puppet/services/gnocchi-api.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

heat_template_version: ocata

description: >
  Gnocchi service configured with Puppet

parameters:
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  GnocchiPassword:
    description: The password for the gnocchi service and db account.
    type: string
    hidden: true
  GnocchiBackend:
    default: swift
    description: The short name of the Gnocchi backend to use. Should be one
      of swift, rbd, or file
    type: string
    constraints:
    - allowed_values: ['swift', 'file', 'rbd']
  KeystoneRegion:
    type: string
    default: 'regionOne'
    description: Keystone region for endpoint
  MonitoringSubscriptionGnocchiApi:
    default: 'overcloud-gnocchi-api'
    type: string
  GnocchiApiLoggingSource:
    type: json
    default:
      tag: openstack.gnocchi.api
      path: /var/log/gnocchi/app.log
  EnableInternalTLS:
    type: boolean
    default: false
  GnocchiApiPolicies:
    description: |
      A hash of policies to configure for Gnocchi API.
      e.g. { gnocchi-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
    default: {}
    type: json

resources:

  GnocchiServiceBase:
    type: ./gnocchi-base.yaml
    properties:
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      EndpointMap: {get_param: EndpointMap}

  ApacheServiceBase:
    type: ./apache.yaml
    properties:
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      EndpointMap: {get_param: EndpointMap}
      EnableInternalTLS: {get_param: EnableInternalTLS}

outputs:
  role_data:
    description: Role data for the Gnocchi role.
    value:
      service_name: gnocchi_api
      monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi}
      logging_source: {get_param: GnocchiApiLoggingSource}
      logging_groups:
        - gnocchi
      config_settings:
        map_merge:
          - get_attr: [ApacheServiceBase, role_data, config_settings]
          - get_attr: [GnocchiServiceBase, role_data, config_settings]
          - tripleo.gnocchi_api.firewall_rules:
              '129 gnocchi-api':
                dport:
                  - 8041
                  - 13041
            gnocchi::api::enabled: true
            gnocchi::api::enable_proxy_headers_parsing: true
            gnocchi::api::service_name: 'httpd'
            gnocchi::policy::policies: {get_param: GnocchiApiPolicies}
            gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
            gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
            gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword}
            gnocchi::keystone::authtoken::project_name: 'service'
            gnocchi::keystone::authtoken::user_domain_name: 'Default'
            gnocchi::keystone::authtoken::project_domain_name: 'Default'
            gnocchi::wsgi::apache::ssl: {get_param: EnableInternalTLS}
            gnocchi::wsgi::apache::servername:
              str_replace:
                template:
                  "%{hiera('fqdn_$NETWORK')}"
                params:
                  $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
            tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend}
            # NOTE: bind IP is found in Heat replacing the network name with the
            # local node IP for the given network; replacement examples
            # (eg. for internal_api):
            # internal_api -> IP
            # internal_api_uri -> [IP]
            # internal_api_subnet - > IP/CIDR
            gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
            gnocchi::wsgi::apache::wsgi_process_display_name: 'gnocchi_wsgi'
      step_config: |
        include ::tripleo::profile::base::gnocchi::api
      service_config_settings:
        keystone:
          gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
          gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
          gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
          gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
          gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
          gnocchi::keystone::auth::tenant: 'service'
        mysql:
          gnocchi::db::mysql::password: {get_param: GnocchiPassword}
          gnocchi::db::mysql::user: gnocchi
          gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
          gnocchi::db::mysql::dbname: gnocchi
          gnocchi::db::mysql::allowed_hosts:
            - '%'
            - "%{hiera('mysql_bind_host')}"
      metadata_settings:
        get_attr: [ApacheServiceBase, role_data, metadata_settings]
      upgrade_tasks:
        - name: Stop gnocchi_api service (running under httpd)
          tags: step1
          service: name=httpd state=stopped