heat_template_version: pike

description: >
  Openstack Zaqar service. Shared for all Heat services.

parameters:
  ServiceData:
    default: {}
    description: Dictionary packing service data
    type: json
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json
  Debug:
    default: ''
    description: Set to True to enable debugging on all services.
    type: string
  ZaqarDebug:
    default: ''
    description: Set to True to enable debugging Zaqar service.
    type: string
  ZaqarPassword:
    description: The password for Zaqar
    type: string
    hidden: true
  KeystoneRegion:
    type: string
    default: 'regionOne'
    description: Keystone region for endpoint
  ZaqarPolicies:
    description: |
      A hash of policies to configure for Zaqar.
      e.g. { zaqar-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
    default: {}
    type: json
  ZaqarWorkers:
    type: string
    description: Set the number of workers for zaqar::wsgi::apache
    default: '%{::os_workers}'
  ZaqarMessageStore:
    type: string
    description: The messaging store for Zaqar
    default: mongodb
  ZaqarManagementStore:
    type: string
    description: The management store for Zaqar
    default: mongodb
  EnableInternalTLS:
    type: boolean
    default: false

conditions:
  zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]}
  service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']}
  zaqar_messaging_store_swift: {equals : [{get_param: ZaqarMessageStore}, 'swift']}
  zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']}

resources:

  ApacheServiceBase:
    type: ./apache.yaml
    properties:
      ServiceData: {get_param: ServiceData}
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      EndpointMap: {get_param: EndpointMap}
      EnableInternalTLS: {get_param: EnableInternalTLS}

outputs:
  role_data:
    description: Shared role data for the Heat services.
    value:
      service_name: zaqar
      config_settings:
        map_merge:
          - get_attr: [ApacheServiceBase, role_data, config_settings]
          - zaqar::policy::policies: {get_param: ZaqarPolicies}
            zaqar::keystone::authtoken::password: {get_param: ZaqarPassword}
            zaqar::keystone::authtoken::project_name: 'service'
            zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
            zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
            zaqar::debug:
              if:
              - service_debug_unset
              - {get_param: Debug }
              - {get_param: ZaqarDebug }
            zaqar::server::service_name: 'httpd'
            zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]}
            zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS}
            zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
            zaqar::message_pipeline: 'zaqar.notification.notifier'
            zaqar::unreliable: true
            zaqar::wsgi::apache::servername:
              str_replace:
                template:
                  "%{hiera('fqdn_$NETWORK')}"
                params:
                  $NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
            zaqar::message_store: {get_param: ZaqarMessageStore}
            zaqar::management_store: {get_param: ZaqarManagementStore}
          -
            if:
            - zaqar_messaging_store_swift
            -
              zaqar::messaging::swift::uri:
                list_join:
                  - ''
                  - ['swift://zaqar:', {get_param: ZaqarPassword}, '@/service']
              zaqar::messaging::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
              tripleo::profile::base::zaqar::messaging_store: 'swift'
            - {}
          -
            if:
            - zaqar_management_store_sqlalchemy
            -
              tripleo::profile::base::zaqar::management_store: 'sqlalchemy'
              zaqar::management::sqlalchemy::uri:
                make_url:
                  scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
                  username: zaqar
                  password: {get_param: ZaqarPassword}
                  host: {get_param: [EndpointMap, MysqlInternal, host]}
                  path: /zaqar
                  query:
                    read_default_file: /etc/my.cnf.d/tripleo.cnf
                    read_default_group: tripleo
            - {}
          -
            if:
            - zaqar_workers_zero
            - {}
            - zaqar::wsgi::apache::workers: {get_param: ZaqarWorkers}
      service_config_settings:
        map_merge:
          - keystone:
              zaqar::keystone::auth::password: {get_param: ZaqarPassword}
              zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]}
              zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]}
              zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]}
              zaqar::keystone::auth::region: {get_param: KeystoneRegion}
              zaqar::keystone::auth::tenant: 'service'
              zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword}
              zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]}
              zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]}
              zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
              zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion}
              zaqar::keystone::auth_websocket::tenant: 'service'
          -
            if:
            - zaqar_management_store_sqlalchemy
            - mysql:
                zaqar::db::mysql::user: zaqar
                zaqar::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
                zaqar::db::mysql::dbname: zaqar
                zaqar::db::mysql::password: {get_param: ZaqarPassword}
                zaqar::db::mysql::allowed_hosts:
                  - '%'
                  - "%{hiera('mysql_bind_host')}"
            - {}
      step_config: |
        include ::tripleo::profile::base::zaqar
      metadata_settings:
        get_attr: [ApacheServiceBase, role_data, metadata_settings]
      upgrade_tasks:
        yaql:
          expression: $.data.apache_upgrade + $.data.zaqar_upgrade
          data:
            apache_upgrade:
              get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
            zaqar_upgrade:
              - name: Check if zaqar is deployed
                command: systemctl is-enabled openstack-zaqar
                tags: common
                ignore_errors: True
                register: zaqar_enabled
              - name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
                shell: >
                  /usr/bin/systemctl show 'openstack-zaqar' --property ActiveState |
                  grep '\bactive\b'
                when: zaqar_enabled.rc == 0
                tags: step0,validation
              - name: Check for zaqar running under apache (post upgrade)
                tags: step1
                shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi"
                register: zaqar_apache
                ignore_errors: true
              - name: Stop zaqar service (running under httpd)
                tags: step1
                service: name=httpd state=stopped
                when: zaqar_apache.rc == 0
              - name: Stop and disable zaqar service (pre-upgrade not under httpd)
                tags: step1
                when: zaqar_enabled.rc == 0
                service: name=openstack-zaqar state=stopped enabled=no
              - name: Install openstack-zaqar package if it was disabled
                tags: step3
                yum: name=openstack-zaqar state=latest
                when: zaqar_enabled.rc != 0