You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
260 lines
10 KiB
260 lines
10 KiB
heat_template_version: queens |
|
|
|
description: > |
|
Openstack Zaqar service. Shared for all Heat services. |
|
|
|
parameters: |
|
ServiceData: |
|
default: {} |
|
description: Dictionary packing service data |
|
type: json |
|
ServiceNetMap: |
|
default: {} |
|
description: Mapping of service_name -> network name. Typically set |
|
via parameter_defaults in the resource registry. This |
|
mapping overrides those in ServiceNetMapDefaults. |
|
type: json |
|
EndpointMap: |
|
default: {} |
|
description: Mapping of service endpoint -> protocol. Typically set |
|
via parameter_defaults in the resource registry. |
|
type: json |
|
DefaultPasswords: |
|
default: {} |
|
type: json |
|
RoleName: |
|
default: '' |
|
description: Role name on which the service is applied |
|
type: string |
|
RoleParameters: |
|
default: {} |
|
description: Parameters specific to the role |
|
type: json |
|
Debug: |
|
default: false |
|
description: Set to True to enable debugging on all services. |
|
type: boolean |
|
ZaqarDebug: |
|
default: '' |
|
description: Set to True to enable debugging Zaqar service. |
|
type: string |
|
constraints: |
|
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE'] |
|
ZaqarPassword: |
|
description: The password for Zaqar |
|
type: string |
|
hidden: true |
|
KeystoneRegion: |
|
type: string |
|
default: 'regionOne' |
|
description: Keystone region for endpoint |
|
ZaqarPolicies: |
|
description: | |
|
A hash of policies to configure for Zaqar. |
|
e.g. { zaqar-context_is_admin: { key: context_is_admin, value: 'role:admin' } } |
|
default: {} |
|
type: json |
|
ZaqarWorkers: |
|
type: string |
|
description: Set the number of workers for zaqar::wsgi::apache |
|
default: '%{::os_workers}' |
|
ZaqarMessageStore: |
|
type: string |
|
description: The messaging store for Zaqar |
|
default: mongodb |
|
ZaqarManagementStore: |
|
type: string |
|
description: The management store for Zaqar |
|
default: mongodb |
|
EnableInternalTLS: |
|
type: boolean |
|
default: false |
|
RedisPassword: |
|
description: The password for the redis service account. |
|
type: string |
|
hidden: true |
|
|
|
conditions: |
|
zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]} |
|
service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']} |
|
zaqar_messaging_store_swift: {equals : [{get_param: ZaqarMessageStore}, 'swift']} |
|
zaqar_messaging_store_redis: {equals : [{get_param: ZaqarMessageStore}, 'redis']} |
|
zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']} |
|
|
|
resources: |
|
|
|
ApacheServiceBase: |
|
type: ./apache.yaml |
|
properties: |
|
ServiceData: {get_param: ServiceData} |
|
ServiceNetMap: {get_param: ServiceNetMap} |
|
DefaultPasswords: {get_param: DefaultPasswords} |
|
EndpointMap: {get_param: EndpointMap} |
|
EnableInternalTLS: {get_param: EnableInternalTLS} |
|
|
|
outputs: |
|
role_data: |
|
description: Shared role data for the Zaqar services. |
|
value: |
|
service_name: zaqar_api |
|
config_settings: |
|
map_merge: |
|
- get_attr: [ApacheServiceBase, role_data, config_settings] |
|
- zaqar::policy::policies: {get_param: ZaqarPolicies} |
|
zaqar::keystone::authtoken::password: {get_param: ZaqarPassword} |
|
zaqar::keystone::authtoken::project_name: 'service' |
|
zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} |
|
zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} |
|
zaqar::keystone::trust::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} |
|
zaqar::logging::debug: |
|
if: |
|
- service_debug_unset |
|
- {get_param: Debug } |
|
- {get_param: ZaqarDebug } |
|
zaqar::server::service_name: 'httpd' |
|
zaqar::transport::websocket::bind: |
|
str_replace: |
|
template: |
|
"%{hiera('$NETWORK')}" |
|
params: |
|
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]} |
|
zaqar::transport::websocket::notification_bind: |
|
str_replace: |
|
template: |
|
"%{hiera('$NETWORK')}" |
|
params: |
|
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]} |
|
zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS} |
|
zaqar::wsgi::apache::bind_host: |
|
str_replace: |
|
template: |
|
"%{hiera('$NETWORK')}" |
|
params: |
|
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]} |
|
zaqar::message_pipeline: 'zaqar.notification.notifier' |
|
zaqar::max_messages_post_size: 1048576 |
|
zaqar::unreliable: true |
|
zaqar::wsgi::apache::servername: |
|
str_replace: |
|
template: |
|
"%{hiera('fqdn_$NETWORK')}" |
|
params: |
|
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]} |
|
zaqar::message_store: {get_param: ZaqarMessageStore} |
|
zaqar::management_store: {get_param: ZaqarManagementStore} |
|
- |
|
if: |
|
- zaqar_messaging_store_swift |
|
- |
|
zaqar::messaging::swift::uri: |
|
list_join: |
|
- '' |
|
- ['swift://zaqar:', {get_param: ZaqarPassword}, '@/service'] |
|
zaqar::messaging::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } |
|
tripleo::profile::base::zaqar::messaging_store: 'swift' |
|
- {} |
|
- |
|
if: |
|
- zaqar_messaging_store_redis |
|
- |
|
zaqar_redis_password: {get_param: RedisPassword} |
|
tripleo::profile::base::zaqar::messaging_store: 'redis' |
|
- {} |
|
- |
|
if: |
|
- zaqar_management_store_sqlalchemy |
|
- |
|
tripleo::profile::base::zaqar::management_store: 'sqlalchemy' |
|
zaqar::management::sqlalchemy::uri: |
|
make_url: |
|
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} |
|
username: zaqar |
|
password: {get_param: ZaqarPassword} |
|
host: {get_param: [EndpointMap, MysqlInternal, host]} |
|
path: /zaqar |
|
query: |
|
read_default_file: /etc/my.cnf.d/tripleo.cnf |
|
read_default_group: tripleo |
|
- {} |
|
- |
|
if: |
|
- zaqar_workers_zero |
|
- {} |
|
- zaqar::wsgi::apache::workers: {get_param: ZaqarWorkers} |
|
service_config_settings: |
|
map_merge: |
|
- keystone: |
|
zaqar::keystone::auth::password: {get_param: ZaqarPassword} |
|
zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]} |
|
zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]} |
|
zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]} |
|
zaqar::keystone::auth::region: {get_param: KeystoneRegion} |
|
zaqar::keystone::auth::tenant: 'service' |
|
zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword} |
|
zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]} |
|
zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]} |
|
zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]} |
|
zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion} |
|
zaqar::keystone::auth_websocket::tenant: 'service' |
|
zaqar::keystone::trust::password: {get_param: ZaqarPassword} |
|
zaqar::keystone::trust::user_domain_name: 'Default' |
|
tripleo.zaqar_api.firewall_rules: |
|
'113 zaqar_api': |
|
dport: |
|
- 9000 |
|
- 8888 |
|
- 3000 #SSL for websocket |
|
- 13888 #SSL for api |
|
- |
|
if: |
|
- zaqar_management_store_sqlalchemy |
|
- mysql: |
|
zaqar::db::mysql::user: zaqar |
|
zaqar::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} |
|
zaqar::db::mysql::dbname: zaqar |
|
zaqar::db::mysql::password: {get_param: ZaqarPassword} |
|
zaqar::db::mysql::allowed_hosts: |
|
- '%' |
|
- "%{hiera('mysql_bind_host')}" |
|
- {} |
|
step_config: | |
|
include ::tripleo::profile::base::zaqar |
|
metadata_settings: |
|
get_attr: [ApacheServiceBase, role_data, metadata_settings] |
|
upgrade_tasks: |
|
list_concat: |
|
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks] |
|
- |
|
- name: Check if zaqar is deployed |
|
command: systemctl is-enabled openstack-zaqar |
|
tags: common |
|
ignore_errors: True |
|
register: zaqar_enabled |
|
- name: "PreUpgrade step0,validation: Check if openstack-zaqar is running" |
|
shell: > |
|
/usr/bin/systemctl show 'openstack-zaqar' --property ActiveState | |
|
grep '\bactive\b' |
|
when: |
|
- step|int == 0 |
|
- zaqar_enabled.rc == 0 |
|
tags: validation |
|
- name: Check for zaqar running under apache (post upgrade) |
|
when: step|int == 1 |
|
shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi" |
|
register: zaqar_apache |
|
ignore_errors: true |
|
- name: Stop zaqar service (running under httpd) |
|
service: name=httpd state=stopped |
|
when: |
|
- step|int == 1 |
|
- zaqar_apache.rc == 0 |
|
- name: Stop and disable zaqar service (pre-upgrade not under httpd) |
|
when: |
|
- step|int == 1 |
|
- zaqar_enabled.rc == 0 |
|
service: name=openstack-zaqar state=stopped enabled=no |
|
- name: Install openstack-zaqar package if it was disabled |
|
yum: name=openstack-zaqar state=latest |
|
when: |
|
- step|int == 3 |
|
- zaqar_enabled.rc != 0
|
|
|