tripleo-heat-templates/deployment/heat/heat-base-puppet.yaml

heat_template_version: wallaby

description: >
  Openstack Heat base service. Shared for all Heat services.  

parameters:
  Debug:
    default: false
    description: Set to True to enable debugging on all services.
    type: boolean
  HeatDebug:
    default: false
    description: Set to True to enable debugging Heat services.
    type: boolean
  ServiceData:
    default: {}
    description: Dictionary packing service data
    type: json
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry. Use
                 parameter_merge_strategies to merge it with the defaults.
    type: json
  HeatPassword:
    description: The password for the Heat service and db account, used by the Heat services.
    type: string
    hidden: true
  KeystoneRegion:
    type: string
    default: 'regionOne'
    description: Keystone region for endpoint
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  EnableCache:
    description: Enable caching with memcached
    type: boolean
    default: true
  HeatCronPurgeDeletedEnsure:
    type: string
    description: >
        Cron to purge db entries marked as deleted and older than $age - Ensure        
    default: 'present'
  HeatCronPurgeDeletedMinute:
    type: string
    description: >
        Cron to purge db entries marked as deleted and older than $age - Minute        
    default: '1'
  HeatCronPurgeDeletedHour:
    type: string
    description: >
        Cron to purge db entries marked as deleted and older than $age - Hour        
    default: '0'
  HeatCronPurgeDeletedMonthday:
    type: string
    description: >
        Cron to purge db entries marked as deleted and older than $age - Month Day        
    default: '*'
  HeatCronPurgeDeletedMonth:
    type: string
    description: >
        Cron to purge db entries marked as deleted and older than $age - Month        
    default: '*'
  HeatCronPurgeDeletedWeekday:
    type: string
    description: >
        Cron to purge db entries marked as deleted and older than $age - Week Day        
    default: '*'
  HeatCronPurgeDeletedMaxDelay:
    type: string
    description: >
        Cron to purge db entries marked as deleted and older than $age - Max Delay        
    default: '3600'
  HeatCronPurgeDeletedUser:
    type: string
    description: >
        Cron to purge db entries marked as deleted and older than $age - User        
    default: 'heat'
  HeatCronPurgeDeletedAge:
    type: string
    description: >
        Cron to purge db entries marked as deleted and older than $age - Age        
    default: '30'
  HeatCronPurgeDeletedAgeType:
    type: string
    description: >
        Cron to purge db entries marked as deleted and older than $age - Age type        
    default: 'days'
  HeatCronPurgeDeletedDestination:
    type: string
    description: >
        Cron to purge db entries marked as deleted and older than $age - Log destination        
    default: '/dev/null'
  HeatYaqlLimitIterators:
    type: number
    description: >
        The maximum number of elements in collection yaql expressions can take
        for its evaluation.        
    default: 1000
  HeatYaqlMemoryQuota:
    type: number
    description: >
        The maximum size of memory in bytes that yaql expressions can take for
        its evaluation.        
    default: 100000
  HeatMaxJsonBodySize:
    default: 4194304
    description: Maximum raw byte size of the Heat API JSON request body.
    type: number
  NotificationDriver:
    type: comma_delimited_list
    default: 'noop'
    description: Driver or drivers to handle sending notifications.
  HeatCorsAllowedOrigin:
    type: string
    default: ''
    description: Indicate whether this resource may be shared with the domain received in the request
                 "origin" header.
  HeatRpcResponseTimeout:
    default: 600
    description: Heat's RPC response timeout, in seconds.
    type: number
  MemcachedTLS:
    default: false
    description: Set to True to enable TLS on Memcached service.
                 Because not all services support Memcached TLS, during the
                 migration period, Memcached will listen on 2 ports - on the
                 port set with MemcachedPort parameter (above) and on 11211,
                 without TLS.
    type: boolean
  MemcacheUseAdvancedPool:
    type: boolean
    description: |
      Use the advanced (eventlet safe) memcached client pool.      
    default: true
  EnforceSecureRbac:
    type: boolean
    default: false
    description: >-
      Setting this option to True will configure each OpenStack service to
      enforce Secure RBAC by setting `[oslo_policy] enforce_new_defaults` and
      `[oslo_policy] enforce_scope` to True. This introduces a consistent set
      of RBAC personas across OpenStack services that include support for
      system and project scope, as well as keystone's default roles, admin,
      member, and reader. Do not enable this functionality until all services in
      your deployment actually support secure RBAC.      

conditions:
  tls_cache_enabled:
    and:
      - {get_param: EnableCache}
      - {get_param: MemcachedTLS}
  cors_allowed_origin_set:
    not: {equals : [{get_param: HeatCorsAllowedOrigin}, '']}

outputs:
  role_data:
    description: Shared role data for the Heat services.
    value:
      service_name: heat_base
      config_settings:
        map_merge:
          - if:
            - {get_param: EnforceSecureRbac}
            - heat::policy::enforce_scope: true
              heat::policy::enforce_new_defaults: true
          - if:
            - cors_allowed_origin_set
            - heat::cors::allowed_origin: {get_param: HeatCorsAllowedOrigin}
          - heat::notification_driver: {get_param: NotificationDriver}
            heat::logging::debug:
              if:
              - {get_param: HeatDebug}
              - true
              - {get_param: Debug}
            heat::enable_proxy_headers_parsing: true
            heat::rpc_response_timeout: {get_param: HeatRpcResponseTimeout}
            heat::rabbit_heartbeat_timeout_threshold: 60
            heat::region_name: {get_param: KeystoneRegion}
            heat::keystone::authtoken::project_name: 'service'
            heat::keystone::authtoken::user_domain_name: 'Default'
            heat::keystone::authtoken::project_domain_name: 'Default'
            heat::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
            heat::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
            heat::keystone::authtoken::password: {get_param: HeatPassword}
            heat::keystone::authtoken::region_name: {get_param: KeystoneRegion}
            heat::keystone::authtoken::interface: 'internal'
            heat::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
            heat::keystone::domain::domain_name: 'heat_stack'
            heat::keystone::domain::domain_admin: 'heat_stack_domain_admin'
            heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost'
            heat::db::database_db_max_retries: -1
            heat::db::database_max_retries: -1
            heat::db::sync_db: false
            heat::yaql_memory_quota: {get_param: HeatYaqlMemoryQuota}
            heat::yaql_limit_iterators: {get_param: HeatYaqlLimitIterators}
            heat::cors::max_age: 3600
            heat::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
            heat::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
            heat::cron::purge_deleted::ensure: {get_param: HeatCronPurgeDeletedEnsure}
            heat::cron::purge_deleted::minute: {get_param: HeatCronPurgeDeletedMinute}
            heat::cron::purge_deleted::hour: {get_param: HeatCronPurgeDeletedHour}
            heat::cron::purge_deleted::monthday: {get_param: HeatCronPurgeDeletedMonthday}
            heat::cron::purge_deleted::month: {get_param: HeatCronPurgeDeletedMonth}
            heat::cron::purge_deleted::weekday: {get_param: HeatCronPurgeDeletedWeekday}
            heat::cron::purge_deleted::maxdelay: {get_param: HeatCronPurgeDeletedMaxDelay}
            heat::cron::purge_deleted::user: {get_param: HeatCronPurgeDeletedUser}
            heat::cron::purge_deleted::age: {get_param: HeatCronPurgeDeletedAge}
            heat::cron::purge_deleted::age_type: {get_param: HeatCronPurgeDeletedAgeType}
            heat::cron::purge_deleted::destination: {get_param: HeatCronPurgeDeletedDestination}
            heat::max_json_body_size: {get_param: HeatMaxJsonBodySize}
            heat::trustee::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
            heat::trustee::user_domain_name: 'Default'
          - heat::cache::enabled: {get_param: EnableCache}
            heat::cache::tls_enabled: {get_param: MemcachedTLS}
            heat::cache::resource_finder_caching: false
          - if:
              - tls_cache_enabled
              - heat::cache::backend: 'dogpile.cache.pymemcache'
                heat::cache::enable_socket_keepalive: true
              - heat::cache::backend: 'dogpile.cache.memcached'