heat_template_version: pike description: > Openstack Heat Engine service configured with Puppet parameters: ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json HeatEnableDBPurge: type: boolean default: true description: | Whether to create cron job for purging soft deleted rows in the Heat database. HeatWorkers: default: 0 description: Number of workers for Heat service. type: number HeatPassword: description: The password for the Heat service and db account, used by the Heat services. type: string hidden: true HeatStackDomainAdminPassword: description: Password for heat_stack_domain_admin user. type: string hidden: true HeatAuthEncryptionKey: description: Auth encryption key for heat-engine type: string hidden: true default: '' MonitoringSubscriptionHeatEngine: default: 'overcloud-heat-engine' type: string HeatEngineLoggingSource: type: json default: tag: openstack.heat.engine path: /var/log/heat/heat-engine.log HeatConvergenceEngine: type: boolean default: true description: Enables the heat engine with the convergence architecture. HeatMaxResourcesPerStack: type: number default: 1000 description: Maximum resources allowed per top-level stack. -1 stands for unlimited. resources: HeatBase: type: ./heat-base.yaml properties: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} outputs: role_data: description: Role data for the Heat Engine role. value: service_name: heat_engine monitoring_subscription: {get_param: MonitoringSubscriptionHeatEngine} logging_source: {get_param: HeatEngineLoggingSource} logging_groups: - heat config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] - heat::engine::num_engine_workers: {get_param: HeatWorkers} heat::engine::configure_delegated_roles: false heat::engine::trusts_delegated_roles: [] heat::engine::max_nested_stack_depth: 6 heat::engine::max_resources_per_stack: {get_param: HeatMaxResourcesPerStack} heat::engine::heat_metadata_server_url: make_url: scheme: {get_param: [EndpointMap, HeatCfnPublic, protocol]} host: {get_param: [EndpointMap, HeatCfnPublic, host]} port: {get_param: [EndpointMap, HeatCfnPublic, port]} heat::engine::heat_waitcondition_server_url: make_url: scheme: {get_param: [EndpointMap, HeatCfnPublic, protocol]} host: {get_param: [EndpointMap, HeatCfnPublic, host]} port: {get_param: [EndpointMap, HeatCfnPublic, port]} path: /v1/waitcondition heat::engine::convergence_engine: {get_param: HeatConvergenceEngine} tripleo::profile::base::heat::manage_db_purge: {get_param: HeatEnableDBPurge} heat::database_connection: make_url: scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} username: heat password: {get_param: HeatPassword} host: {get_param: [EndpointMap, MysqlInternal, host]} path: /heat query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo heat::keystone_ec2_uri: list_join: - '' - - {get_param: [EndpointMap, KeystoneV3Internal, uri]} - '/ec2tokens' heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} heat::engine::auth_encryption_key: yaql: expression: $.data.passwords.where($ != '').first() data: passwords: - {get_param: HeatAuthEncryptionKey} - {get_param: [DefaultPasswords, heat_auth_encryption_key]} step_config: | include ::tripleo::profile::base::heat::engine service_config_settings: mysql: heat::db::mysql::password: {get_param: HeatPassword} heat::db::mysql::user: heat heat::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} heat::db::mysql::dbname: heat heat::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" keystone: # This is needed because the keystone profile handles creating the domain tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword} upgrade_tasks: - name: Check if heat_engine is deployed command: systemctl is-enabled openstack-heat-engine tags: common ignore_errors: True register: heat_engine_enabled - name: "PreUpgrade step0,validation: Check service openstack-heat-engine is running" shell: /usr/bin/systemctl show 'openstack-heat-engine' --property ActiveState | grep '\bactive\b' when: heat_engine_enabled.rc == 0 tags: step0,validation - name: Stop heat_engine service tags: step1 when: heat_engine_enabled.rc == 0 service: name=openstack-heat-engine state=stopped