44ef2a3ec1
The new master branch should point now to rocky. So, HOT templates should specify that they might contain features for rocky release [1] Also, this submission updates the yaml validation to use only latest heat_version alias. There are cases in which we will need to set the version for specific templates i.e. mixed versions, so there is added a variable to assign specific templates to specific heat_version aliases, avoiding the introductions of error by bulk replacing the the old version in new releases. [1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#rocky Change-Id: Ib17526d9cc453516d99d4659ee5fa51a5aa7fb4b
194 lines
7.2 KiB
YAML
194 lines
7.2 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
Openstack Heat Engine service configured with Puppet
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
HeatEnableDBPurge:
|
|
type: boolean
|
|
default: true
|
|
description: |
|
|
Whether to create cron job for purging soft deleted rows in the Heat database.
|
|
HeatWorkers:
|
|
default: 0
|
|
description: Number of workers for Heat service.
|
|
type: number
|
|
HeatMaxNestedStackDepth:
|
|
default: 6
|
|
description: Maximum number of nested stack depth.
|
|
type: number
|
|
HeatReauthenticationAuthMethod:
|
|
description: Allow reauthentication on token expiry, such that long-running tasks
|
|
may complete. Note this defeats the expiry of any provided user tokens.
|
|
type: string
|
|
default: ''
|
|
constraints:
|
|
- allowed_values: [ '', 'trusts' ]
|
|
HeatPassword:
|
|
description: The password for the Heat service and db account, used by the Heat services.
|
|
type: string
|
|
hidden: true
|
|
HeatStackDomainAdminPassword:
|
|
description: Password for heat_stack_domain_admin user.
|
|
type: string
|
|
hidden: true
|
|
HeatAuthEncryptionKey:
|
|
description: Auth encryption key for heat-engine
|
|
type: string
|
|
hidden: true
|
|
default: ''
|
|
MonitoringSubscriptionHeatEngine:
|
|
default: 'overcloud-heat-engine'
|
|
type: string
|
|
HeatEngineLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: openstack.heat.engine
|
|
path: /var/log/heat/heat-engine.log
|
|
HeatConvergenceEngine:
|
|
type: boolean
|
|
default: true
|
|
description: Enables the heat engine with the convergence architecture.
|
|
HeatMaxResourcesPerStack:
|
|
type: number
|
|
default: 1000
|
|
description: Maximum resources allowed per top-level stack. -1 stands for unlimited.
|
|
HeatEnginePluginDirs:
|
|
type: comma_delimited_list
|
|
default: []
|
|
description: An array of directories to search for plug-ins.
|
|
|
|
conditions:
|
|
heat_workers_unset: {equals : [{get_param: HeatWorkers}, 0]}
|
|
|
|
resources:
|
|
HeatBase:
|
|
type: ./heat-base.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Heat Engine role.
|
|
value:
|
|
service_name: heat_engine
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionHeatEngine}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [HeatBase, role_data, config_settings]
|
|
- heat::engine::configure_delegated_roles: false
|
|
heat::engine::trusts_delegated_roles: []
|
|
heat::engine::max_nested_stack_depth: {get_param: HeatMaxNestedStackDepth}
|
|
heat::engine::max_resources_per_stack: {get_param: HeatMaxResourcesPerStack}
|
|
heat::engine::reauthentication_auth_method: {get_param: HeatReauthenticationAuthMethod}
|
|
heat::engine::heat_metadata_server_url:
|
|
make_url:
|
|
scheme: {get_param: [EndpointMap, HeatCfnPublic, protocol]}
|
|
host: {get_param: [EndpointMap, HeatCfnPublic, host]}
|
|
port: {get_param: [EndpointMap, HeatCfnPublic, port]}
|
|
heat::engine::heat_waitcondition_server_url:
|
|
make_url:
|
|
scheme: {get_param: [EndpointMap, HeatCfnPublic, protocol]}
|
|
host: {get_param: [EndpointMap, HeatCfnPublic, host]}
|
|
port: {get_param: [EndpointMap, HeatCfnPublic, port]}
|
|
path: /v1/waitcondition
|
|
heat::engine::convergence_engine: {get_param: HeatConvergenceEngine}
|
|
tripleo::profile::base::heat::manage_db_purge: {get_param: HeatEnableDBPurge}
|
|
heat::database_connection:
|
|
make_url:
|
|
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
|
|
username: heat
|
|
password: {get_param: HeatPassword}
|
|
host: {get_param: [EndpointMap, MysqlInternal, host]}
|
|
path: /heat
|
|
query:
|
|
read_default_file: /etc/my.cnf.d/tripleo.cnf
|
|
read_default_group: tripleo
|
|
heat::keystone_ec2_uri:
|
|
list_join:
|
|
- ''
|
|
- - {get_param: [EndpointMap, KeystoneV3Internal, uri]}
|
|
- '/ec2tokens'
|
|
heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword}
|
|
heat::engine::auth_encryption_key:
|
|
yaql:
|
|
expression: $.data.passwords.where($ != '').first()
|
|
data:
|
|
passwords:
|
|
- {get_param: HeatAuthEncryptionKey}
|
|
- {get_param: [DefaultPasswords, heat_auth_encryption_key]}
|
|
heat::engine::plugin_dirs: {get_param: HeatEnginePluginDirs}
|
|
-
|
|
if:
|
|
- heat_workers_unset
|
|
- {}
|
|
- heat::engine::num_engine_workers: {get_param: HeatWorkers}
|
|
step_config: |
|
|
include ::tripleo::profile::base::heat::engine
|
|
|
|
service_config_settings:
|
|
fluentd:
|
|
tripleo_fluentd_groups_heat_engine:
|
|
- heat
|
|
tripleo_fluentd_sources_heat_engine:
|
|
- {get_param: HeatEngineLoggingSource}
|
|
mysql:
|
|
heat::db::mysql::password: {get_param: HeatPassword}
|
|
heat::db::mysql::user: heat
|
|
heat::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
|
heat::db::mysql::dbname: heat
|
|
heat::db::mysql::allowed_hosts:
|
|
- '%'
|
|
- "%{hiera('mysql_bind_host')}"
|
|
keystone:
|
|
# This is needed because the keystone profile handles creating the domain
|
|
tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword}
|
|
upgrade_tasks:
|
|
- name: Check if heat_engine is deployed
|
|
command: systemctl is-enabled openstack-heat-engine
|
|
tags: common
|
|
ignore_errors: True
|
|
register: heat_engine_enabled
|
|
- name: "PreUpgrade step0,validation: Check service openstack-heat-engine is running"
|
|
shell: /usr/bin/systemctl show 'openstack-heat-engine' --property ActiveState | grep '\bactive\b'
|
|
when:
|
|
- step|int == 0
|
|
- heat_engine_enabled.rc == 0
|
|
tags: validation
|
|
- name: Stop heat_engine service
|
|
when:
|
|
- step|int == 1
|
|
- heat_engine_enabled.rc == 0
|
|
service: name=openstack-heat-engine state=stopped
|