heat_template_version: ocata description: > Apache service configured with Puppet. Note this is typically included automatically via other services which run via Apache. parameters: ApacheMaxRequestWorkers: default: 256 description: Maximum number of simultaneously processed requests. type: number ApacheServerLimit: default: 256 description: Maximum number of Apache processes. type: number ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json EnableInternalTLS: type: boolean default: false resources: ApacheTLS: type: OS::TripleO::Services::ApacheTLS properties: ServiceNetMap: {get_param: ServiceNetMap} outputs: role_data: description: Role data for the Apache role. value: service_name: apache config_settings: map_merge: - get_attr: [ApacheTLS, role_data, config_settings] - # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]} apache::server_signature: 'Off' apache::server_tokens: 'Prod' apache_remote_proxy_ips_network: str_replace: template: "NETWORK_subnet" params: NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]} apache::mod::prefork::maxclients: { get_param: ApacheMaxRequestWorkers } apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit } apache::mod::remoteip::proxy_ips: - "%{hiera('apache_remote_proxy_ips_network')}" metadata_settings: get_attr: [ApacheTLS, role_data, metadata_settings] upgrade_tasks: - name: "PreUpgrade step0,validation: Check service httpd is running" shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b' tags: step0,validation