqar::wsgi::apache::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
zaqar::message_store: {get_param: ZaqarMessageStore}
zaqar::management_store: {get_param: ZaqarManagementStore}
-
if:
- zaqar_messaging_store_swift
-
zaqar::messaging::swift::uri:
list_join:
- ''
- ['swift://zaqar:', {get_param: ZaqarPassword}, '@/service']
zaqar::messaging::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
tripleo::profile::base::zaqar::messaging_store: 'swift'
- {}
-
if:
- zaqar_messaging_store_redis
-
zaqar_redis_password: {get_param: RedisPassword}
tripleo::profile::base::zaqar::messaging_store: 'redis'
- {}
-
if:
- zaqar_management_store_sqlalchemy
-
tripleo::profile::base::zaqar::management_store: 'sqlalchemy'
zaqar::management::sqlalchemy::uri:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
username: zaqar
password: {get_param: ZaqarPassword}
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /zaqar
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
- {}
-
if:
- zaqar_workers_zero
- {}
- zaqar::wsgi::apache::workers: {get_param: ZaqarWorkers}
service_config_settings:
map_merge:
- keystone:
zaqar::keystone::auth::password: {get_param: ZaqarPassword}
zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]}
zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]}
zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]}
zaqar::keystone::auth::region: {get_param: KeystoneRegion}
zaqar::keystone::auth::tenant: 'service'
zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword}
zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]}
zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]}
zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion}
zaqar::keystone::auth_websocket::tenant: 'service'
zaqar::keystone::trust::password: {get_param: ZaqarPassword}
zaqar::keystone::trust::user_domain_name: 'Default'
tripleo.zaqar_api.firewall_rules:
'113 zaqar_api':
dport:
- 9000
- 8888
- 3000 #SSL for websocket
- 13888 #SSL for api
-
if:
- zaqar_management_store_sqlalchemy
- mysql:
zaqar::db::mysql::user: zaqar
zaqar::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
zaqar::db::mysql::dbname: zaqar
zaqar::db::mysql::password: {get_param: ZaqarPassword}
zaqar::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
- {}
step_config: |
include ::tripleo::profile::base::zaqar
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
list_concat:
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
-
- name: Check if zaqar is deployed
command: systemctl is-enabled openstack-zaqar
tags: common
ignore_errors: True
register: zaqar_enabled
- name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
shell: >
/usr/bin/systemctl show 'openstack-zaqar' --property ActiveState |
grep '\bactive\b'
when:
- step|int == 0
- zaqar_enabled.rc == 0
tags: validation
- name: Check for zaqar running under apache (post upgrade)
when: step|int == 1
shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi"
register: zaqar_apache
ignore_errors: true
- name: Stop zaqar service (running under httpd)
service: name=httpd state=stopped
when:
- step|int == 1
- zaqar_apache.rc == 0
- name: Stop and disable zaqar service (pre-upgrade not under httpd)
when:
- step|int == 1
- zaqar_enabled.rc == 0
service: name=openstack-zaqar state=stopped enabled=no
- name: Install openstack-zaqar package if it was disabled
yum: name=openstack-zaqar state=latest
when:
- step|int == 3
- zaqar_enabled.rc != 0