b3a7cfc43f
Problem: RHEL and CentOS8 will deprecate the usage of Yum. From DNF release note: DNF is the next upcoming major version of yum, a package manager for RPM-based Linux distributions. It roughly maintains CLI compatibility with YUM and defines a strict API for extensions. Solution: Use "package" Ansible module instead of "yum". "package" module is smarter when it comes to detect with package manager runs on the system. The goal of this patch is to support both yum/dnf (dnf will be the default in rhel/centos 8) from a single ansible module. Change-Id: I8e67d6f053e8790fdd0eb52a42035dca3051999e
262 lines
10 KiB
YAML
262 lines
10 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
Openstack Zaqar service. Shared for all Heat services.
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
Debug:
|
|
default: false
|
|
description: Set to True to enable debugging on all services.
|
|
type: boolean
|
|
ZaqarDebug:
|
|
default: ''
|
|
description: Set to True to enable debugging Zaqar service.
|
|
type: string
|
|
constraints:
|
|
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
|
|
ZaqarPassword:
|
|
description: The password for Zaqar
|
|
type: string
|
|
hidden: true
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
ZaqarPolicies:
|
|
description: |
|
|
A hash of policies to configure for Zaqar.
|
|
e.g. { zaqar-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
|
default: {}
|
|
type: json
|
|
ZaqarWorkers:
|
|
type: string
|
|
description: Set the number of workers for zaqar::wsgi::apache
|
|
default: '%{::os_workers}'
|
|
ZaqarMessageStore:
|
|
type: string
|
|
description: The messaging store for Zaqar
|
|
default: redis
|
|
ZaqarManagementStore:
|
|
type: string
|
|
description: The management store for Zaqar
|
|
default: redis
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
RedisPassword:
|
|
description: The password for the redis service account.
|
|
type: string
|
|
hidden: true
|
|
|
|
conditions:
|
|
zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]}
|
|
service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']}
|
|
zaqar_messaging_store_swift: {equals : [{get_param: ZaqarMessageStore}, 'swift']}
|
|
zaqar_messaging_store_redis: {equals : [{get_param: ZaqarMessageStore}, 'redis']}
|
|
zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']}
|
|
|
|
resources:
|
|
|
|
ApacheServiceBase:
|
|
type: ./apache.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
EnableInternalTLS: {get_param: EnableInternalTLS}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Shared role data for the Zaqar services.
|
|
value:
|
|
service_name: zaqar_api
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
|
- zaqar::policy::policies: {get_param: ZaqarPolicies}
|
|
zaqar::keystone::authtoken::password: {get_param: ZaqarPassword}
|
|
zaqar::keystone::authtoken::project_name: 'service'
|
|
zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
zaqar::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
|
zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
|
zaqar::keystone::trust::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
zaqar::logging::debug:
|
|
if:
|
|
- service_debug_unset
|
|
- {get_param: Debug }
|
|
- {get_param: ZaqarDebug }
|
|
zaqar::server::service_name: 'httpd'
|
|
zaqar::transport::websocket::bind:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
|
zaqar::transport::websocket::notification_bind:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
|
zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
|
zaqar::wsgi::apache::bind_host:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
|
zaqar::message_pipeline: 'zaqar.notification.notifier'
|
|
zaqar::max_messages_post_size: 1048576
|
|
zaqar::unreliable: true
|
|
zaqar::wsgi::apache::servername:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('fqdn_$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
|
zaqar::message_store: {get_param: ZaqarMessageStore}
|
|
zaqar::management_store: {get_param: ZaqarManagementStore}
|
|
-
|
|
if:
|
|
- zaqar_messaging_store_swift
|
|
-
|
|
zaqar::messaging::swift::uri:
|
|
list_join:
|
|
- ''
|
|
- ['swift://zaqar:', {get_param: ZaqarPassword}, '@/service']
|
|
zaqar::messaging::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
|
tripleo::profile::base::zaqar::messaging_store: 'swift'
|
|
- {}
|
|
-
|
|
if:
|
|
- zaqar_messaging_store_redis
|
|
-
|
|
zaqar_redis_password: {get_param: RedisPassword}
|
|
tripleo::profile::base::zaqar::messaging_store: 'redis'
|
|
- {}
|
|
-
|
|
if:
|
|
- zaqar_management_store_sqlalchemy
|
|
-
|
|
tripleo::profile::base::zaqar::management_store: 'sqlalchemy'
|
|
zaqar::management::sqlalchemy::uri:
|
|
make_url:
|
|
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
|
|
username: zaqar
|
|
password: {get_param: ZaqarPassword}
|
|
host: {get_param: [EndpointMap, MysqlInternal, host]}
|
|
path: /zaqar
|
|
query:
|
|
read_default_file: /etc/my.cnf.d/tripleo.cnf
|
|
read_default_group: tripleo
|
|
- {}
|
|
-
|
|
if:
|
|
- zaqar_workers_zero
|
|
- {}
|
|
- zaqar::wsgi::apache::workers: {get_param: ZaqarWorkers}
|
|
service_config_settings:
|
|
map_merge:
|
|
- keystone:
|
|
zaqar::keystone::auth::password: {get_param: ZaqarPassword}
|
|
zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]}
|
|
zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]}
|
|
zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]}
|
|
zaqar::keystone::auth::region: {get_param: KeystoneRegion}
|
|
zaqar::keystone::auth::tenant: 'service'
|
|
zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword}
|
|
zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]}
|
|
zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]}
|
|
zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
|
|
zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion}
|
|
zaqar::keystone::auth_websocket::tenant: 'service'
|
|
zaqar::keystone::trust::password: {get_param: ZaqarPassword}
|
|
zaqar::keystone::trust::user_domain_name: 'Default'
|
|
tripleo.zaqar_api.firewall_rules:
|
|
'113 zaqar_api':
|
|
dport:
|
|
- 9000
|
|
- 8888
|
|
- 3000 #SSL for websocket
|
|
- 13888 #SSL for api
|
|
-
|
|
if:
|
|
- zaqar_management_store_sqlalchemy
|
|
- mysql:
|
|
zaqar::db::mysql::user: zaqar
|
|
zaqar::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
|
zaqar::db::mysql::dbname: zaqar
|
|
zaqar::db::mysql::password: {get_param: ZaqarPassword}
|
|
zaqar::db::mysql::allowed_hosts:
|
|
- '%'
|
|
- "%{hiera('mysql_bind_host')}"
|
|
- {}
|
|
step_config: |
|
|
include ::tripleo::profile::base::zaqar
|
|
metadata_settings:
|
|
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
|
upgrade_tasks:
|
|
list_concat:
|
|
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
|
|
-
|
|
- name: Check if zaqar is deployed
|
|
command: systemctl is-enabled openstack-zaqar
|
|
tags: common
|
|
ignore_errors: True
|
|
register: zaqar_enabled
|
|
- name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
|
|
shell: >
|
|
/usr/bin/systemctl show 'openstack-zaqar' --property ActiveState |
|
|
grep '\bactive\b'
|
|
when:
|
|
- step|int == 0
|
|
- zaqar_enabled.rc == 0
|
|
tags: validation
|
|
- name: Check for zaqar running under apache (post upgrade)
|
|
when: step|int == 1
|
|
shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi"
|
|
register: zaqar_apache
|
|
ignore_errors: true
|
|
- name: Stop zaqar service (running under httpd)
|
|
service: name=httpd state=stopped
|
|
when:
|
|
- step|int == 1
|
|
- zaqar_apache.rc == 0
|
|
- name: Stop and disable zaqar service (pre-upgrade not under httpd)
|
|
when:
|
|
- step|int == 1
|
|
- zaqar_enabled.rc == 0
|
|
service: name=openstack-zaqar state=stopped enabled=no
|
|
- name: Install openstack-zaqar package if it was disabled
|
|
package: name=openstack-zaqar state=latest
|
|
when:
|
|
- step|int == 3
|
|
- zaqar_enabled.rc != 0
|