openstack/tripleo-heat-templates
Code Issues Proposed changes
9b79a9bc74
tripleo-heat-templates/puppet/services/gnocchi-api.yaml
Giulio Fidente baf6eee501 Adds network/cidr mapping into a new service property 
Makes it possible to resolve network subnets within a service
template; the data is transported into a new property ServiceData
wired into every service which hopefully is generic enough to
be extended in the future and transport more data.

Data can be consumed in service templates to set config values
which need to know what is the subnet where a deamon operates (for
example the Ceph Public vs Cluster network).

Change-Id: I28e21c46f1ef609517175f7e7ee19e28d1c0cba2
2017-07-14 13:44:04 +02:00

163 lines
6.2 KiB
YAML
Raw Blame History

heat_template_version: pike
description: >
Gnocchi service configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
GnocchiPassword:
description: The password for the gnocchi service and db account.
type: string
hidden: true
GnocchiBackend:
default: swift
description: The short name of the Gnocchi backend to use. Should be one
of swift, rbd, or file
type: string
constraints:
- allowed_values: ['swift', 'file', 'rbd']
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
MonitoringSubscriptionGnocchiApi:
default: 'overcloud-gnocchi-api'
type: string
GnocchiApiLoggingSource:
type: json
default:
tag: openstack.gnocchi.api
path: /var/log/gnocchi/app.log
EnableInternalTLS:
type: boolean
default: false
GnocchiApiPolicies:
description: |
A hash of policies to configure for Gnocchi API.
e.g. { gnocchi-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
resources:
GnocchiServiceBase:
type: ./gnocchi-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
ApacheServiceBase:
type: ./apache.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
EnableInternalTLS: {get_param: EnableInternalTLS}
outputs:
role_data:
description: Role data for the Gnocchi role.
value:
service_name: gnocchi_api
monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi}
logging_source: {get_param: GnocchiApiLoggingSource}
logging_groups:
- gnocchi
config_settings:
map_merge:
- get_attr: [ApacheServiceBase, role_data, config_settings]
- get_attr: [GnocchiServiceBase, role_data, config_settings]
- tripleo.gnocchi_api.firewall_rules:
'129 gnocchi-api':
dport:
- 8041
- 13041
gnocchi::api::enabled: true
gnocchi::api::enable_proxy_headers_parsing: true
gnocchi::api::service_name: 'httpd'
gnocchi::policy::policies: {get_param: GnocchiApiPolicies}
gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword}
gnocchi::keystone::authtoken::project_name: 'service'
gnocchi::keystone::authtoken::user_domain_name: 'Default'
gnocchi::keystone::authtoken::project_domain_name: 'Default'
gnocchi::wsgi::apache::ssl: {get_param: EnableInternalTLS}
gnocchi::wsgi::apache::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend}
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
gnocchi::wsgi::apache::wsgi_process_display_name: 'gnocchi_wsgi'
step_config: |
include ::tripleo::profile::base::gnocchi::api
service_config_settings:
keystone:
gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
gnocchi::keystone::auth::tenant: 'service'
mysql:
gnocchi::db::mysql::password: {get_param: GnocchiPassword}
gnocchi::db::mysql::user: gnocchi
gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
gnocchi::db::mysql::dbname: gnocchi
gnocchi::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
yaql:
expression: $.data.apache_upgrade + $.data.gnocchi_api_upgrade
data:
apache_upgrade:
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
gnocchi_api_upgrade:
- name: Stop gnocchi_api service (running under httpd)
tags: step1
service: name=httpd state=stopped
View Git Blame Copy Permalink