From aedb22be76be53716e30b60c93d323a3fbeb8f00 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Fri, 3 Mar 2017 10:19:34 +0200
Subject: Pass hieradata relevant for httpd in the Heat APIs

The patch this depends on passes through the classes some parameters
that are meant to be passed via t-h-t. This patch addresses these and
other things required for deploying these services over httpd:

* Set the number of workers taking care not to set this value to 0.
* Add the apache base hieradata to the service profiles.
* Set the servernames and other httpd-specific values.

bp tls-via-certmonger

Change-Id: I88e5ea7b9bbf35ae03f84fdc3ec76ae09f11a1b6
Depends-On: I23971b0164468e67c9b3577772af84bd947e16f1
---
 puppet/services/heat-api-cloudwatch.yaml | 42 +++++++++++++++++++++++++++-----
 1 file changed, 36 insertions(+), 6 deletions(-)

(limited to 'puppet/services/heat-api-cloudwatch.yaml')

diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml
index 8879bcb2..fc2e9d98 100644
--- a/puppet/services/heat-api-cloudwatch.yaml
+++ b/puppet/services/heat-api-cloudwatch.yaml
@@ -30,8 +30,23 @@ parameters:
     default:
       tag: openstack.heat.api.cloudwatch
       path: /var/log/heat/heat-api-cloudwatch.log
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+  heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]}
 
 resources:
+
+  ApacheServiceBase:
+    type: ./apache.yaml
+    properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+      EnableInternalTLS: {get_param: EnableInternalTLS}
+
   HeatBase:
     type: ./heat-base.yaml
     properties:
@@ -51,19 +66,34 @@ outputs:
       config_settings:
         map_merge:
           - get_attr: [HeatBase, role_data, config_settings]
-          - heat::api_cloudwatch::workers: {get_param: HeatWorkers}
-            tripleo.heat_api_cloudwatch.firewall_rules:
+          - get_attr: [ApacheServiceBase, role_data, config_settings]
+          - tripleo.heat_api_cloudwatch.firewall_rules:
               '125 heat_cloudwatch':
                 dport:
                   - 8003
                   - 13003
-            # NOTE: bind IP is found in Heat replacing the network name with the
-            # local node IP for the given network; replacement examples
-            # (eg. for internal_api):
+            heat::api_cloudwatch::bind_host:
+              get_param: [ServiceNetMap, HeatApiCloudwatchNetwork]
+            heat::wsgi::apache_api_cloudwatch::ssl: {get_param: EnableInternalTLS}
+            heat::api_cloudwatch::service_name: 'httpd'
+            # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+            # for the given network; replacement examples (eg. for internal_api):
             # internal_api -> IP
             # internal_api_uri -> [IP]
             # internal_api_subnet - > IP/CIDR
-            heat::api_cloudwatch::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
+            heat::wsgi::apache_api_cloudwatch::bind_host:
+              get_param: [ServiceNetMap, HeatApiCloudwatchNetwork]
+            heat::wsgi::apache_api_cloudwatch::servername:
+              str_replace:
+                template:
+                  "%{hiera('fqdn_$NETWORK')}"
+                params:
+                  $NETWORK: {get_param: [ServiceNetMap, HeatApiCloudwatchNetwork]}
+          -
+            if:
+            - heat_workers_zero
+            - {}
+            - heat::wsgi::apache_api_cloudwatch::workers: {get_param: HeatWorkers}
       step_config: |
         include ::tripleo::profile::base::heat::api_cloudwatch
       upgrade_tasks:
-- 
cgit 1.2.3-korg