tripleo-heat-templates/puppet/services/ironic-api.yaml

heat_template_version: ocata

description: >
  OpenStack Ironic API configured with Puppet  

parameters:
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  IronicPassword:
    description: The password for the Ironic service and db account, used by the Ironic services
    type: string
    hidden: true
  MonitoringSubscriptionIronicApi:
    default: 'overcloud-ironic-api'
    type: string
  KeystoneRegion:
    type: string
    default: 'regionOne'
    description: Keystone region for endpoint

resources:
  IronicBase:
    type: ./ironic-base.yaml
    properties:
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      EndpointMap: {get_param: EndpointMap}

outputs:
  role_data:
    description: Role data for the Ironic API role.
    value:
      service_name: ironic_api
      monitoring_subscription: {get_param: MonitoringSubscriptionIronicApi}
      config_settings:
        map_merge:
          - get_attr: [IronicBase, role_data, config_settings]
          - ironic::api::authtoken::password: {get_param: IronicPassword}
            ironic::api::authtoken::project_name: 'service'
            ironic::api::authtoken::username: 'ironic'
            ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
            ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
            # NOTE: bind IP is found in Heat replacing the network name with the
            # local node IP for the given network; replacement examples
            # (eg. for internal_api):
            # internal_api -> IP
            # internal_api_uri -> [IP]
            # internal_api_subnet - > IP/CIDR
            ironic::api::host_ip: {get_param: [ServiceNetMap, IronicApiNetwork]}
            ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
            # This is used to build links in responses
            ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
            tripleo.ironic_api.firewall_rules:
              '133 ironic api':
                dport:
                  - 6385
                  - 13385
      step_config: |
        include ::tripleo::profile::base::ironic::api        
      service_config_settings:
        keystone:
          ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
          ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
          ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
          ironic::keystone::auth::auth_name: 'ironic'
          ironic::keystone::auth::password: {get_param: IronicPassword }
          ironic::keystone::auth::tenant: 'service'
          ironic::keystone::auth::region: {get_param: KeystoneRegion}
        mysql:
          ironic::db::mysql::password: {get_param: IronicPassword}
          ironic::db::mysql::user: ironic
          ironic::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
          ironic::db::mysql::dbname: ironic
          ironic::db::mysql::allowed_hosts:
            - '%'
            - "%{hiera('mysql_bind_host')}"
      upgrade_tasks:
        - name: Stop ironic_api service
          tags: step2
          service: name=openstack-ironic-api state=stopped