heat_template_version: ocata

description: >
  Gnocchi service configured with Puppet

parameters:
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  GnocchiPassword:
    description: The password for the gnocchi service and db account.
    type: string
    hidden: true
  GnocchiBackend:
    default: swift
    description: The short name of the Gnocchi backend to use. Should be one
      of swift, rbd, or file
    type: string
    constraints:
    - allowed_values: ['swift', 'file', 'rbd']
  KeystoneRegion:
    type: string
    default: 'regionOne'
    description: Keystone region for endpoint
  MonitoringSubscriptionGnocchiApi:
    default: 'overcloud-gnocchi-api'
    type: string
  GnocchiApiLoggingSource:
    type: json
    default:
      tag: openstack.gnocchi.api
      path: /var/log/gnocchi/app.log
  EnableInternalTLS:
    type: boolean
    default: false
  GnocchiApiPolicies:
    description: |
      A hash of policies to configure for Gnocchi API.
      e.g. { gnocchi-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
    default: {}
    type: json

resources:

  GnocchiServiceBase:
    type: ./gnocchi-base.yaml
    properties:
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      EndpointMap: {get_param: EndpointMap}
      RoleName: {get_param: RoleName}
      RoleParameters: {get_param: RoleParameters}

  ApacheServiceBase:
    type: ./apache.yaml
    properties:
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      EndpointMap: {get_param: EndpointMap}
      RoleName: {get_param: RoleName}
      RoleParameters: {get_param: RoleParameters}
      EnableInternalTLS: {get_param: EnableInternalTLS}

outputs:
  role_data:
    description: Role data for the Gnocchi role.
    value:
      service_name: gnocchi_api
      monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi}
      logging_source: {get_param: GnocchiApiLoggingSource}
      logging_groups:
        - gnocchi
      config_settings:
        map_merge:
          - get_attr: [ApacheServiceBase, role_data, config_settings]
          - get_attr: [GnocchiServiceBase, role_data, config_settings]
          - tripleo.gnocchi_api.firewall_rules:
              '129 gnocchi-api':
                dport:
                  - 8041
                  - 13041
            gnocchi::api::enabled: true
            gnocchi::api::enable_proxy_headers_parsing: true
            gnocchi::api::service_name: 'httpd'
            gnocchi::policy::policies: {get_param: GnocchiApiPolicies}
            gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
            gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
            gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword}
            gnocchi::keystone::authtoken::project_name: 'service'
            gnocchi::keystone::authtoken::user_domain_name: 'Default'
            gnocchi::keystone::authtoken::project_domain_name: 'Default'
            gnocchi::wsgi::apache::ssl: {get_param: EnableInternalTLS}
            gnocchi::wsgi::apache::servername:
              str_replace:
                template:
                  "%{hiera('fqdn_$NETWORK')}"
                params:
                  $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
            tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend}
            # NOTE: bind IP is found in Heat replacing the network name with the
            # local node IP for the given network; replacement examples
            # (eg. for internal_api):
            # internal_api -> IP
            # internal_api_uri -> [IP]
            # internal_api_subnet - > IP/CIDR
            gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
            gnocchi::wsgi::apache::wsgi_process_display_name: 'gnocchi_wsgi'
      step_config: |
        include ::tripleo::profile::base::gnocchi::api
      service_config_settings:
        keystone:
          gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
          gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
          gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
          gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
          gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
          gnocchi::keystone::auth::tenant: 'service'
        mysql:
          gnocchi::db::mysql::password: {get_param: GnocchiPassword}
          gnocchi::db::mysql::user: gnocchi
          gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
          gnocchi::db::mysql::dbname: gnocchi
          gnocchi::db::mysql::allowed_hosts:
            - '%'
            - "%{hiera('mysql_bind_host')}"
      metadata_settings:
        get_attr: [ApacheServiceBase, role_data, metadata_settings]
      upgrade_tasks:
        yaql:
          expression: $.data.apache_upgrade + $.data.gnocchi_api_upgrade
          data:
            apache_upgrade:
              get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
            gnocchi_api_upgrade:
              - name: Stop gnocchi_api service (running under httpd)
                tags: step1
                service: name=httpd state=stopped