0a0e2ee629
Master is now the development branch for pike changing the release alias name. Change-Id: I938e4a983e361aefcaa0bd9a4226c296c5823127
202 lines
8.3 KiB
YAML
202 lines
8.3 KiB
YAML
heat_template_version: pike
|
|
|
|
description: >
|
|
OpenStack Cinder API service configured with Puppet
|
|
|
|
parameters:
|
|
CinderEnableDBPurge:
|
|
default: true
|
|
description: |
|
|
Whether to create cron job for purging soft deleted rows in Cinder database.
|
|
type: boolean
|
|
CinderPassword:
|
|
description: The password for the cinder service account, used by cinder-api.
|
|
type: string
|
|
hidden: true
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
MonitoringSubscriptionCinderApi:
|
|
default: 'overcloud-cinder-api'
|
|
type: string
|
|
CinderApiLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: openstack.cinder.api
|
|
path: /var/log/cinder/cinder-api.log
|
|
CinderWorkers:
|
|
type: string
|
|
description: Set the number of workers for cinder::wsgi::apache
|
|
default: '%{::os_workers}'
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
CinderApiPolicies:
|
|
description: |
|
|
A hash of policies to configure for Cinder API.
|
|
e.g. { cinder-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
|
default: {}
|
|
type: json
|
|
|
|
conditions:
|
|
cinder_workers_zero: {equals : [{get_param: CinderWorkers}, 0]}
|
|
|
|
resources:
|
|
|
|
ApacheServiceBase:
|
|
type: ./apache.yaml
|
|
properties:
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
EnableInternalTLS: {get_param: EnableInternalTLS}
|
|
|
|
CinderBase:
|
|
type: ./cinder-base.yaml
|
|
properties:
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Cinder API role.
|
|
value:
|
|
service_name: cinder_api
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionCinderApi}
|
|
logging_source: {get_param: CinderApiLoggingSource}
|
|
logging_groups:
|
|
- cinder
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [CinderBase, role_data, config_settings]
|
|
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
|
- cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
cinder::keystone::authtoken::password: {get_param: CinderPassword}
|
|
cinder::keystone::authtoken::project_name: 'service'
|
|
cinder::keystone::authtoken::user_domain_name: 'Default'
|
|
cinder::keystone::authtoken::project_domain_name: 'Default'
|
|
cinder::policy::policies: {get_param: CinderApiPolicies}
|
|
cinder::api::enable_proxy_headers_parsing: true
|
|
|
|
cinder::api::nova_catalog_info: 'compute:nova:internalURL'
|
|
cinder::api::nova_catalog_admin_info: 'compute:nova:adminURL'
|
|
# TODO(emilien) move it to puppet-cinder
|
|
cinder::config:
|
|
DEFAULT/swift_catalog_info:
|
|
value: 'object-store:swift:internalURL'
|
|
tripleo::profile::base::cinder::cinder_enable_db_purge: {get_param: CinderEnableDBPurge}
|
|
tripleo.cinder_api.firewall_rules:
|
|
'119 cinder':
|
|
dport:
|
|
- 8776
|
|
- 13776
|
|
cinder::api::bind_host:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('fqdn_$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
|
|
cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
|
cinder::api::service_name: 'httpd'
|
|
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
|
# for the given network; replacement examples (eg. for internal_api):
|
|
# internal_api -> IP
|
|
# internal_api_uri -> [IP]
|
|
# internal_api_subnet - > IP/CIDR
|
|
cinder::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
|
|
cinder::wsgi::apache::servername:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('fqdn_$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
|
|
-
|
|
if:
|
|
- cinder_workers_zero
|
|
- {}
|
|
- cinder::wsgi::apache::workers: {get_param: CinderWorkers}
|
|
step_config: |
|
|
include ::tripleo::profile::base::cinder::api
|
|
service_config_settings:
|
|
keystone:
|
|
cinder::keystone::auth::tenant: 'service'
|
|
cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]}
|
|
cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
|
|
cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
|
|
cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
|
|
cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
|
|
cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
|
|
cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]}
|
|
cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]}
|
|
cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]}
|
|
cinder::keystone::auth::password: {get_param: CinderPassword}
|
|
cinder::keystone::auth::region: {get_param: KeystoneRegion}
|
|
mysql:
|
|
cinder::db::mysql::password: {get_param: CinderPassword}
|
|
cinder::db::mysql::user: cinder
|
|
cinder::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
|
cinder::db::mysql::dbname: cinder
|
|
cinder::db::mysql::allowed_hosts:
|
|
- '%'
|
|
- "%{hiera('mysql_bind_host')}"
|
|
metadata_settings:
|
|
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
|
upgrade_tasks:
|
|
yaql:
|
|
expression: $.data.apache_upgrade + $.data.cinder_api_upgrade
|
|
data:
|
|
apache_upgrade:
|
|
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
|
|
cinder_api_upgrade:
|
|
- name: Check if cinder_api is deployed
|
|
command: systemctl is-enabled openstack-cinder-api
|
|
tags: common
|
|
ignore_errors: True
|
|
register: cinder_api_enabled
|
|
- name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running"
|
|
shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b'
|
|
when: cinder_api_enabled.rc == 0
|
|
tags: step0,validation
|
|
- name: check for cinder running under apache (post upgrade)
|
|
tags: step1
|
|
shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder"
|
|
register: cinder_apache
|
|
ignore_errors: true
|
|
- name: Stop cinder_api service (running under httpd)
|
|
tags: step1
|
|
service: name=httpd state=stopped
|
|
when: cinder_apache.rc == 0
|
|
- name: Stop and disable cinder_api service (pre-upgrade not under httpd)
|
|
tags: step1
|
|
when: cinder_api_enabled.rc == 0
|
|
service: name=openstack-cinder-api state=stopped enabled=no
|