File ardana-heat-9.0+git.1565721273.f44b8d7.obscpio of Package ardana-heat
07070100000000000081A40000000000000000000000015D5302B900000065000000000000000000000000000000000000003800000000ardana-heat-9.0+git.1565721273.f44b8d7/.copyrightignore.copyrightignore
roles/heat-common/files/heat_api_audit_map.conf
roles/heat-common/files/policy.json
07070100000001000081A40000000000000000000000015D5302B900000077000000000000000000000000000000000000003200000000ardana-heat-9.0+git.1565721273.f44b8d7/.gitreview[gerrit]
host=gerrit.prv.suse.net
port=29418
project=ardana/heat-ansible.git
defaultremote=ardana
defaultbranch=master
07070100000002000081A40000000000000000000000015D5302B90000279F000000000000000000000000000000000000002F00000000ardana-heat-9.0+git.1565721273.f44b8d7/LICENSE
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
07070100000003000081A40000000000000000000000015D5302B9000004D9000000000000000000000000000000000000004600000000ardana-heat-9.0+git.1565721273.f44b8d7/_heat-configure-monitoring.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- hosts: HEA-API:HEA-ACF:HEA-ENG:&MON-AGN
roles:
- heat-monitoring
tasks:
# set-up process check for heat processes
- include: roles/heat-monitoring/tasks/process_check.yml
- hosts: HEA-API:&MON-AGN
roles:
- heat-monitoring
tasks:
# set-up monitoring of heat-api local endpoint and internal VIP
- include: roles/heat-monitoring/tasks/heat_api_check.yml
- hosts: HEA-ACF:&MON-AGN
roles:
- heat-monitoring
tasks:
# set-up monitoring of heat-api-cfn local endpoint and internal VIP
- include: roles/heat-monitoring/tasks/heat_api_cfn_check.yml
07070100000004000081A40000000000000000000000015D5302B9000003B9000000000000000000000000000000000000003B00000000ardana-heat-9.0+git.1565721273.f44b8d7/_heat-configure.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- hosts: HEA-API
roles:
- heat-api
tasks:
- include: roles/heat-api/tasks/configure.yml
- hosts: HEA-ACF
roles:
- heat-api-cfn
tasks:
- include: roles/heat-api-cfn/tasks/configure.yml
- hosts: HEA-ENG
roles:
- heat-engine
tasks:
- include: roles/heat-engine/tasks/configure.yml
07070100000005000081A40000000000000000000000015D5302B9000003B3000000000000000000000000000000000000003900000000ardana-heat-9.0+git.1565721273.f44b8d7/_heat-install.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- hosts: HEA-API
roles:
- heat-api
tasks:
- include: roles/heat-api/tasks/install.yml
- hosts: HEA-ACF
roles:
- heat-api-cfn
tasks:
- include: roles/heat-api-cfn/tasks/install.yml
- hosts: HEA-ENG
roles:
- heat-engine
tasks:
- include: roles/heat-engine/tasks/install.yml
07070100000006000081A40000000000000000000000015D5302B900000325000000000000000000000000000000000000004000000000ardana-heat-9.0+git.1565721273.f44b8d7/_heat-post-configure.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- hosts: HEA-ENG
roles:
- heat-post-configure
# make sure to run only once
tasks:
- include: roles/heat-post-configure/tasks/db_configure.yml
07070100000007000081A40000000000000000000000015D5302B900000676000000000000000000000000000000000000003F00000000ardana-heat-9.0+git.1565721273.f44b8d7/_heat-pre-configure.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- hosts: HEA-API
roles:
- heat-pre-configure
tasks:
- include: roles/heat-pre-configure/tasks/keystone_conf.yml
ansible_python_interpreter:
"{{ KEY_CLI.vars.keystone_client_python_interpreter }}"
- include: roles/heat-pre-configure/tasks/keystone_domain_setup.yml
ansible_python_interpreter:
"{{ KEY_CLI.vars.keystone_client_python_interpreter }}"
# Force heat_domain_admin password update with the value taken from config
# processor data. When upgrading legacy system with hardcoded password, this
# will forcibly change password in Keystone. On systems with password coming
# from config processor, Keystone will be updated with password it already
# has (i.e. no change). Heat configuration files will be updated by
# _heat-configure.yml.
- include:
roles/heat-pre-configure/tasks/keystone_change_domain_admin_password.yml
ansible_python_interpreter:
"{{ KEY_CLI.vars.keystone_client_python_interpreter }}"
07070100000008000081A40000000000000000000000015D5302B9000002E2000000000000000000000000000000000000004200000000ardana-heat-9.0+git.1565721273.f44b8d7/_heat-schedule-restart.yml#
# (c) Copyright 2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# Schedule a restart of all heat services using ardana_notify_... variables
- hosts: all
tasks:
- include: roles/heat-common/tasks/_schedule_restart.yml07070100000009000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000002E00000000ardana-heat-9.0+git.1565721273.f44b8d7/config0707010000000A000081A40000000000000000000000015D5302B9000005CC000000000000000000000000000000000000004000000000ardana-heat-9.0+git.1565721273.f44b8d7/config/heat-symlinks.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# The following relative symlinks are created under the
# my_cloud/config directory.
---
symlinks:
"heat/api.conf.j2": "roles/heat-api/templates/api.conf.j2"
"heat/api-logging.conf.j2": "roles/heat-api/templates/api-logging.conf.j2"
"heat/api-cfn.conf.j2": "roles/heat-api-cfn/templates/api-cfn.conf.j2"
"heat/api-cfn-logging.conf.j2": "roles/heat-api-cfn/templates/api-cfn-logging.conf.j2"
"heat/engine.conf.j2": "roles/heat-engine/templates/engine.conf.j2"
"heat/engine-logging.conf.j2": "roles/heat-engine/templates/engine-logging.conf.j2"
"heat/heat.conf.j2": "roles/heat-common/templates/heat.conf.j2"
"heat/policy.json": "roles/heat-common/files/policy.json"
"heat/api-paste.ini.j2": "roles/heat-common/templates/api-paste.ini.j2"
"heat/heat_api_audit_map.conf": "roles/heat-common/files/heat_api_audit_map.conf"
0707010000000B000081A40000000000000000000000015D5302B900000337000000000000000000000000000000000000003D00000000ardana-heat-9.0+git.1565721273.f44b8d7/heat-caasp-deploy.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development Company LP
# (c) Copyright 2017-2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
- name: deploy caasp using caasp-openstack-heat-templates package
hosts: localhost
roles:
- heat-caasp
tasks:
- include: roles/heat-caasp/tasks/install.yml
0707010000000C000081A40000000000000000000000015D5302B900000364000000000000000000000000000000000000003700000000ardana-heat-9.0+git.1565721273.f44b8d7/heat-deploy.yml#
# (c) Copyright 2015 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- include: heat-stop.yml
- include: _heat-install.yml
- include: _heat-pre-configure.yml
- include: _heat-configure.yml
- include: _heat-post-configure.yml
- include: heat-start.yml
- include: _heat-configure-monitoring.yml
0707010000000D000081A40000000000000000000000015D5302B900000566000000000000000000000000000000000000004F00000000ardana-heat-9.0+git.1565721273.f44b8d7/heat-reconfigure-credentials-change.yml#
# (c) Copyright 2016-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- hosts: HEA-API
roles:
- heat-pre-configure
tasks:
- include:
roles/heat-pre-configure/tasks/keystone_change_service_password.yml
ansible_python_interpreter:
"{{ KEY_CLI.vars.keystone_client_python_interpreter }}"
# get values of domain_id to be set in heat.conf
- include:
roles/heat-pre-configure/tasks/keystone_domain_setup.yml
ansible_python_interpreter:
"{{ KEY_CLI.vars.keystone_client_python_interpreter }}"
- include:
roles/heat-pre-configure/tasks/keystone_change_domain_admin_password.yml
ansible_python_interpreter:
"{{ KEY_CLI.vars.keystone_client_python_interpreter }}"
- include: _heat-configure.yml
- include: heat-start.yml
0707010000000E000081A40000000000000000000000015D5302B90000030A000000000000000000000000000000000000003C00000000ardana-heat-9.0+git.1565721273.f44b8d7/heat-reconfigure.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- include: _heat-pre-configure.yml
- include: _heat-configure.yml
- include: _heat-post-configure.yml
- include: heat-start.yml
0707010000000F000081A40000000000000000000000015D5302B900000285000000000000000000000000000000000000003800000000ardana-heat-9.0+git.1565721273.f44b8d7/heat-restart.yml#
# (c) Copyright 2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- include: _heat-schedule-restart.yml
- include: heat-start.yml
07070100000010000081A40000000000000000000000015D5302B9000003AD000000000000000000000000000000000000003600000000ardana-heat-9.0+git.1565721273.f44b8d7/heat-start.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- hosts: HEA-API
roles:
- heat-api
tasks:
- include: roles/heat-api/tasks/start.yml
- hosts: HEA-ACF
roles:
- heat-api-cfn
tasks:
- include: roles/heat-api-cfn/tasks/start.yml
- hosts: HEA-ENG
roles:
- heat-engine
tasks:
- include: roles/heat-engine/tasks/start.yml
07070100000011000081A40000000000000000000000015D5302B9000003FB000000000000000000000000000000000000003700000000ardana-heat-9.0+git.1565721273.f44b8d7/heat-status.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- hosts: HEA-API
max_fail_percentage: 0
roles:
- heat-api
tasks:
- include: roles/heat-api/tasks/status.yml
- hosts: HEA-ACF
max_fail_percentage: 0
roles:
- heat-api-cfn
tasks:
- include: roles/heat-api-cfn/tasks/status.yml
- hosts: HEA-ENG
max_fail_percentage: 0
roles:
- heat-engine
tasks:
- include: roles/heat-engine/tasks/status.yml
07070100000012000081A40000000000000000000000015D5302B9000003AA000000000000000000000000000000000000003500000000ardana-heat-9.0+git.1565721273.f44b8d7/heat-stop.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- hosts: HEA-API
roles:
- heat-api
tasks:
- include: roles/heat-api/tasks/stop.yml
- hosts: HEA-ACF
roles:
- heat-api-cfn
tasks:
- include: roles/heat-api-cfn/tasks/stop.yml
- hosts: HEA-ENG
roles:
- heat-engine
tasks:
- include: roles/heat-engine/tasks/stop.yml
07070100000013000081A40000000000000000000000015D5302B900000375000000000000000000000000000000000000003800000000ardana-heat-9.0+git.1565721273.f44b8d7/heat-upgrade.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- include: heat-status.yml
- include: _heat-install.yml
- include: heat-stop.yml
- include: _heat-pre-configure.yml
- include: _heat-configure.yml
- include: _heat-post-configure.yml
- include: heat-start.yml
- include: heat-status.yml
07070100000014000041ED00000000000000000000000A5D5302B900000000000000000000000000000000000000000000002D00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles07070100000015000041ED0000000000000000000000065D5302B900000000000000000000000000000000000000000000003600000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api07070100000016000041ED0000000000000000000000065D5302B900000000000000000000000000000000000000000000003A00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api-cfn07070100000017000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000004300000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api-cfn/defaults07070100000018000081A40000000000000000000000015D5302B9000002A6000000000000000000000000000000000000004C00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api-cfn/defaults/main.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
heat_component: heat-api-cfn
07070100000019000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000003F00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api-cfn/meta0707010000001A000081A40000000000000000000000015D5302B9000002A7000000000000000000000000000000000000004800000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api-cfn/meta/main.yml#
# (c) Copyright 2015 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
dependencies:
- role: heat-common
0707010000001B000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000004000000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api-cfn/tasks0707010000001C000081A40000000000000000000000015D5302B900000837000000000000000000000000000000000000004E00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api-cfn/tasks/configure.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- include: ../../heat-common/tasks/_set_directories.yml
vars:
install_package_result: "{{ ardana_notify_heat_api_cfn_install_result }}"
- include: ../../heat-common/tasks/configure.yml
- include: ../../heat-common/tasks/_write_conf.yml
src: "../../heat-api-cfn/templates/api-cfn.conf.j2"
dest: "{{ heat_service_conf_dir }}/api-cfn.conf"
- name: heat-api-cfn | configure | notify on api-cfn.conf change
command: /bin/true
register: ardana_notify_heat_api_cfn_restart_required
when: write_conf_result.changed
- name: heat-api-cfn | configure | Create api-cfn-logging.conf
become: yes
template:
src: "api-cfn-logging.conf.j2"
dest: "{{ heat_service_conf_dir }}/api-cfn-logging.conf"
owner: "{{ heat_system_user }}"
group: "{{ heat_system_group }}"
mode: "0400"
register: ardana_notify_heat_api_cfn_restart_required
- name: heat-api-cfn | configure | touch audit log file
become: yes
file:
path: "{{ heat_audit_log_location }}/heat-api-cfn-audit.log"
owner: "{{ heat_system_user }}"
group: "{{ heat_log_group }}"
mode: 0640
state: touch
when: heat_audit_enable
- name: heat-api-cfn | configure | touch api-cfn log files
become: yes
file:
path: "{{ item }}"
owner: "{{ heat_system_user }}"
group: "{{ heat_log_group }}"
mode: 0640
state: touch
with_items:
- "{{ heat_log_location }}/heat-api-cfn-json.log"
- "{{ heat_log_location }}/heat-api-cfn.log"
0707010000001D000081A40000000000000000000000015D5302B9000006BC000000000000000000000000000000000000004C00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api-cfn/tasks/install.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: heat-api-cfn | install | update venv cache
become: yes
install_package:
cache: update
- name: heat-api-cfn | install | install heat-api-cfn service
become: yes
install_package:
name: heat
service: heat-api-cfn
state: present
activate: act_off
register: ardana_notify_heat_api_cfn_install_result
- name: heat-api-cfn | install | register persistent fact of install
command: /bin/true
register: ardana_notify_heat_api_cfn_restart_required
when: ardana_notify_heat_api_cfn_install_result.changed
- include: ../../heat-common/tasks/_set_directories.yml
vars:
install_package_result: "{{ ardana_notify_heat_api_cfn_install_result }}"
- name: heat-api-cfn | install | register heat-api-cfn service
become: yes
setup_systemd:
service: heat-api-cfn
cmd: heat-api-cfn
user: "{{ heat_system_user }}"
group: "{{ heat_system_user }}"
args: >
--config-file={{ heat_service_conf_dir }}/heat.conf
--config-file={{ heat_service_conf_dir }}/api-cfn.conf
- include: ../../heat-common/tasks/install.yml
0707010000001E000081A40000000000000000000000015D5302B9000006A9000000000000000000000000000000000000004A00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api-cfn/tasks/start.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: heat-api-cfn | start | activate the latest installed version
become: yes
install_package:
name: heat
service: heat-api-cfn
activate: act_on
version: "{{ ardana_notify_heat_api_cfn_install_result.version }}"
when: ardana_notify_heat_api_cfn_install_result is defined
- name: heat-api-cfn | start | register persistent fact of activate
command: /bin/true
register: ardana_notify_heat_api_cfn_restart_required
when: (ardana_notify_heat_api_cfn_install_result is defined and
ardana_notify_heat_api_cfn_install_result.changed)
- name: heat-api-cfn | start | restart heat-api-cfn service
become: yes
service: name=heat-api-cfn state=restarted
when: (ardana_notify_heat_all_restart_required is defined and
ardana_notify_heat_all_restart_required.changed) or
(ardana_notify_heat_api_cfn_restart_required is defined and
ardana_notify_heat_api_cfn_restart_required.changed)
- name: heat-api-cfn | start | start heat-api-cfn service
become: yes
service: name=heat-api-cfn state=started
0707010000001F000081A40000000000000000000000015D5302B9000002BB000000000000000000000000000000000000004B00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api-cfn/tasks/status.yml#
# (c) Copyright 2015 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- include: ../../heat-common/tasks/_service_status.yml
07070100000020000081A40000000000000000000000015D5302B900000365000000000000000000000000000000000000004900000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api-cfn/tasks/stop.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: heat-api-cfn | stop | stop heat-api service
become: yes
service: name=heat-api-cfn state=stopped
register: stop_result
failed_when:
"stop_result|failed and 'service not found' not in stop_result.msg"
07070100000021000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000004400000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api-cfn/templates07070100000022000081A40000000000000000000000015D5302B90000088B000000000000000000000000000000000000005C00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api-cfn/templates/api-cfn-logging.conf.j2{#
#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
#}
[loggers]
keys: root, iso8601{%- if heat_audit_enable|bool %}, audit{% endif %}
[handlers]
keys: watchedfile, logstash{%- if heat_audit_enable|bool %}, auditfile{% endif %}
[formatters]
keys: context, logstash
[logger_root]
qualname: root
handlers: watchedfile, logstash
level: NOTSET
{%- if heat_audit_enable|bool %}
[logger_audit]
qualname: oslo.messaging.notification.audit
handlers: auditfile
propagate: 0
level: INFO
{% endif %}
[logger_iso8601]
qualname: iso8601
handlers: watchedfile
level: WARNING
# Writes to disk
[handler_watchedfile]
class: handlers.WatchedFileHandler
args: ('/var/log/heat/heat-api-cfn.log',)
formatter: context
level: INFO
# Writes JSON to disk, beaver will ship to logstash
[handler_logstash]
class: handlers.WatchedFileHandler
args: ('/var/log/heat/heat-api-cfn-json.log',)
formatter: logstash
level: INFO
{%- if heat_audit_enable|bool %}
# Writes to disk
[handler_auditfile]
class: handlers.WatchedFileHandler
args: ('{{ heat_audit_log_location }}/heat-api-cfn-audit.log',)
formatter: context
level: INFO
{% endif %}
# datefmt must be set otherwise you end up with too many (msecs) fields
[formatter_context]
class: oslo_log.formatters.ContextFormatter
args: (datefmt=datefmt)
format: %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user)s %(tenant)s] %(instance)s%(message)s
datefmt: %Y-%m-%d %H:%M:%S
# the "format" and "datefmt" actually set the "type" and "tags"
[formatter_logstash]
class: logstash.LogstashFormatterVersion1
format: heat
datefmt: heat-api-cfn
07070100000023000081A40000000000000000000000015D5302B9000002D2000000000000000000000000000000000000005400000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api-cfn/templates/api-cfn.conf.j2{#
#
# (c) Copyright 2015 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
#}
[DEFAULT]
log_config_append={{ heat_service_conf_dir }}/api-cfn-logging.conf
07070100000024000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000003F00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api/defaults07070100000025000081A40000000000000000000000015D5302B9000002A2000000000000000000000000000000000000004800000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api/defaults/main.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
heat_component: heat-api
07070100000026000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000003B00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api/meta07070100000027000081A40000000000000000000000015D5302B9000002A7000000000000000000000000000000000000004400000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api/meta/main.yml#
# (c) Copyright 2015 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
dependencies:
- role: heat-common
07070100000028000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000003C00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api/tasks07070100000029000081A40000000000000000000000015D5302B9000007EF000000000000000000000000000000000000004A00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api/tasks/configure.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- include: ../../heat-common/tasks/_set_directories.yml
vars:
install_package_result: "{{ ardana_notify_heat_api_install_result }}"
- include: ../../heat-common/tasks/configure.yml
- include: ../../heat-common/tasks/_write_conf.yml
src: "../../heat-api/templates/api.conf.j2"
dest: "{{ heat_service_conf_dir }}/api.conf"
- name: heat-api | configure | notify on api.conf change
command: /bin/true
register: ardana_notify_heat_api_restart_required
when: write_conf_result.changed
- name: heat-api | configure | Create api-logging.conf
become: yes
template:
src: "api-logging.conf.j2"
dest: "{{ heat_service_conf_dir }}/api-logging.conf"
owner: "{{ heat_system_user }}"
group: "{{ heat_system_group }}"
mode: "0400"
register: ardana_notify_heat_api_restart_required
- name: heat-api | configure | touch audit log file
become: yes
file:
path: "{{ heat_audit_log_location }}/heat-api-audit.log"
owner: "{{ heat_system_user }}"
group: "{{ heat_log_group }}"
mode: 0640
state: touch
when: heat_audit_enable
- name: heat-api | configure | touch api log files
become: yes
file:
path: "{{ item }}"
owner: "{{ heat_system_user }}"
group: "{{ heat_log_group }}"
mode: 0640
state: touch
with_items:
- "{{ heat_log_location }}/heat-api-json.log"
- "{{ heat_log_location }}/heat-api.log"
0707010000002A000081A40000000000000000000000015D5302B900000684000000000000000000000000000000000000004800000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api/tasks/install.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: heat-api | install | update venv cache
become: yes
install_package:
cache: update
- name: heat-api | install | install heat-api service
become: yes
install_package:
name: heat
service: heat-api
state: present
activate: act_off
register: ardana_notify_heat_api_install_result
- name: heat-api | install | register persistent fact of install
command: /bin/true
register: ardana_notify_heat_api_restart_required
when: ardana_notify_heat_api_install_result.changed
- include: ../../heat-common/tasks/_set_directories.yml
vars:
install_package_result: "{{ ardana_notify_heat_api_install_result }}"
- name: heat-api | install | register heat-api service
become: yes
setup_systemd:
service: heat-api
cmd: heat-api
user: "{{ heat_system_user }}"
group: "{{ heat_system_user }}"
args: >
--config-file={{ heat_service_conf_dir }}/heat.conf
--config-file={{ heat_service_conf_dir }}/api.conf
- include: ../../heat-common/tasks/install.yml
0707010000002B000081A40000000000000000000000015D5302B900000669000000000000000000000000000000000000004600000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api/tasks/start.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: heat-api | start | activate the latest installed version
become: yes
install_package:
name: heat
service: heat-api
activate: act_on
version: "{{ ardana_notify_heat_api_install_result.version }}"
when: ardana_notify_heat_api_install_result is defined
- name: heat-api | start | register persistent fact of activate
command: /bin/true
register: ardana_notify_heat_api_restart_required
when: (ardana_notify_heat_api_install_result is defined and
ardana_notify_heat_api_install_result.changed)
- name: heat-api | start | restart heat-api service
become: yes
service: name=heat-api state=restarted
when: (ardana_notify_heat_all_restart_required is defined and
ardana_notify_heat_all_restart_required.changed) or
(ardana_notify_heat_api_restart_required is defined and
ardana_notify_heat_api_restart_required.changed)
- name: heat-api | start | start heat-api service
become: yes
service: name=heat-api state=started
0707010000002C000081A40000000000000000000000015D5302B9000002BB000000000000000000000000000000000000004700000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api/tasks/status.yml#
# (c) Copyright 2015 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- include: ../../heat-common/tasks/_service_status.yml
0707010000002D000081A40000000000000000000000015D5302B90000035D000000000000000000000000000000000000004500000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api/tasks/stop.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: heat-api | stop | stop heat-api service
become: yes
service: name=heat-api state=stopped
register: stop_result
failed_when:
"stop_result|failed and 'service not found' not in stop_result.msg"
0707010000002E000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000004000000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api/templates0707010000002F000081A40000000000000000000000015D5302B90000087B000000000000000000000000000000000000005400000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api/templates/api-logging.conf.j2{#
#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
#}
[loggers]
keys: root, iso8601{%- if heat_audit_enable|bool %}, audit{% endif %}
[handlers]
keys: watchedfile, logstash{%- if heat_audit_enable|bool %}, auditfile{% endif %}
[formatters]
keys: context, logstash
[logger_root]
qualname: root
handlers: watchedfile, logstash
level: NOTSET
{%- if heat_audit_enable|bool %}
[logger_audit]
qualname: oslo.messaging.notification.audit
handlers: auditfile
propagate: 0
level: INFO
{% endif %}
[logger_iso8601]
qualname: iso8601
handlers: watchedfile
level: WARNING
# Writes to disk
[handler_watchedfile]
class: handlers.WatchedFileHandler
args: ('/var/log/heat/heat-api.log',)
formatter: context
level: INFO
# Writes JSON to disk, beaver will ship to logstash
[handler_logstash]
class: handlers.WatchedFileHandler
args: ('/var/log/heat/heat-api-json.log',)
formatter: logstash
level: INFO
{%- if heat_audit_enable|bool %}
# Writes to disk
[handler_auditfile]
class: handlers.WatchedFileHandler
args: ('{{ heat_audit_log_location }}/heat-api-audit.log',)
formatter: context
level: INFO
{% endif %}
# datefmt must be set otherwise you end up with too many (msecs) fields
[formatter_context]
class: oslo_log.formatters.ContextFormatter
args: (datefmt=datefmt)
format: %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user)s %(tenant)s] %(instance)s%(message)s
datefmt: %Y-%m-%d %H:%M:%S
# the "format" and "datefmt" actually set the "type" and "tags"
[formatter_logstash]
class: logstash.LogstashFormatterVersion1
format: heat
datefmt: heat-api
07070100000030000081A40000000000000000000000015D5302B9000002CE000000000000000000000000000000000000004C00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-api/templates/api.conf.j2{#
#
# (c) Copyright 2015 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
#}
[DEFAULT]
log_config_append={{ heat_service_conf_dir }}/api-logging.conf
07070100000031000041ED0000000000000000000000055D5302B900000000000000000000000000000000000000000000003800000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-caasp07070100000032000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000004100000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-caasp/defaults07070100000033000081A40000000000000000000000015D5302B900000475000000000000000000000000000000000000004A00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-caasp/defaults/main.yml#
# (c) Copyright 2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.in
#
---
heat_component: heat-caasp
caasp_image_url: "http://download.suse.de/install/SUSE-CaaSP-3-GM/SUSE-CaaS-Platform-3.0-for-OpenStack-Cloud.x86_64-3.0.0-GM.qcow2"
caasp_image_tmp_path: "/tmp/SUSE-CaaS-Platform-3.0-for-OpenStack-Cloud.x86_64-3.0.0-GM.qcow2"
caasp_image_name: "SUSE-CaaS-Platform-3.0-for-OpenStack-Cloud"
caasp_stack_name: "caasp-stack"
ardana_service_osrc_file: "~ardana/service.osrc"
caasp_stack_yaml_dir: "/usr/share/caasp-openstack-heat-templates/"
caasp_stack_yaml_file: "caasp-stack.yaml"
caasp_stack_env_yaml_file: "caasp-environment.yaml"
07070100000034000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000003D00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-caasp/meta07070100000035000081A40000000000000000000000015D5302B900000268000000000000000000000000000000000000004600000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-caasp/meta/main.yml#
# (c) Copyright 2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
dependencies:
- role: heat-common
07070100000036000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000003E00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-caasp/tasks07070100000037000081A40000000000000000000000015D5302B900000C5F000000000000000000000000000000000000004A00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-caasp/tasks/install.yml#
# (c) Copyright 2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: heat-caasp | install | install caasp-openstack-heat-templates package
become: yes
zypper:
name: caasp-openstack-heat-templates
state: present
- name: heat-caasp | install | check if caasp image exists in glance
shell: |
source {{ ardana_service_osrc_file }}
openstack image show "{{ caasp_image_name }}"
register: caasp_image_exists_result
args:
executable: /bin/bash
ignore_errors: True
- name: heat-caasp | install | download caasp openstack qcow image to tmp
get_url:
url: "{{ caasp_image_url }}"
dest: "{{ caasp_image_tmp_path }}"
mode: 0600
register: _download_caasp_image_result
until: _download_caasp_image_result | success
retries: 5
delay: 2
when: caasp_image_exists_result.rc > 0
- name: heat-caasp | install | upload caasp openstack qcow image to glance
shell: |
source {{ ardana_service_osrc_file }}
openstack image create --public --disk-format qcow2 \
--container-format bare \
--file "{{ caasp_image_tmp_path }}" "{{ caasp_image_name }}"
args:
executable: /bin/bash
when: caasp_image_exists_result.rc > 0
- name: heat-caasp | install | delete caasp openstack qcow image from tmp
file:
state: absent
path: "{{ caasp_image_tmp_path }}"
when: caasp_image_exists_result.rc > 0
- name: heat-caasp | install | check if caasp stack exists
shell: |
source {{ ardana_service_osrc_file }}
openstack stack show "{{ caasp_stack_name }}"
register: caasp_stack_exists_result
args:
executable: /bin/bash
ignore_errors: True
- name: heat-caasp | install | create caasp stack
shell: |
source {{ ardana_service_osrc_file }}
openstack stack create --wait --timeout 120 \
--template "{{ caasp_stack_yaml_file }}" \
--environment "{{ caasp_stack_env_yaml_file }}" \
--parameter image="{{ caasp_image_name }}" "{{ caasp_stack_name }}"
args:
executable: /bin/bash
chdir: "{{ caasp_stack_yaml_dir }}"
when: caasp_stack_exists_result.rc > 0
- name: heat-caasp | install | get caasp stack status
shell: |
source {{ ardana_service_osrc_file }}
openstack stack show "{{ caasp_stack_name }}" \
| grep -w stack_status | awk '{print $4}'
args:
executable: /bin/bash
register: create_caasp_stack_result
when: caasp_stack_exists_result.rc > 0
- name: heat-caasp | install | check caasp stack status
fail:
msg: "Failed to create stack: {{ caasp_stack_exists_result.stdout }}"
when:
- caasp_stack_exists_result.rc > 0
- create_caasp_stack_result.stdout != 'CREATE_COMPLETE'
07070100000038000041ED0000000000000000000000075D5302B900000000000000000000000000000000000000000000003900000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-common07070100000039000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000004200000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-common/defaults0707010000003A000081A40000000000000000000000015D5302B900001344000000000000000000000000000000000000004B00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-common/defaults/main.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017-2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
heat_system_user: heat
heat_system_group: heat
heat_home_dir: /var/lib/heat
heat_log_file_location: /var/log/heat
heat_stack_user_domain_name: heat
heat_stack_domain_admin_user: "{{ HEA_ENG.consumes_KEY_API.vars.keystone_heat_domain_admin_user }}"
heat_stack_domain_admin_user_password: "{{ HEA_ENG.consumes_KEY_API.vars.keystone_heat_domain_admin_password | quote }}"
# This variable is set by the keystone_domain_setup.yml playbook in pre configure task
heat_stack_domain_id: unset
# Number of maximum worker allowed regardless of CPUs available
num_engine_max_workers: 8
# Number of num_engine_workers. The default will be the maximum allowed
# by variable num_engine_max_workers
num_engine_worker_count: "{{ [num_engine_max_workers, [2, ansible_processor_vcpus / 2] | max] | min | int }}"
# Audit
heat_api_audit_config: "{{ heat_service_conf_dir }}/heat_api_audit_map.conf"
heat_audit_enable: "{{ HEA.audit.enabled }}"
heat_audit_log_location: "{{ HEA.audit.dir }}/heat"
heat_audit_notification_driver: log
heat_log_group: adm
heat_log_location: "/var/log/heat"
# heat.conf config options
## [DEFAULT]
heat_debug: "True"
heat_region_name_for_services: "{{ HEA_API.advertises.vips.public[0].region_name }}"
heat_auth_encryption_key: "{{ HEA_ENG.vars.heat_auth_encryption_key }}"
heat_waitcondition_server_url: >
{{ HEA_ACF | item('advertises.vips.public[0].url',
default='http://' ~ HEA_ACF.advertises.vips.public[0].host ~ ':'
~ HEA_ACF.advertises.vips.public[0].port) }}/v1/waitcondition
heat_metadata_server_url: >
{{ HEA_ACF | item('advertises.vips.public[0].url',
default='http://' ~ HEA_ACF.advertises.vips.public[0].host ~ ':'
~ HEA_ACF.advertises.vips.public[0].port) }}
heat_rabbit_userid: "{{ HEA.consumes_FND_RMQ.vars.accounts.heat.username }}"
heat_rabbit_password: "{{ HEA.consumes_FND_RMQ.vars.accounts.heat.password }}"
_heat_rabbit_hosts_list: >
{{ HEA_API | item('consumes_FND_RMQ.members.private',
default=( HEA_API | item('consumes_FND_RMQ.members.public') )) }}
heat_rabbit_hosts: "{% for x in _heat_rabbit_hosts_list %}{{ heat_rabbit_userid }}:{{ heat_rabbit_password }}@{{ x.host }}:{{ x.port }}{%if not loop.last %},{% endif %}{% endfor %}"
heat_rabbit_use_ssl: "{{ HEA.consumes_FND_RMQ.members.private[0].use_tls }}"
heat_notification_topic: "notifications"
heat_notification_driver: "messaging"
heat_stack_user_role: "heat_stack_user"
heat_encrypt_parameters_and_properties: "True"
## [database]
heat_database_connection: >
{{ 'mysql+pymysql://' ~ HEA_ENG.consumes_FND_MDB.vars.accounts.heat.username ~ ':' ~
HEA_ENG.consumes_FND_MDB.vars.accounts.heat.password | urlencode ~ '@' ~
HEA_ENG.consumes_FND_MDB.vips.private[0].host ~ '/heat?charset=utf8' }}{{ heat_db_ssl }}
## [keystone_authtoken]
heat_keystone_admin_project_name: "{{ KEY_API.vars.keystone_service_tenant }}"
heat_keystone_admin_password: "{{ HEA_API.consumes_KEY_API.vars.keystone_heat_password | quote }}"
heat_keystone_admin_user: "{{ HEA_API.consumes_KEY_API.vars.keystone_heat_user }}"
heat_keystone_admin_user_domain_id: "{{ KEY_API.vars.keystone_default_domain }}"
heat_keystone_admin_project_domain_id: "{{ KEY_API.vars.keystone_default_domain }}"
service_token_roles: "{{KEY_API.vars.keystone_service_role}}"
heat_keystone_auth_uri: "{{ KEY_API.advertises.vips.public[0].url }}/v3"
heat_keystone_auth_url: "{{ HEA_API.consumes_KEY_API.vips.private[0].url }}"
memcached_servers: "{% for x in HEA.consumes_FND_MEM.members.private %}{{ x.host }}:{{ x.port }}{%if not loop.last %},{% endif %}{% endfor %}"
memcache_secret_key: "{{ HEA.consumes_FND_MEM.vars.memcached.heat.secret_key | quote }}"
## [ec2authtoken]
heat_ec2_auth_uri: >
{{ HEA_API.consumes_KEY_API.vips.private[0].url }}/v3
## [heat_api]
heat_api_workers: "2"
heat_api_bind_host: >
{{ host | item('bind.HEA_API.internal.ip_address') }}
## [heat_api_cfn]
heat_api_cfn_bind_host: >
{{ host | item('bind.HEA_ACF.internal.ip_address') }}
## [paste_deploy]
heat_api_paste_config_path: "{{ heat_service_conf_dir }}/api-paste.ini"
## [clients]
heat_endpoint_type: "internalURL"
## [ssl]
heat_ca_file: "{{ trusted_ca_bundle }}"
heat_db_ssl: "{% if HEA_ENG.consumes_FND_MDB.vips.private[0].use_tls %}&ssl_ca={{ heat_ca_file }} {% endif %}"
0707010000003B000041ED0000000000000000000000035D5302B900000000000000000000000000000000000000000000003F00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-common/files0707010000003C000081A40000000000000000000000015D5302B9000002D7000000000000000000000000000000000000005700000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-common/files/heat_api_audit_map.conf[DEFAULT]
# default target endpoint type
# should match the endpoint type defined in service catalog
target_endpoint_type = None
# possible end path of api requests
[path_keywords]
stacks = stack
resources = resource
preview = None
detail = None
abandon = None
snapshots = snapshot
restore = None
outputs = output
metadata = server
signal = None
events = event
template = None
template_versions = template_version
functions = None
validate = None
resource_types = resource_type
build_info = None
actions = None
software_configs = software_config
software_deployments = software_deployment
services = None
# map endpoint type defined in service catalog to CADF typeURI
[service_endpoints]
orchestration = service/orchestration0707010000003D000081A40000000000000000000000015D5302B90000101C000000000000000000000000000000000000004B00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-common/files/policy.json{
"context_is_admin": "role:admin and is_admin_project:True",
"project_admin": "role:admin",
"deny_stack_user": "not role:heat_stack_user",
"deny_everybody": "!",
"cloudformation:ListStacks": "rule:deny_stack_user",
"cloudformation:CreateStack": "rule:deny_stack_user",
"cloudformation:DescribeStacks": "rule:deny_stack_user",
"cloudformation:DeleteStack": "rule:deny_stack_user",
"cloudformation:UpdateStack": "rule:deny_stack_user",
"cloudformation:CancelUpdateStack": "rule:deny_stack_user",
"cloudformation:DescribeStackEvents": "rule:deny_stack_user",
"cloudformation:ValidateTemplate": "rule:deny_stack_user",
"cloudformation:GetTemplate": "rule:deny_stack_user",
"cloudformation:EstimateTemplateCost": "rule:deny_stack_user",
"cloudformation:DescribeStackResource": "",
"cloudformation:DescribeStackResources": "rule:deny_stack_user",
"cloudformation:ListStackResources": "rule:deny_stack_user",
"actions:action": "rule:deny_stack_user",
"build_info:build_info": "rule:deny_stack_user",
"events:index": "rule:deny_stack_user",
"events:show": "rule:deny_stack_user",
"resource:index": "rule:deny_stack_user",
"resource:metadata": "",
"resource:signal": "",
"resource:mark_unhealthy": "rule:deny_stack_user",
"resource:show": "rule:deny_stack_user",
"stacks:abandon": "rule:deny_stack_user",
"stacks:create": "rule:deny_stack_user",
"stacks:delete": "rule:deny_stack_user",
"stacks:detail": "rule:deny_stack_user",
"stacks:export": "rule:deny_stack_user",
"stacks:generate_template": "rule:deny_stack_user",
"stacks:global_index": "rule:deny_everybody",
"stacks:index": "rule:deny_stack_user",
"stacks:list_resource_types": "rule:deny_stack_user",
"stacks:list_template_versions": "rule:deny_stack_user",
"stacks:list_template_functions": "rule:deny_stack_user",
"stacks:lookup": "",
"stacks:preview": "rule:deny_stack_user",
"stacks:resource_schema": "rule:deny_stack_user",
"stacks:show": "rule:deny_stack_user",
"stacks:template": "rule:deny_stack_user",
"stacks:environment": "rule:deny_stack_user",
"stacks:files": "rule:deny_stack_user",
"stacks:update": "rule:deny_stack_user",
"stacks:update_patch": "rule:deny_stack_user",
"stacks:preview_update": "rule:deny_stack_user",
"stacks:preview_update_patch": "rule:deny_stack_user",
"stacks:validate_template": "rule:deny_stack_user",
"stacks:snapshot": "rule:deny_stack_user",
"stacks:show_snapshot": "rule:deny_stack_user",
"stacks:delete_snapshot": "rule:deny_stack_user",
"stacks:list_snapshots": "rule:deny_stack_user",
"stacks:restore_snapshot": "rule:deny_stack_user",
"stacks:list_outputs": "rule:deny_stack_user",
"stacks:show_output": "rule:deny_stack_user",
"software_configs:global_index": "rule:deny_everybody",
"software_configs:index": "rule:deny_stack_user",
"software_configs:create": "rule:deny_stack_user",
"software_configs:show": "rule:deny_stack_user",
"software_configs:delete": "rule:deny_stack_user",
"software_deployments:index": "rule:deny_stack_user",
"software_deployments:create": "rule:deny_stack_user",
"software_deployments:show": "rule:deny_stack_user",
"software_deployments:update": "rule:deny_stack_user",
"software_deployments:delete": "rule:deny_stack_user",
"software_deployments:metadata": "",
"service:index": "rule:context_is_admin",
"resource_types:OS::Nova::Flavor": "rule:project_admin",
"resource_types:OS::Cinder::EncryptedVolumeType": "rule:project_admin",
"resource_types:OS::Cinder::VolumeType": "rule:project_admin",
"resource_types:OS::Cinder::Quota": "rule:project_admin",
"resource_types:OS::Manila::ShareType": "rule:project_admin",
"resource_types:OS::Neutron::QoSPolicy": "rule:project_admin",
"resource_types:OS::Neutron::QoSBandwidthLimitRule": "rule:project_admin",
"resource_types:OS::Nova::HostAggregate": "rule:project_admin",
"resource_types:OS::Cinder::QoSSpecs": "rule:project_admin"
}
0707010000003E000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000004900000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-common/files/templates0707010000003F000081A40000000000000000000000015D5302B900000EC6000000000000000000000000000000000000006100000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-common/files/templates/AWS_RDS_DBInstance.yamlHeatTemplateFormatVersion: '2012-12-12'
Description: 'Builtin AWS::RDS::DBInstance'
Parameters:
AllocatedStorage:
Type: String
DBInstanceClass:
Type: String
DBName:
Type: String
DBSecurityGroups:
Type: CommaDelimitedList
Default: ''
Engine:
Type: String
AllowedValues: ['MySQL']
MasterUsername:
Type: String
MasterUserPassword:
Type: String
Port:
Type: String
Default: '3306'
KeyName:
Type: String
Default: ''
Mappings:
DBInstanceToInstance:
db.m1.small: {Instance: m1.small}
db.m1.large: {Instance: m1.large}
db.m1.xlarge: {Instance: m1.xlarge}
db.m2.xlarge: {Instance: m2.xlarge}
db.m2.2xlarge: {Instance: m2.2xlarge}
db.m2.4xlarge: {Instance: m2.4xlarge}
Resources:
ServerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: 'Enable SSH access'
SecurityGroupIngress:
- IpProtocol: icmp
FromPort: '-1'
ToPort: '-1'
CidrIp: '0.0.0.0/0'
- IpProtocol: tcp
FromPort: '22'
ToPort : '22'
CidrIp : '0.0.0.0/0'
- IpProtocol: tcp
FromPort: {Ref: Port}
ToPort : {Ref: Port}
CidrIp : '0.0.0.0/0'
DatabaseInstance:
Type: AWS::EC2::Instance
Metadata:
AWS::CloudFormation::Init:
config:
files:
/tmp/db_setup.sql:
content:
'Fn::Replace':
- DBName: {Ref: DBName}
MasterUserPassword: {Ref: MasterUserPassword}
MasterUsername: {Ref: MasterUsername}
- |
CREATE DATABASE DBName;
GRANT ALL PRIVILEGES ON DBName.* TO "MasterUsername"@"%"
IDENTIFIED BY "MasterUserPassword";
FLUSH PRIVILEGES;
EXIT
mode: '000644'
owner: root
group: root
packages:
yum:
mariadb: []
mariadb-server: []
services:
systemd:
mysqld:
enabled: true
ensureRunning: true
Properties:
ImageId: F19-x86_64-cfntools
InstanceType: {'Fn::FindInMap': [DBInstanceToInstance,
{Ref: DBInstanceClass}, Instance]}
KeyName: {Ref: KeyName}
SecurityGroups: [{"Ref" : "ServerSecurityGroup"}]
UserData:
Fn::Base64:
Fn::Replace:
- 'AWS::StackName': {Ref: 'AWS::StackName'}
'AWS::Region': {Ref: 'AWS::Region'}
MasterUserPassword: {Ref: MasterUserPassword}
WaitHandle: {Ref: WaitHandle}
- |
#!/bin/bash -v
#
iptables -F
# Helper function
function error_exit
{
/opt/aws/bin/cfn-signal -e 1 -r \"$1\" 'WaitHandle'
exit 1
}
/opt/aws/bin/cfn-init -s AWS::StackName -r DatabaseInstance --region AWS::Region || error_exit 'Failed to run cfn-init'
# Setup MySQL root password and create a user
mysqladmin -u root password 'MasterUserPassword'
mysql -u root --password='MasterUserPassword' < /tmp/db_setup.sql || error_exit 'Failed to setup mysql'
# Database setup completed, signal success
/opt/aws/bin/cfn-signal -e 0 -r "MySQL server setup complete" 'WaitHandle'
WaitHandle:
Type: AWS::CloudFormation::WaitConditionHandle
WaitCondition:
Type: AWS::CloudFormation::WaitCondition
DependsOn: DatabaseInstance
Properties:
Handle: {Ref: WaitHandle}
Timeout: "600"
Outputs:
Endpoint.Address: {'Fn::GetAtt': [DatabaseInstance, PublicIp]}
Endpoint.Port: {Ref: Port}
07070100000040000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000003E00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-common/meta07070100000041000081A40000000000000000000000015D5302B900000263000000000000000000000000000000000000004700000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-common/meta/main.yml# (c) Copyright 2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
dependencies:
- role: tls-vars
07070100000042000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000003F00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-common/tasks07070100000043000081A40000000000000000000000015D5302B900000314000000000000000000000000000000000000005500000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-common/tasks/_schedule_restart.yml#
# (c) Copyright 2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: heat-common | _schedule_restart | Schedule a restart for all services
debug:
msg: "Trigger a change notification in heat"
changed_when: true
register: ardana_notify_heat_all_restart_required07070100000044000081A40000000000000000000000015D5302B90000053A000000000000000000000000000000000000005300000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-common/tasks/_service_status.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: heat-common | _service_status | Print service being checked
debug:
msg: "Running service check for {{ heat_component }}"
run_once: true
- name: heat-common | _service_status | Check systemd service running
become: yes
command: systemctl status "{{ heat_component }}"
ignore_errors: yes
changed_when: false
register: systemctl_status_result
- name: heat-common | _service_status | Report status of "{{ heat_component }}"
fail:
msg: |
{{ heat_component }} is not running.
systemctl status {{ heat_component }} output:
{{ systemctl_status_result.stdout }}
{{ systemctl_status_result.stderr }}
when: systemctl_status_result | failed
07070100000045000081A40000000000000000000000015D5302B900000707000000000000000000000000000000000000005400000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-common/tasks/_set_directories.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: heat-common | _set_directories | set service etc and venv directory -
configure
set_fact:
heat_service_conf_dir:
"{{ heat_component | config_dir(install_package_result.version) }}/heat"
heat_service_bin_dir:
"{{ heat_component | bin_dir(install_package_result.version) }}"
heat_service_venv_share_dir:
"{{ heat_component | share_dir(install_package_result.version) }}"
when: install_package_result.version is defined
- name: heat-common | _set_directories | set service etc and venv directory -
reconfigure
set_fact:
heat_service_conf_dir: "{{ heat_component | config_dir() }}/heat"
heat_service_bin_dir: "{{ heat_component | bin_dir() }}"
heat_service_venv_share_dir: "{{ heat_component | share_dir() }}"
when: install_package_result.version is undefined
- name: heat-common | _set_directories | set plugins directory
set_fact:
heat_plugins_dir: "{{ heat_service_venv_share_dir }}/lib/heat"
heat_docker_plugin_source_dir:
"{{ heat_service_venv_share_dir }}/heat/contrib/heat_docker/heat_docker"
heat_environment_dir: "{{ heat_service_conf_dir }}/environment.d"
07070100000046000081A40000000000000000000000015D5302B900000730000000000000000000000000000000000000004F00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-common/tasks/_write_conf.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: heat-common | _write_conf | Check for pre-existing version of {{ dest }}
become: yes
stat: path="{{ dest }}"
register: conf_stat_result
- name: heat-common | _write_conf | get timestamp
command: date +%Y%m%d%H%M%S
register: time_result
changed_when: False
- name: heat-common | _write_conf | Create a backup version of the existing
{{ dest }} file
become: yes
command: cp {{ dest }} {{ dest }}.{{ time_result.stdout }}
when: conf_stat_result.stat.exists
changed_when: False
- name: heat-common | _write_conf | Template {{ dest }}
become: yes
template:
src: "{{ src }}"
dest: "{{ dest }}"
owner: "{{ heat_system_user }}"
group: "{{ heat_system_group }}"
mode: 0600
register: write_conf_result
- name: heat-common | _write_conf | Delete backup file that has not changed.
become: yes
file:
path: "{{ dest }}.{{ time_result.stdout }}"
state: absent
when: write_conf_result.changed==false
changed_when: False
- name: heat-common | _write_conf | remove all but last 10 backups of {{ dest }}
become: yes
shell: ls -td {{ dest }}.* |awk 'NR>10' |xargs rm -f
when: conf_stat_result.stat.exists
changed_when: False
07070100000047000081A40000000000000000000000015D5302B9000007C6000000000000000000000000000000000000004D00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-common/tasks/configure.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: heat-common | configure | Set max worker count to 8 if dynamic
CPU based count is greater than {{ num_engine_max_workers }}
set_fact:
num_engine_worker_count: "{{ num_engine_max_workers }}"
when: num_engine_worker_count | int > num_engine_max_workers | int
- include: _write_conf.yml
src: "heat.conf.j2"
dest: "{{ heat_service_conf_dir }}/heat.conf"
- name: "heat-common | configure | notify on heat.conf change"
command: /bin/true
register: ardana_notify_heat_all_restart_required
when: write_conf_result.changed
#TODO : Move this to api specific configure task
- name: heat-common | configure | Copy the files to config dir
become: yes
copy:
src: "{{ item }}"
dest: "{{ heat_service_conf_dir }}"
owner: "{{ heat_system_user }}"
group: "{{ heat_system_group }}"
mode: 0640
with_items:
- heat_api_audit_map.conf
- policy.json
register: ardana_notify_heat_all_restart_required
- include: _write_conf.yml
src: "api-paste.ini.j2"
dest: "{{ heat_service_conf_dir }}/api-paste.ini"
- name: heat-common | configure | Create heat audit logging directory
become: yes
file:
path: "{{ heat_audit_log_location }}"
owner: "{{ heat_system_user }}"
group: "{{ heat_system_group | default('root') }}"
mode: "0755"
state: directory
when: heat_audit_enable
07070100000048000081A40000000000000000000000015D5302B9000009A7000000000000000000000000000000000000004B00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-common/tasks/install.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017-2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: heat-common | install | check for presence of heat group
become: yes
command: "grep -q {{ heat_system_group }} /etc/group"
ignore_errors: True
register: group_chk_result
- name: heat-common | install | create heat group
become: yes
group:
name: "{{ heat_system_group }}"
state: present
system: yes
when: group_chk_result|failed
- name: heat-common | install | check for presence of heat user
become: yes
command: "id {{ heat_system_user }}"
ignore_errors: True
register: user_chk_result
- name: heat-common | install | create heat user
become: yes
user:
name: "{{ heat_system_user }}"
group: "{{ heat_system_group }}"
createhome: no
home: "{{ heat_home_dir }}"
shell: /bin/true
system: yes
when: user_chk_result|failed
- name: heat-common | install | create heat user home
become: yes
file:
path: "{{ heat_home_dir }}"
state: directory
owner: "{{ heat_system_user }}"
group: "{{ heat_system_group }}"
mode: 0700
when: user_chk_result|failed
- name: heat-common | install | create heat directories
become: yes
file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "{{ item.mode }}"
with_items:
- path: "{{ heat_service_conf_dir }}"
mode: "755"
owner: "{{ heat_system_user }}"
group: "{{ heat_system_group }}"
- path: "{{ heat_log_file_location }}"
mode: "755"
owner: "{{ heat_system_user }}"
group: "{{ heat_system_group }}"
- path: "{{ heat_plugins_dir }}"
mode: "755"
owner: "{{ heat_system_user }}"
group: "{{ heat_system_group }}"
- path: "{{ heat_environment_dir }}"
mode: "755"
owner: "{{ heat_system_user }}"
group: "{{ heat_system_group }}"
07070100000049000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000004300000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-common/templates0707010000004A000081A40000000000000000000000015D5302B900000F75000000000000000000000000000000000000005400000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-common/templates/api-paste.ini.j2{#
#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
#}
# heat-api pipeline
[pipeline:heat-api]
pipeline = request_id faultwrap http_proxy_to_wsgi versionnegotiation osprofiler authurl authtoken {%- if heat_audit_enable|bool %} audit{% endif %} context apiv1app
# heat-api pipeline for standalone heat
# ie. uses alternative auth backend that authenticates users against keystone
# using username and password instead of validating token (which requires
# an admin/service token).
# To enable, in heat.conf:
# [paste_deploy]
# flavor = standalone
#
[pipeline:heat-api-standalone]
pipeline = request_id faultwrap http_proxy_to_wsgi versionnegotiation authurl authpassword context apiv1app
# heat-api pipeline for custom cloud backends
# i.e. in heat.conf:
# [paste_deploy]
# flavor = custombackend
#
[pipeline:heat-api-custombackend]
pipeline = request_id faultwrap versionnegotiation context custombackendauth apiv1app
# heat-api-cfn pipeline
[pipeline:heat-api-cfn]
pipeline = cfnversionnegotiation osprofiler ec2authtoken authtoken {%- if heat_audit_enable|bool %} audit{% endif %} context apicfnv1app
# heat-api-cfn pipeline for standalone heat
# relies exclusively on authenticating with ec2 signed requests
[pipeline:heat-api-cfn-standalone]
pipeline = cfnversionnegotiation ec2authtoken context apicfnv1app
[app:apiv1app]
paste.app_factory = heat.common.wsgi:app_factory
heat.app_factory = heat.api.openstack.v1:API
[app:apicfnv1app]
paste.app_factory = heat.common.wsgi:app_factory
heat.app_factory = heat.api.cfn.v1:API
[filter:versionnegotiation]
paste.filter_factory = heat.common.wsgi:filter_factory
heat.filter_factory = heat.api.openstack:version_negotiation_filter
[filter:faultwrap]
paste.filter_factory = heat.common.wsgi:filter_factory
heat.filter_factory = heat.api.openstack:faultwrap_filter
[filter:cfnversionnegotiation]
paste.filter_factory = heat.common.wsgi:filter_factory
heat.filter_factory = heat.api.cfn:version_negotiation_filter
[filter:cwversionnegotiation]
paste.filter_factory = heat.common.wsgi:filter_factory
[filter:context]
paste.filter_factory = heat.common.context:ContextMiddleware_filter_factory
[filter:ec2authtoken]
paste.filter_factory = heat.api.aws.ec2token:EC2Token_filter_factory
[filter:http_proxy_to_wsgi]
paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory
# Middleware to set auth_url header appropriately
[filter:authurl]
paste.filter_factory = heat.common.auth_url:filter_factory
# Auth middleware that validates token against keystone
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
# Auth middleware that validates username/password against keystone
[filter:authpassword]
paste.filter_factory = heat.common.auth_password:filter_factory
# Auth middleware that validates against custom backend
[filter:custombackendauth]
paste.filter_factory = heat.common.custom_backend_auth:filter_factory
# Middleware to set x-openstack-request-id in http response header
[filter:request_id]
paste.filter_factory = oslo_middleware.request_id:RequestId.factory
[filter:osprofiler]
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
hmac_keys = SECRET_KEY
enabled = yes
{% if heat_audit_enable|bool %}
[filter:audit]
paste.filter_factory = keystonemiddleware.audit:filter_factory
audit_map_file = {{ heat_api_audit_config }}
{% endif %}
0707010000004B000081A40000000000000000000000015D5302B900011A93000000000000000000000000000000000000005000000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-common/templates/heat.conf.j2{#
#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
#}
# This configuration file includes the default values for Ardana Openstack
# Changes may be made to this file by the customer.
[DEFAULT]
#
# From heat.api.middleware.ssl
#
# The HTTP Header that will be used to determine which the original request
# protocol scheme was, even if it was removed by an SSL terminator proxy.
# (string value)
# Deprecated group/name - [DEFAULT]/secure_proxy_ssl_header
#secure_proxy_ssl_header = X-Forwarded-Proto
#
# From heat.common.config
#
# Name of the engine node. This can be an opaque identifier. It is not
# necessarily a hostname, FQDN, or IP address. (string value)
#host =
# List of directories to search for plug-ins. (list value)
plugin_dirs = {{ heat_plugins_dir }}
# The directory to search for environment files. (string value)
environment_dir = {{ heat_environment_dir }}
# The directory to search for template files. (string value)
#template_dir = /etc/heat/templates
# Allow reauthentication on token expiry, such that long-running tasks may
# complete. Note this defeats the expiry of any provided user tokens. (string
# value)
# Allowed values: '', trusts
#reauthentication_auth_method =
# Gap, in seconds, to determine whether the given token is about to expire.
# (integer value)
#stale_token_duration = 30
# Subset of trustor roles to be delegated to heat. If left unset, all roles of
# a user will be delegated to heat when creating a stack. (list value)
#trusts_delegated_roles =
# Maximum resources allowed per top-level stack. -1 stands for unlimited.
# (integer value)
#max_resources_per_stack = 1000
# Maximum number of stacks any one tenant may have active at one time. (integer
# value)
#max_stacks_per_tenant = 100
# Number of times to retry to bring a resource to a non-error state. Set to 0
# to disable retries. (integer value)
#action_retry_limit = 5
# Number of times to retry when a client encounters an expected intermittent
# error. Set to 0 to disable retries. (integer value)
#client_retry_limit = 2
# Maximum length of a server name to be used in nova. (integer value)
# Maximum value: 53
#max_server_name_length = 53
# Number of times to check whether an interface has been attached or detached.
# (integer value)
# Minimum value: 1
#max_interface_check_attempts = 10
# Controls how many events will be pruned whenever a stack's events exceed
# max_events_per_stack. Set this lower to keep more events at the expense of
# more frequent purges. (integer value)
#event_purge_batch_size = 10
# Maximum events that will be available per stack. Older events will be deleted
# when this is reached. Set to 0 for unlimited events per stack. (integer
# value)
#max_events_per_stack = 1000
# Timeout in seconds for stack action (ie. create or update). (integer value)
#stack_action_timeout = 3600
# The amount of time in seconds after an error has occurred that tasks may
# continue to run before being cancelled. (integer value)
#error_wait_time = 240
# RPC timeout for the engine liveness check that is used for stack locking.
# (integer value)
#engine_life_check_timeout = 2
# Enable the preview Stack Abandon feature. (boolean value)
#enable_stack_abandon = false
# Enable the preview Stack Adopt feature. (boolean value)
#enable_stack_adopt = false
# Enables engine with convergence architecture. All stacks with this option
# will be created using convergence engine. (boolean value)
#convergence_engine = true
# On update, enables heat to collect existing resource properties from reality
# and converge to updated template. (boolean value)
#observe_on_update = false
# Template default for how the server should receive the metadata required for
# software configuration. POLL_SERVER_CFN will allow calls to the cfn API
# action DescribeStackResource authenticated with the provided keypair
# (requires enabled heat-api-cfn). POLL_SERVER_HEAT will allow calls to the
# Heat API resource-show using the provided keystone credentials (requires
# keystone v3 API, and configured stack_user_* config options). POLL_TEMP_URL
# will create and populate a Swift TempURL with metadata for polling (requires
# object-store endpoint which supports TempURL).ZAQAR_MESSAGE will create a
# dedicated zaqar queue and post the metadata for polling. (string value)
# Allowed values: POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE
#default_software_config_transport = POLL_SERVER_CFN
# Template default for how the server should signal to heat with the deployment
# output values. CFN_SIGNAL will allow an HTTP POST to a CFN keypair signed URL
# (requires enabled heat-api-cfn). TEMP_URL_SIGNAL will create a Swift TempURL
# to be signaled via HTTP PUT (requires object-store endpoint which supports
# TempURL). HEAT_SIGNAL will allow calls to the Heat API resource-signal using
# the provided keystone credentials. ZAQAR_SIGNAL will create a dedicated zaqar
# queue to be signaled using the provided keystone credentials. (string value)
# Allowed values: CFN_SIGNAL, TEMP_URL_SIGNAL, HEAT_SIGNAL, ZAQAR_SIGNAL
#default_deployment_signal_transport = CFN_SIGNAL
# Stacks containing these tag names will be hidden. Multiple tags should be
# given in a comma-delimited list (eg. hidden_stack_tags=hide_me,me_too). (list
# value)
#hidden_stack_tags = data-processing-cluster
# Deprecated. (string value)
#onready = <None>
# When this feature is enabled, scheduler hints identifying the heat stack
# context of a server or volume resource are passed to the configured
# schedulers in nova and cinder, for creates done using heat resource types
# OS::Cinder::Volume, OS::Nova::Server, and AWS::EC2::Instance.
# heat_root_stack_id will be set to the id of the root stack of the resource,
# heat_stack_id will be set to the id of the resource's parent stack,
# heat_stack_name will be set to the name of the resource's parent stack,
# heat_path_in_stack will be set to a list of comma delimited strings of
# stackresourcename and stackname with list[0] being 'rootstackname',
# heat_resource_name will be set to the resource's name, and heat_resource_uuid
# will be set to the resource's orchestration id. (boolean value)
#stack_scheduler_hints = false
# Encrypt template parameters that were marked as hidden and also all the
# resource properties before storing them in database. (boolean value)
encrypt_parameters_and_properties = {{ heat_encrypt_parameters_and_properties }}
# Seconds between running periodic tasks. (integer value)
#periodic_interval = 60
# URL of the Heat metadata server. NOTE: Setting this is only needed if you
# require instances to use a different endpoint than in the keystone catalog
# (string value)
heat_metadata_server_url = {{ heat_metadata_server_url }}
# URL of the Heat waitcondition server. (string value)
heat_waitcondition_server_url = {{ heat_waitcondition_server_url }}
# Instance connection to CFN/CW API via https. (string value)
#instance_connection_is_secure = 0
# Instance connection to CFN/CW API validate certs if SSL is used. (string
# value)
#instance_connection_https_validate_certificates = 1
# Default region name used to get services endpoints. (string value)
region_name_for_services = {{ heat_region_name_for_services }}
# Keystone role for heat template-defined users. (string value)
heat_stack_user_role = {{ heat_stack_user_role }}
# Keystone domain ID which contains heat template-defined users. If this option
# is set, stack_user_domain_name option will be ignored. (string value)
# Deprecated group/name - [DEFAULT]/stack_user_domain
stack_user_domain_id = {{ heat_stack_domain_id }}
# Keystone domain name which contains heat template-defined users. If
# `stack_user_domain_id` option is set, this option is ignored. (string value)
#stack_user_domain_name = <None>
# Keystone username, a user with roles sufficient to manage users and projects
# in the stack_user_domain. (string value)
stack_domain_admin = {{ heat_stack_domain_admin_user }}
# Keystone password for stack_domain_admin user. (string value)
stack_domain_admin_password = {{ heat_stack_domain_admin_user_password }}
# Maximum raw byte size of any template. (integer value)
#max_template_size = 524288
# Maximum depth allowed when using nested stacks. (integer value)
#max_nested_stack_depth = 5
# Number of heat-engine processes to fork and run. Will default to either to 4
# or number of CPUs on the host, whichever is greater. (integer value)
num_engine_workers = {{ num_engine_worker_count }}
#
# From heat.common.crypt
#
# Key used to encrypt authentication info in the database. Length of this key
# must be 32 characters. (string value)
auth_encryption_key = {{ heat_auth_encryption_key }}
#
# From heat.common.wsgi
#
# Maximum raw byte size of JSON request body. Should be larger than
# max_template_size. (integer value)
#max_json_body_size = 1048576
#
# From heat.engine.clients
#
# Fully qualified class name to use as a client backend. (string value)
#cloud_backend = heat.engine.clients.OpenStackClients
#
# From heat.engine.notification
#
# Default notification level for outgoing notifications. (string value)
#default_notification_level = INFO
# Default publisher_id for outgoing notifications. (string value)
#default_publisher_id = <None>
#
# From heat.engine.resources
#
# Custom template for the built-in loadbalancer nested stack. (string value)
#loadbalancer_template = <None>
#
# From oslo.log
#
# If set to true, the logging level will be set to DEBUG instead of the default
# INFO level. (boolean value)
# Note: This option can be changed without restarting.
debug = {{ heat_debug }}
# The name of a logging configuration file. This file is appended to any
# existing logging configuration files. For details about logging configuration
# files, see the Python logging module documentation. Note that when logging
# configuration files are used then all logging configuration is set in the
# configuration file and other logging configuration options are ignored (for
# example, logging_context_format_string). (string value)
# Note: This option can be changed without restarting.
# Deprecated group/name - [DEFAULT]/log_config
#log_config_append = <None>
# Defines the format string for %%(asctime)s in log records. Default:
# %(default)s . This option is ignored if log_config_append is set. (string
# value)
#log_date_format = %Y-%m-%d %H:%M:%S
# (Optional) Name of log file to send logging output to. If no default is set,
# logging will go to stderr as defined by use_stderr. This option is ignored if
# log_config_append is set. (string value)
# Deprecated group/name - [DEFAULT]/logfile
#log_file = <None>
# (Optional) The base directory used for relative log_file paths. This option
# is ignored if log_config_append is set. (string value)
# Deprecated group/name - [DEFAULT]/logdir
log_dir = {{ heat_log_location }}
# Uses logging handler designed to watch file system. When log file is moved or
# removed this handler will open a new log file with specified path
# instantaneously. It makes sense only if log_file option is specified and
# Linux platform is used. This option is ignored if log_config_append is set.
# (boolean value)
#watch_log_file = false
# Use syslog for logging. Existing syslog format is DEPRECATED and will be
# changed later to honor RFC5424. This option is ignored if log_config_append
# is set. (boolean value)
use_syslog = False
# Syslog facility to receive log lines. This option is ignored if
# log_config_append is set. (string value)
#syslog_log_facility = LOG_USER
# Log output to standard error. This option is ignored if log_config_append is
# set. (boolean value)
#use_stderr = true
# Format string to use for log messages with context. (string value)
#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
# Format string to use for log messages when context is undefined. (string
# value)
#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
# Additional data to append to log message when logging level for the message
# is DEBUG. (string value)
#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
# Prefix each line of exception output with this format. (string value)
#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
# Defines the format string for %(user_identity)s that is used in
# logging_context_format_string. (string value)
#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
# List of package logging levels in logger=LEVEL pairs. This option is ignored
# if log_config_append is set. (list value)
#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
# Enables or disables publication of error events. (boolean value)
#publish_errors = false
# The format for an instance that is passed with the log message. (string
# value)
#instance_format = "[instance: %(uuid)s] "
# The format for an instance UUID that is passed with the log message. (string
# value)
#instance_uuid_format = "[instance: %(uuid)s] "
# Enables or disables fatal status of deprecations. (boolean value)
#fatal_deprecations = false
#
# From oslo.messaging
#
# Size of RPC connection pool. (integer value)
# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
#rpc_conn_pool_size = 30
# The pool size limit for connections expiration policy (integer value)
#conn_pool_min_size = 2
# The time-to-live in sec of idle connections in the pool (integer value)
#conn_pool_ttl = 1200
# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
# The "host" option should point or resolve to this address. (string value)
# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
#rpc_zmq_bind_address = *
# MatchMaker driver. (string value)
# Allowed values: redis, dummy
# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
#rpc_zmq_matchmaker = redis
# Number of ZeroMQ contexts, defaults to 1. (integer value)
# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
#rpc_zmq_contexts = 1
# Maximum number of ingress messages to locally buffer per topic. Default is
# unlimited. (integer value)
# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
#rpc_zmq_topic_backlog = <None>
# Directory for holding IPC sockets. (string value)
# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
#rpc_zmq_ipc_dir = /var/run/openstack
# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
# "host" option, if running Nova. (string value)
# Deprecated group/name - [DEFAULT]/rpc_zmq_host
#rpc_zmq_host = localhost
# Seconds to wait before a cast expires (TTL). The default value of -1
# specifies an infinite linger period. The value of 0 specifies no linger
# period. Pending messages shall be discarded immediately when the socket is
# closed. Only supported by impl_zmq. (integer value)
# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
#rpc_cast_timeout = -1
# The default number of seconds that poll should wait. Poll raises timeout
# exception when timeout expired. (integer value)
# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
#rpc_poll_timeout = 1
# Expiration timeout in seconds of a name service record about existing target
# ( < 0 means no timeout). (integer value)
# Deprecated group/name - [DEFAULT]/zmq_target_expire
#zmq_target_expire = 300
# Update period in seconds of a name service record about existing target.
# (integer value)
# Deprecated group/name - [DEFAULT]/zmq_target_update
#zmq_target_update = 180
# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
# value)
# Deprecated group/name - [DEFAULT]/use_pub_sub
#use_pub_sub = true
# Use ROUTER remote proxy. (boolean value)
# Deprecated group/name - [DEFAULT]/use_router_proxy
#use_router_proxy = true
# Minimal port number for random ports range. (port value)
# Minimum value: 0
# Maximum value: 65535
# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
#rpc_zmq_min_port = 49153
# Maximal port number for random ports range. (integer value)
# Minimum value: 1
# Maximum value: 65536
# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
#rpc_zmq_max_port = 65536
# Number of retries to find free port number before fail with ZMQBindError.
# (integer value)
# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
#rpc_zmq_bind_port_retries = 100
# Default serialization mechanism for serializing/deserializing
# outgoing/incoming messages (string value)
# Allowed values: json, msgpack
# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
#rpc_zmq_serialization = json
# This option configures round-robin mode in zmq socket. True means not keeping
# a queue when server side disconnects. False means to keep queue and messages
# even if server is disconnected, when the server appears we send all
# accumulated messages to it. (boolean value)
#zmq_immediate = false
# Size of executor thread pool. (integer value)
# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
#executor_thread_pool_size = 64
# Seconds to wait for a response from a call. (integer value)
#rpc_response_timeout = 60
# A URL representing the messaging driver to use and its full configuration.
# (string value)
transport_url = rabbit://{{ heat_rabbit_hosts }}//
# The default exchange under which topics are scoped. May be overridden by an
# exchange name specified in the transport_url option. (string value)
#control_exchange = openstack
#
# From oslo.service.periodic_task
#
# Some periodic tasks can be run in a separate process. Should we run them
# here? (boolean value)
#run_external_periodic_tasks = true
#
# From oslo.service.service
#
# Enable eventlet backdoor. Acceptable values are 0, <port>, and
# <start>:<end>, where 0 results in listening on a random tcp port number;
# <port> results in listening on the specified port number (and not enabling
# backdoor if that port is in use); and <start>:<end> results in listening on
# the smallest unused port number within the specified range of port numbers.
# The chosen port is displayed in the service's log file. (string value)
#backdoor_port = <None>
# Enable eventlet backdoor, using the provided path as a unix socket that can
# receive connections. This option is mutually exclusive with 'backdoor_port'
# in that only one should be provided. If both are provided then the existence
# of this option overrides the usage of that option. (string value)
#backdoor_socket = <None>
# Enables or disables logging values of all registered options when starting a
# service (at DEBUG level). (boolean value)
#log_options = true
# Specify a timeout after which a gracefully shutdown server will exit. Zero
# value means endless wait. (integer value)
#graceful_shutdown_timeout = 60
notification_topic = {{ heat_notification_topic }}
[auth_password]
#
# From heat.common.config
#
# Allow orchestration of multiple clouds. (boolean value)
#multi_cloud = false
# Allowed keystone endpoints for auth_uri when multi_cloud is enabled. At least
# one endpoint needs to be specified. (list value)
#allowed_auth_uris =
[clients]
#
# From heat.common.config
#
# Type of endpoint in Identity service catalog to use for communication with
# the OpenStack service. (string value)
endpoint_type = {{ heat_endpoint_type }}
# Optional CA cert file to use in SSL connections. (string value)
ca_file = {{ heat_ca_file }}
# Optional PEM-formatted certificate chain file. (string value)
#cert_file = <None>
# Optional PEM-formatted file that contains the private key. (string value)
#key_file = <None>
# If set, then the server's certificate will not be verified. (boolean value)
#insecure = false
[clients_aodh]
#
# From heat.common.config
#
# Type of endpoint in Identity service catalog to use for communication with
# the OpenStack service. (string value)
#endpoint_type = <None>
# Optional CA cert file to use in SSL connections. (string value)
#ca_file = <None>
# Optional PEM-formatted certificate chain file. (string value)
#cert_file = <None>
# Optional PEM-formatted file that contains the private key. (string value)
#key_file = <None>
# If set, then the server's certificate will not be verified. (boolean value)
#insecure = <None>
[clients_barbican]
#
# From heat.common.config
#
# Type of endpoint in Identity service catalog to use for communication with
# the OpenStack service. (string value)
#endpoint_type = <None>
# Optional CA cert file to use in SSL connections. (string value)
#ca_file = <None>
# Optional PEM-formatted certificate chain file. (string value)
#cert_file = <None>
# Optional PEM-formatted file that contains the private key. (string value)
#key_file = <None>
# If set, then the server's certificate will not be verified. (boolean value)
#insecure = <None>
[clients_ceilometer]
#
# From heat.common.config
#
# Type of endpoint in Identity service catalog to use for communication with
# the OpenStack service. (string value)
#endpoint_type = <None>
# Optional CA cert file to use in SSL connections. (string value)
#ca_file = <None>
# Optional PEM-formatted certificate chain file. (string value)
#cert_file = <None>
# Optional PEM-formatted file that contains the private key. (string value)
#key_file = <None>
# If set, then the server's certificate will not be verified. (boolean value)
#insecure = <None>
[clients_cinder]
#
# From heat.common.config
#
# Type of endpoint in Identity service catalog to use for communication with
# the OpenStack service. (string value)
#endpoint_type = <None>
# Optional CA cert file to use in SSL connections. (string value)
#ca_file = <None>
# Optional PEM-formatted certificate chain file. (string value)
#cert_file = <None>
# Optional PEM-formatted file that contains the private key. (string value)
#key_file = <None>
# If set, then the server's certificate will not be verified. (boolean value)
#insecure = <None>
# Allow client's debug log output. (boolean value)
#http_log_debug = false
[clients_designate]
#
# From heat.common.config
#
# Type of endpoint in Identity service catalog to use for communication with
# the OpenStack service. (string value)
#endpoint_type = <None>
# Optional CA cert file to use in SSL connections. (string value)
#ca_file = <None>
# Optional PEM-formatted certificate chain file. (string value)
#cert_file = <None>
# Optional PEM-formatted file that contains the private key. (string value)
#key_file = <None>
# If set, then the server's certificate will not be verified. (boolean value)
#insecure = <None>
[clients_glance]
#
# From heat.common.config
#
# Type of endpoint in Identity service catalog to use for communication with
# the OpenStack service. (string value)
#endpoint_type = <None>
# Optional CA cert file to use in SSL connections. (string value)
#ca_file = <None>
# Optional PEM-formatted certificate chain file. (string value)
#cert_file = <None>
# Optional PEM-formatted file that contains the private key. (string value)
#key_file = <None>
# If set, then the server's certificate will not be verified. (boolean value)
#insecure = <None>
[clients_heat]
#
# From heat.common.config
#
# Type of endpoint in Identity service catalog to use for communication with
# the OpenStack service. (string value)
endpoint_type = publicURL
# Optional CA cert file to use in SSL connections. (string value)
ca_file = {{ heat_ca_file }}
# Optional PEM-formatted certificate chain file. (string value)
#cert_file = <None>
# Optional PEM-formatted file that contains the private key. (string value)
#key_file = <None>
# If set, then the server's certificate will not be verified. (boolean value)
#insecure = <None>
# Optional heat url in format like http://0.0.0.0:8004/v1/%(tenant_id)s.
# (string value)
#url =
[clients_keystone]
#
# From heat.common.config
#
# Type of endpoint in Identity service catalog to use for communication with
# the OpenStack service. (string value)
#endpoint_type = <None>
# Optional CA cert file to use in SSL connections. (string value)
#ca_file = <None>
# Optional PEM-formatted certificate chain file. (string value)
#cert_file = <None>
# Optional PEM-formatted file that contains the private key. (string value)
#key_file = <None>
# If set, then the server's certificate will not be verified. (boolean value)
#insecure = <None>
# Unversioned keystone url in format like http://0.0.0.0:5000. (string value)
#auth_uri =
[clients_magnum]
#
# From heat.common.config
#
# Type of endpoint in Identity service catalog to use for communication with
# the OpenStack service. (string value)
#endpoint_type = <None>
# Optional CA cert file to use in SSL connections. (string value)
#ca_file = <None>
# Optional PEM-formatted certificate chain file. (string value)
#cert_file = <None>
# Optional PEM-formatted file that contains the private key. (string value)
#key_file = <None>
# If set, then the server's certificate will not be verified. (boolean value)
#insecure = <None>
[clients_manila]
#
# From heat.common.config
#
# Type of endpoint in Identity service catalog to use for communication with
# the OpenStack service. (string value)
#endpoint_type = <None>
# Optional CA cert file to use in SSL connections. (string value)
#ca_file = <None>
# Optional PEM-formatted certificate chain file. (string value)
#cert_file = <None>
# Optional PEM-formatted file that contains the private key. (string value)
#key_file = <None>
# If set, then the server's certificate will not be verified. (boolean value)
#insecure = <None>
[clients_mistral]
#
# From heat.common.config
#
# Type of endpoint in Identity service catalog to use for communication with
# the OpenStack service. (string value)
#endpoint_type = <None>
# Optional CA cert file to use in SSL connections. (string value)
#ca_file = <None>
# Optional PEM-formatted certificate chain file. (string value)
#cert_file = <None>
# Optional PEM-formatted file that contains the private key. (string value)
#key_file = <None>
# If set, then the server's certificate will not be verified. (boolean value)
#insecure = <None>
[clients_monasca]
#
# From heat.common.config
#
# Type of endpoint in Identity service catalog to use for communication with
# the OpenStack service. (string value)
#endpoint_type = <None>
# Optional CA cert file to use in SSL connections. (string value)
#ca_file = <None>
# Optional PEM-formatted certificate chain file. (string value)
#cert_file = <None>
# Optional PEM-formatted file that contains the private key. (string value)
#key_file = <None>
# If set, then the server's certificate will not be verified. (boolean value)
#insecure = <None>
[clients_neutron]
#
# From heat.common.config
#
# Type of endpoint in Identity service catalog to use for communication with
# the OpenStack service. (string value)
#endpoint_type = <None>
# Optional CA cert file to use in SSL connections. (string value)
#ca_file = <None>
# Optional PEM-formatted certificate chain file. (string value)
#cert_file = <None>
# Optional PEM-formatted file that contains the private key. (string value)
#key_file = <None>
# If set, then the server's certificate will not be verified. (boolean value)
#insecure = <None>
[clients_nova]
#
# From heat.common.config
#
# Type of endpoint in Identity service catalog to use for communication with
# the OpenStack service. (string value)
#endpoint_type = <None>
# Optional CA cert file to use in SSL connections. (string value)
#ca_file = <None>
# Optional PEM-formatted certificate chain file. (string value)
#cert_file = <None>
# Optional PEM-formatted file that contains the private key. (string value)
#key_file = <None>
# If set, then the server's certificate will not be verified. (boolean value)
#insecure = <None>
# Allow client's debug log output. (boolean value)
#http_log_debug = false
[clients_sahara]
#
# From heat.common.config
#
# Type of endpoint in Identity service catalog to use for communication with
# the OpenStack service. (string value)
#endpoint_type = <None>
# Optional CA cert file to use in SSL connections. (string value)
#ca_file = <None>
# Optional PEM-formatted certificate chain file. (string value)
#cert_file = <None>
# Optional PEM-formatted file that contains the private key. (string value)
#key_file = <None>
# If set, then the server's certificate will not be verified. (boolean value)
#insecure = <None>
[clients_senlin]
#
# From heat.common.config
#
# Type of endpoint in Identity service catalog to use for communication with
# the OpenStack service. (string value)
#endpoint_type = <None>
# Optional CA cert file to use in SSL connections. (string value)
#ca_file = <None>
# Optional PEM-formatted certificate chain file. (string value)
#cert_file = <None>
# Optional PEM-formatted file that contains the private key. (string value)
#key_file = <None>
# If set, then the server's certificate will not be verified. (boolean value)
#insecure = <None>
[clients_swift]
#
# From heat.common.config
#
# Type of endpoint in Identity service catalog to use for communication with
# the OpenStack service. (string value)
#endpoint_type = <None>
# Optional CA cert file to use in SSL connections. (string value)
#ca_file = <None>
# Optional PEM-formatted certificate chain file. (string value)
#cert_file = <None>
# Optional PEM-formatted file that contains the private key. (string value)
#key_file = <None>
# If set, then the server's certificate will not be verified. (boolean value)
#insecure = <None>
[clients_trove]
#
# From heat.common.config
#
# Type of endpoint in Identity service catalog to use for communication with
# the OpenStack service. (string value)
#endpoint_type = <None>
# Optional CA cert file to use in SSL connections. (string value)
#ca_file = <None>
# Optional PEM-formatted certificate chain file. (string value)
#cert_file = <None>
# Optional PEM-formatted file that contains the private key. (string value)
#key_file = <None>
# If set, then the server's certificate will not be verified. (boolean value)
#insecure = <None>
[clients_zaqar]
#
# From heat.common.config
#
# Type of endpoint in Identity service catalog to use for communication with
# the OpenStack service. (string value)
#endpoint_type = <None>
# Optional CA cert file to use in SSL connections. (string value)
#ca_file = <None>
# Optional PEM-formatted certificate chain file. (string value)
#cert_file = <None>
# Optional PEM-formatted file that contains the private key. (string value)
#key_file = <None>
# If set, then the server's certificate will not be verified. (boolean value)
#insecure = <None>
[cors]
#
# From oslo.middleware
#
# Indicate whether this resource may be shared with the domain received in the
# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
# slash. Example: https://horizon.example.com (list value)
#allowed_origin = <None>
# Indicate that the actual request can include user credentials (boolean value)
#allow_credentials = true
# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
# Headers. (list value)
#expose_headers = X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID
# Maximum cache age of CORS preflight requests. (integer value)
#max_age = 3600
# Indicate which methods can be used during the actual request. (list value)
#allow_methods = GET,PUT,POST,DELETE,PATCH
# Indicate which header field names may be used during the actual request.
# (list value)
#allow_headers = X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID
[cors.subdomain]
#
# From oslo.middleware
#
# Indicate whether this resource may be shared with the domain received in the
# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
# slash. Example: https://horizon.example.com (list value)
#allowed_origin = <None>
# Indicate that the actual request can include user credentials (boolean value)
#allow_credentials = true
# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
# Headers. (list value)
#expose_headers = X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID
# Maximum cache age of CORS preflight requests. (integer value)
#max_age = 3600
# Indicate which methods can be used during the actual request. (list value)
#allow_methods = GET,PUT,POST,DELETE,PATCH
# Indicate which header field names may be used during the actual request.
# (list value)
#allow_headers = X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID
[database]
#
# From oslo.db
#
# If True, SQLite uses synchronous mode. (boolean value)
# Deprecated group/name - [DEFAULT]/sqlite_synchronous
#sqlite_synchronous = true
# The back end to use for the database. (string value)
# Deprecated group/name - [DEFAULT]/db_backend
#backend = sqlalchemy
# The SQLAlchemy connection string to use to connect to the database. (string
# value)
# Deprecated group/name - [DEFAULT]/sql_connection
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
connection = {{ heat_database_connection }}
# The SQLAlchemy connection string to use to connect to the slave database.
# (string value)
#slave_connection = <None>
# The SQL mode to be used for MySQL sessions. This option, including the
# default, overrides any server-set SQL mode. To use whatever SQL mode is set
# by the server configuration, set this to no value. Example: mysql_sql_mode=
# (string value)
#mysql_sql_mode = TRADITIONAL
# Timeout before idle SQL connections are reaped. (integer value)
# Deprecated group/name - [DEFAULT]/sql_idle_timeout
# Deprecated group/name - [DATABASE]/sql_idle_timeout
# Deprecated group/name - [sql]/idle_timeout
#idle_timeout = 3600
# Minimum number of SQL connections to keep open in a pool. (integer value)
# Deprecated group/name - [DEFAULT]/sql_min_pool_size
# Deprecated group/name - [DATABASE]/sql_min_pool_size
#min_pool_size = 1
# Maximum number of SQL connections to keep open in a pool. Setting a value of
# 0 indicates no limit. (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_pool_size
# Deprecated group/name - [DATABASE]/sql_max_pool_size
#max_pool_size = 5
# Maximum number of database connection retries during startup. Set to -1 to
# specify an infinite retry count. (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_retries
# Deprecated group/name - [DATABASE]/sql_max_retries
#max_retries = 10
# Interval between retries of opening a SQL connection. (integer value)
# Deprecated group/name - [DEFAULT]/sql_retry_interval
# Deprecated group/name - [DATABASE]/reconnect_interval
#retry_interval = 10
# If set, use this value for max_overflow with SQLAlchemy. (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_overflow
# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
#max_overflow = 50
# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
# value)
# Minimum value: 0
# Maximum value: 100
# Deprecated group/name - [DEFAULT]/sql_connection_debug
#connection_debug = 0
# Add Python stack traces to SQL as comment strings. (boolean value)
# Deprecated group/name - [DEFAULT]/sql_connection_trace
#connection_trace = false
# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
#pool_timeout = <None>
# Enable the experimental use of database reconnect on connection lost.
# (boolean value)
#use_db_reconnect = false
# Seconds between retries of a database transaction. (integer value)
#db_retry_interval = 1
# If True, increases the interval between retries of a database operation up to
# db_max_retry_interval. (boolean value)
#db_inc_retry_interval = true
# If db_inc_retry_interval is set, the maximum seconds between retries of a
# database operation. (integer value)
#db_max_retry_interval = 10
# Maximum retries in case of connection error or deadlock error before error is
# raised. Set to -1 to specify an infinite retry count. (integer value)
#db_max_retries = 20
[ec2authtoken]
#
# From heat.api.aws.ec2token
#
# Authentication Endpoint URI. (string value)
auth_uri = {{ heat_ec2_auth_uri }}
# Allow orchestration of multiple clouds. (boolean value)
#multi_cloud = false
# Allowed keystone endpoints for auth_uri when multi_cloud is enabled. At least
# one endpoint needs to be specified. (list value)
#allowed_auth_uris =
# Optional PEM-formatted certificate chain file. (string value)
#cert_file = <None>
# Optional PEM-formatted file that contains the private key. (string value)
#key_file = <None>
# Optional CA cert file to use in SSL connections. (string value)
#ca_file = <None>
# If set, then the server's certificate will not be verified. (boolean value)
#insecure = false
[eventlet_opts]
#
# From heat.common.wsgi
#
# If False, closes the client socket connection explicitly. (boolean value)
#wsgi_keep_alive = true
# Timeout for client connections' socket operations. If an incoming connection
# is idle for this number of seconds it will be closed. A value of '0' means
# wait forever. (integer value)
#client_socket_timeout = 900
[heat_api]
#
# From heat.common.wsgi
#
# Address to bind the server. Useful when selecting a particular network
# interface. (IP address value)
# Deprecated group/name - [DEFAULT]/bind_host
bind_host = {{ heat_api_bind_host }}
# The port on which the server will listen. (port value)
# Minimum value: 0
# Maximum value: 65535
# Deprecated group/name - [DEFAULT]/bind_port
bind_port = 8004
# Number of backlog requests to configure the socket with. (integer value)
# Deprecated group/name - [DEFAULT]/backlog
#backlog = 4096
# Location of the SSL certificate file to use for SSL mode. (string value)
# Deprecated group/name - [DEFAULT]/cert_file
#cert_file = <None>
# Location of the SSL key file to use for enabling SSL mode. (string value)
# Deprecated group/name - [DEFAULT]/key_file
#key_file = <None>
# Number of workers for Heat service. Default value 0 means, that service will
# start number of workers equal number of cores on server. (integer value)
# Deprecated group/name - [DEFAULT]/workers
workers = {{ heat_api_workers }}
# Maximum line size of message headers to be accepted. max_header_line may need
# to be increased when using large tokens (typically those generated by the
# Keystone v3 API with big service catalogs). (integer value)
#max_header_line = 16384
# The value for the socket option TCP_KEEPIDLE. This is the time in seconds
# that the connection must be idle before TCP starts sending keepalive probes.
# (integer value)
#tcp_keepidle = 600
[heat_api_cfn]
#
# From heat.common.wsgi
#
# Address to bind the server. Useful when selecting a particular network
# interface. (IP address value)
# Deprecated group/name - [DEFAULT]/bind_host
bind_host = {{ heat_api_cfn_bind_host }}
# The port on which the server will listen. (port value)
# Minimum value: 0
# Maximum value: 65535
# Deprecated group/name - [DEFAULT]/bind_port
bind_port = 8000
# Number of backlog requests to configure the socket with. (integer value)
# Deprecated group/name - [DEFAULT]/backlog
#backlog = 4096
# Location of the SSL certificate file to use for SSL mode. (string value)
# Deprecated group/name - [DEFAULT]/cert_file
#cert_file = <None>
# Location of the SSL key file to use for enabling SSL mode. (string value)
# Deprecated group/name - [DEFAULT]/key_file
#key_file = <None>
# Number of workers for Heat service. (integer value)
# Deprecated group/name - [DEFAULT]/workers
#workers = 1
# Maximum line size of message headers to be accepted. max_header_line may need
# to be increased when using large tokens (typically those generated by the
# Keystone v3 API with big service catalogs). (integer value)
#max_header_line = 16384
# The value for the socket option TCP_KEEPIDLE. This is the time in seconds
# that the connection must be idle before TCP starts sending keepalive probes.
# (integer value)
#tcp_keepidle = 600
[keystone_authtoken]
#
# From keystonemiddleware.auth_token
#
# Complete "public" Identity API endpoint. This endpoint should not be an
# "admin" endpoint, as it should be accessible by all end users.
# Unauthenticated clients are redirected to this endpoint to authenticate.
# Although this endpoint should ideally be unversioned, client support in the
# wild varies. If you're using a versioned v2 endpoint here, then this should
# *not* be the same endpoint the service user utilizes for validating tokens,
# because normal end users may not be able to reach that endpoint. (string
# value)
www_authenticate_uri = {{ heat_keystone_auth_uri }}
# API version of the admin Identity API endpoint. (string value)
#auth_version = <None>
# Do not handle authorization requests within the middleware, but delegate the
# authorization decision to downstream WSGI components. (boolean value)
#delay_auth_decision = false
# Request timeout value for communicating with Identity API server. (integer
# value)
#http_connect_timeout = <None>
# How many times are we trying to reconnect when communicating with Identity
# API Server. (integer value)
#http_request_max_retries = 3
# Request environment key where the Swift cache object is stored. When
# auth_token middleware is deployed with a Swift cache, use this option to have
# the middleware share a caching backend with swift. Otherwise, use the
# ``memcached_servers`` option instead. (string value)
#cache = <None>
# Required if identity server requires client certificate (string value)
#certfile = <None>
# Required if identity server requires client certificate (string value)
#keyfile = <None>
# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
# Defaults to system CAs. (string value)
cafile = {{ heat_ca_file }}
# Verify HTTPS connections. (boolean value)
#insecure = false
# The region in which the identity server can be found. (string value)
#region_name = <None>
# Directory used to cache files related to PKI tokens. (string value)
#signing_dir = <None>
# Optionally specify a list of memcached server(s) to use for caching. If left
# undefined, tokens will instead be cached in-process. (list value)
# Deprecated group/name - [keystone_authtoken]/memcache_servers
memcached_servers = {{ memcached_servers }}
# In order to prevent excessive effort spent validating tokens, the middleware
# caches previously-seen tokens for a configurable duration (in seconds). Set
# to -1 to disable caching completely. (integer value)
#token_cache_time = 300
# Determines the frequency at which the list of revoked tokens is retrieved
# from the Identity service (in seconds). A high number of revocation events
# combined with a low cache duration may significantly reduce performance. Only
# valid for PKI tokens. (integer value)
#revocation_cache_time = 10
# (Optional) If defined, indicate whether token data should be authenticated or
# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
# cache. If the value is not one of these options or empty, auth_token will
# raise an exception on initialization. (string value)
# Allowed values: None, MAC, ENCRYPT
memcache_security_strategy = ENCRYPT
# (Optional, mandatory if memcache_security_strategy is defined) This string is
# used for key derivation. (string value)
memcache_secret_key = {{ memcache_secret_key }}
# (Optional) Number of seconds memcached server is considered dead before it is
# tried again. (integer value)
#memcache_pool_dead_retry = 300
# (Optional) Maximum total number of open connections to every memcached
# server. (integer value)
#memcache_pool_maxsize = 10
# (Optional) Socket timeout in seconds for communicating with a memcached
# server. (integer value)
memcache_pool_socket_timeout = 1
# (Optional) Number of seconds a connection to memcached is held unused in the
# pool before it is closed. (integer value)
#memcache_pool_unused_timeout = 60
# (Optional) Number of seconds that an operation will wait to get a memcached
# client connection from the pool. (integer value)
#memcache_pool_conn_get_timeout = 10
# (Optional) Use the advanced (eventlet safe) memcached client pool. The
# advanced pool will only work under python 2.x. (boolean value)
#memcache_use_advanced_pool = false
# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
# middleware will not ask for service catalog on token validation and will not
# set the X-Service-Catalog header. (boolean value)
#include_service_catalog = true
# Used to control the use and type of token binding. Can be set to: "disabled"
# to not check token binding. "permissive" (default) to validate binding
# information if the bind type is of a form known to the server and ignore it
# if not. "strict" like "permissive" but if the bind type is unknown the token
# will be rejected. "required" any form of token binding is needed to be
# allowed. Finally the name of a binding method that must be present in tokens.
# (string value)
#enforce_token_bind = permissive
# If true, the revocation list will be checked for cached tokens. This requires
# that PKI tokens are configured on the identity server. (boolean value)
#check_revocations_for_cached = false
# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm
# or multiple. The algorithms are those supported by Python standard
# hashlib.new(). The hashes will be tried in the order given, so put the
# preferred one first for performance. The result of the first hash will be
# stored in the cache. This will typically be set to multiple values only while
# migrating from a less secure algorithm to a more secure one. Once all the old
# tokens are expired this option should be set to a single value for better
# performance. (list value)
#hash_algorithms = md5
# Authentication type to load (string value)
# Deprecated group/name - [keystone_authtoken]/auth_plugin
auth_type = password
# Config Section from which to load plugin specific options (string value)
#auth_section = <None>
# A choice of roles that must be present in a service token. Service tokens are
# allowed to request that an expired token can be used and so this check should
# tightly control that only actual services should be sending this token. Roles
# here are applied as an ANY check so any role in this list must be present.
# For backwards compatibility reasons this currently only affects the
# allow_expired check.
service_token_roles = admin
# For backwards compatibility reasons we must let valid service tokens pass
# that don't pass the service_token_roles check as valid. Setting this true
# will become the default in a future release and should be enabled if
# possible.
service_token_roles_required = True
# password auth plugin options
auth_url = {{ heat_keystone_auth_url }}
username = {{ heat_keystone_admin_user }}
password = {{ heat_keystone_admin_password }}
project_name = {{ heat_keystone_admin_project_name }}
user_domain_name = {{ heat_keystone_admin_user_domain_id }}
project_domain_name = {{ heat_keystone_admin_user_domain_id }}
[matchmaker_redis]
#
# From oslo.messaging
#
# Redis replica set name. (string value)
#sentinel_group_name = oslo-messaging-zeromq
# Time in ms to wait between connection attempts. (integer value)
#wait_timeout = 2000
# Time in ms to wait before the transaction is killed. (integer value)
#check_timeout = 20000
# Timeout in ms on blocking socket operations (integer value)
#socket_timeout = 10000
[oslo_messaging_amqp]
#
# From oslo.messaging
#
# Name for the AMQP container. must be globally unique. Defaults to a generated
# UUID (string value)
# Deprecated group/name - [amqp1]/container_name
#container_name = <None>
# Timeout for inactive connections (in seconds) (integer value)
# Deprecated group/name - [amqp1]/idle_timeout
#idle_timeout = 0
# Debug: dump AMQP frames to stdout (boolean value)
# Deprecated group/name - [amqp1]/trace
#trace = false
# CA certificate PEM file to verify server certificate (string value)
# Deprecated group/name - [amqp1]/ssl_ca_file
#ssl_ca_file =
# Identifying certificate PEM file to present to clients (string value)
# Deprecated group/name - [amqp1]/ssl_cert_file
#ssl_cert_file =
# Private key PEM file used to sign cert_file certificate (string value)
# Deprecated group/name - [amqp1]/ssl_key_file
#ssl_key_file =
# Password for decrypting ssl_key_file (if encrypted) (string value)
# Deprecated group/name - [amqp1]/ssl_key_password
#ssl_key_password = <None>
# Accept clients using either SSL or plain TCP (boolean value)
# Deprecated group/name - [amqp1]/allow_insecure_clients
#allow_insecure_clients = false
# Space separated list of acceptable SASL mechanisms (string value)
# Deprecated group/name - [amqp1]/sasl_mechanisms
#sasl_mechanisms =
# Path to directory that contains the SASL configuration (string value)
# Deprecated group/name - [amqp1]/sasl_config_dir
#sasl_config_dir =
# Name of configuration file (without .conf suffix) (string value)
# Deprecated group/name - [amqp1]/sasl_config_name
#sasl_config_name =
# User name for message broker authentication (string value)
# Deprecated group/name - [amqp1]/username
#username =
# Password for message broker authentication (string value)
# Deprecated group/name - [amqp1]/password
#password =
# Seconds to pause before attempting to re-connect. (integer value)
# Minimum value: 1
#connection_retry_interval = 1
# Increase the connection_retry_interval by this many seconds after each
# unsuccessful failover attempt. (integer value)
# Minimum value: 0
#connection_retry_backoff = 2
# Maximum limit for connection_retry_interval + connection_retry_backoff
# (integer value)
# Minimum value: 1
#connection_retry_interval_max = 30
# Time to pause between re-connecting an AMQP 1.0 link that failed due to a
# recoverable error. (integer value)
# Minimum value: 1
#link_retry_delay = 10
# The deadline for an rpc reply message delivery. Only used when caller does
# not provide a timeout expiry. (integer value)
# Minimum value: 5
#default_reply_timeout = 30
# The deadline for an rpc cast or call message delivery. Only used when caller
# does not provide a timeout expiry. (integer value)
# Minimum value: 5
#default_send_timeout = 30
# The deadline for a sent notification message delivery. Only used when caller
# does not provide a timeout expiry. (integer value)
# Minimum value: 5
#default_notify_timeout = 30
# Indicates the addressing mode used by the driver.
# Permitted values:
# 'legacy' - use legacy non-routable addressing
# 'routable' - use routable addresses
# 'dynamic' - use legacy addresses if the message bus does not support routing
# otherwise use routable addressing (string value)
#addressing_mode = dynamic
# address prefix used when sending to a specific server (string value)
# Deprecated group/name - [amqp1]/server_request_prefix
#server_request_prefix = exclusive
# address prefix used when broadcasting to all servers (string value)
# Deprecated group/name - [amqp1]/broadcast_prefix
#broadcast_prefix = broadcast
# address prefix when sending to any server in group (string value)
# Deprecated group/name - [amqp1]/group_request_prefix
#group_request_prefix = unicast
# Address prefix for all generated RPC addresses (string value)
#rpc_address_prefix = openstack.org/om/rpc
# Address prefix for all generated Notification addresses (string value)
#notify_address_prefix = openstack.org/om/notify
# Appended to the address prefix when sending a fanout message. Used by the
# message bus to identify fanout messages. (string value)
#multicast_address = multicast
# Appended to the address prefix when sending to a particular RPC/Notification
# server. Used by the message bus to identify messages sent to a single
# destination. (string value)
#unicast_address = unicast
# Appended to the address prefix when sending to a group of consumers. Used by
# the message bus to identify messages that should be delivered in a round-
# robin fashion across consumers. (string value)
#anycast_address = anycast
# Exchange name used in notification addresses.
# Exchange name resolution precedence:
# Target.exchange if set
# else default_notification_exchange if set
# else control_exchange if set
# else 'notify' (string value)
#default_notification_exchange = <None>
# Exchange name used in RPC addresses.
# Exchange name resolution precedence:
# Target.exchange if set
# else default_rpc_exchange if set
# else control_exchange if set
# else 'rpc' (string value)
#default_rpc_exchange = <None>
# Window size for incoming RPC Reply messages. (integer value)
# Minimum value: 1
#reply_link_credit = 200
# Window size for incoming RPC Request messages (integer value)
# Minimum value: 1
#rpc_server_credit = 100
# Window size for incoming Notification messages (integer value)
# Minimum value: 1
#notify_server_credit = 100
[oslo_messaging_notifications]
#
# From oslo.messaging
#
# The Drivers(s) to handle sending notifications. Possible values are
# messaging, messagingv2, routing, log, test, noop (multi valued)
# Deprecated group/name - [DEFAULT]/notification_driver
driver = {{ heat_notification_driver }}
# A URL representing the messaging driver to use for notifications. If not set,
# we fall back to the same configuration used for RPC. (string value)
# Deprecated group/name - [DEFAULT]/notification_transport_url
#transport_url = <None>
# AMQP topic used for OpenStack notifications. (list value)
# Deprecated group/name - [rpc_notifier2]/topics
# Deprecated group/name - [DEFAULT]/notification_topics
#topics = notifications
[oslo_messaging_rabbit]
#
# From oslo.messaging
#
# Use durable queues in AMQP. (boolean value)
# Deprecated group/name - [DEFAULT]/amqp_durable_queues
# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
#amqp_durable_queues = false
# Auto-delete queues in AMQP. (boolean value)
# Deprecated group/name - [DEFAULT]/amqp_auto_delete
#amqp_auto_delete = false
# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
# distributions. (string value)
# Deprecated group/name - [DEFAULT]/kombu_ssl_version
#kombu_ssl_version =
# SSL key file (valid only if SSL enabled). (string value)
# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile
#kombu_ssl_keyfile =
# SSL cert file (valid only if SSL enabled). (string value)
# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile
#kombu_ssl_certfile =
# SSL certification authority file (valid only if SSL enabled). (string value)
# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs
#kombu_ssl_ca_certs =
# How long to wait before reconnecting in response to an AMQP consumer cancel
# notification. (floating point value)
# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay
#kombu_reconnect_delay = 1.0
# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not
# be used. This option may not be available in future versions. (string value)
#kombu_compression = <None>
# How long to wait a missing client before abandoning to send it its replies.
# This value should not be longer than rpc_response_timeout. (integer value)
# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
#kombu_missing_consumer_retry_timeout = 60
# Determines how the next RabbitMQ node is chosen in case the one we are
# currently connected to becomes unavailable. Takes effect only if more than
# one RabbitMQ node is provided in config. (string value)
# Allowed values: round-robin, shuffle
#kombu_failover_strategy = round-robin
# Connect over SSL for RabbitMQ. (boolean value)
# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
#rabbit_use_ssl = <None>
# The RabbitMQ login method. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_login_method
#rabbit_login_method = AMQPLAIN
# How frequently to retry connecting with RabbitMQ. (integer value)
#rabbit_retry_interval = 1
# How long to backoff for between retries when connecting to RabbitMQ. (integer
# value)
# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff
#rabbit_retry_backoff = 2
# Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
# (integer value)
#rabbit_interval_max = 30
# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
# is no longer controlled by the x-ha-policy argument when declaring a queue.
# If you just want to make sure that all queues (except those with auto-
# generated names) are mirrored across all nodes, run: "rabbitmqctl set_policy
# HA '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
# Deprecated group/name - [DEFAULT]/rabbit_ha_queues
#rabbit_ha_queues = false
# Positive integer representing duration in seconds for queue TTL (x-expires).
# Queues which are unused for the duration of the TTL are automatically
# deleted. The parameter affects only reply and fanout queues. (integer value)
# Minimum value: 1
#rabbit_transient_queues_ttl = 1800
# Specifies the number of messages to prefetch. Setting to zero allows
# unlimited messages. (integer value)
#rabbit_qos_prefetch_count = 0
# Number of seconds after which the Rabbit broker is considered down if
# heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL (integer
# value)
#heartbeat_timeout_threshold = 60
# How often times during the heartbeat_timeout_threshold we check the
# heartbeat. (integer value)
#heartbeat_rate = 2
# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value)
# Deprecated group/name - [DEFAULT]/fake_rabbit
#fake_rabbit = false
# Maximum number of channels to allow (integer value)
#channel_max = <None>
# The maximum byte size for an AMQP frame (integer value)
#frame_max = <None>
# How often to send heartbeats for consumer's connections (integer value)
#heartbeat_interval = 3
# Enable SSL (boolean value)
ssl = {{ heat_rabbit_use_ssl }}
# Arguments passed to ssl.wrap_socket (dict value)
#ssl_options = <None>
# Set socket timeout in seconds for connection's socket (floating point value)
#socket_timeout = 0.25
# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating point
# value)
#tcp_user_timeout = 0.25
# Set delay for reconnection to some host which has connection error (floating
# point value)
#host_connection_reconnect_delay = 0.25
# Connection factory implementation (string value)
# Allowed values: new, single, read_write
#connection_factory = single
# Maximum number of connections to keep queued. (integer value)
#pool_max_size = 30
# Maximum number of connections to create above `pool_max_size`. (integer
# value)
#pool_max_overflow = 0
# Default number of seconds to wait for a connections to available (integer
# value)
#pool_timeout = 30
# Lifetime of a connection (since creation) in seconds or None for no
# recycling. Expired connections are closed on acquire. (integer value)
#pool_recycle = 600
# Threshold at which inactive (since release) connections are considered stale
# in seconds or None for no staleness. Stale connections are closed on acquire.
# (integer value)
#pool_stale = 60
# Persist notification messages. (boolean value)
#notification_persistence = false
# Exchange name for sending notifications (string value)
#default_notification_exchange = ${control_exchange}_notification
# Max number of not acknowledged message which RabbitMQ can send to
# notification listener. (integer value)
#notification_listener_prefetch_count = 100
# Reconnecting retry count in case of connectivity problem during sending
# notification, -1 means infinite retry. (integer value)
#default_notification_retry_attempts = -1
# Reconnecting retry delay in case of connectivity problem during sending
# notification message (floating point value)
#notification_retry_delay = 0.25
# Time to live for rpc queues without consumers in seconds. (integer value)
#rpc_queue_expiration = 60
# Exchange name for sending RPC messages (string value)
#default_rpc_exchange = ${control_exchange}_rpc
# Exchange name for receiving RPC replies (string value)
#rpc_reply_exchange = ${control_exchange}_rpc_reply
# Max number of not acknowledged message which RabbitMQ can send to rpc
# listener. (integer value)
#rpc_listener_prefetch_count = 100
# Max number of not acknowledged message which RabbitMQ can send to rpc reply
# listener. (integer value)
#rpc_reply_listener_prefetch_count = 100
# Reconnecting retry count in case of connectivity problem during sending
# reply. -1 means infinite retry during rpc_timeout (integer value)
#rpc_reply_retry_attempts = -1
# Reconnecting retry delay in case of connectivity problem during sending
# reply. (floating point value)
#rpc_reply_retry_delay = 0.25
# Reconnecting retry count in case of connectivity problem during sending RPC
# message, -1 means infinite retry. If actual retry attempts in not 0 the rpc
# request could be processed more then one time (integer value)
#default_rpc_retry_attempts = -1
# Reconnecting retry delay in case of connectivity problem during sending RPC
# message (floating point value)
#rpc_retry_delay = 0.25
[oslo_messaging_zmq]
#
# From oslo.messaging
#
# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
# The "host" option should point or resolve to this address. (string value)
# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
#rpc_zmq_bind_address = *
# MatchMaker driver. (string value)
# Allowed values: redis, dummy
# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
#rpc_zmq_matchmaker = redis
# Number of ZeroMQ contexts, defaults to 1. (integer value)
# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
#rpc_zmq_contexts = 1
# Maximum number of ingress messages to locally buffer per topic. Default is
# unlimited. (integer value)
# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
#rpc_zmq_topic_backlog = <None>
# Directory for holding IPC sockets. (string value)
# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
#rpc_zmq_ipc_dir = /var/run/openstack
# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
# "host" option, if running Nova. (string value)
# Deprecated group/name - [DEFAULT]/rpc_zmq_host
#rpc_zmq_host = localhost
# Seconds to wait before a cast expires (TTL). The default value of -1
# specifies an infinite linger period. The value of 0 specifies no linger
# period. Pending messages shall be discarded immediately when the socket is
# closed. Only supported by impl_zmq. (integer value)
# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
#rpc_cast_timeout = -1
# The default number of seconds that poll should wait. Poll raises timeout
# exception when timeout expired. (integer value)
# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
#rpc_poll_timeout = 1
# Expiration timeout in seconds of a name service record about existing target
# ( < 0 means no timeout). (integer value)
# Deprecated group/name - [DEFAULT]/zmq_target_expire
#zmq_target_expire = 300
# Update period in seconds of a name service record about existing target.
# (integer value)
# Deprecated group/name - [DEFAULT]/zmq_target_update
#zmq_target_update = 180
# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
# value)
# Deprecated group/name - [DEFAULT]/use_pub_sub
#use_pub_sub = true
# Use ROUTER remote proxy. (boolean value)
# Deprecated group/name - [DEFAULT]/use_router_proxy
#use_router_proxy = true
# Minimal port number for random ports range. (port value)
# Minimum value: 0
# Maximum value: 65535
# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
#rpc_zmq_min_port = 49153
# Maximal port number for random ports range. (integer value)
# Minimum value: 1
# Maximum value: 65536
# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
#rpc_zmq_max_port = 65536
# Number of retries to find free port number before fail with ZMQBindError.
# (integer value)
# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
#rpc_zmq_bind_port_retries = 100
# Default serialization mechanism for serializing/deserializing
# outgoing/incoming messages (string value)
# Allowed values: json, msgpack
# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
#rpc_zmq_serialization = json
# This option configures round-robin mode in zmq socket. True means not keeping
# a queue when server side disconnects. False means to keep queue and messages
# even if server is disconnected, when the server appears we send all
# accumulated messages to it. (boolean value)
#zmq_immediate = false
[oslo_middleware]
#
# From oslo.middleware
#
# The maximum body size for each request, in bytes. (integer value)
# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
# Deprecated group/name - [DEFAULT]/max_request_body_size
#max_request_body_size = 114688
# Whether the application is behind a proxy or not. This determines if the
# middleware should parse the headers or not. (boolean value)
enable_proxy_headers_parsing = True
[oslo_policy]
#
# From oslo.policy
#
# The JSON file that defines policies. (string value)
# Deprecated group/name - [DEFAULT]/policy_file
#policy_file = policy.json
# Default rule. Enforced when a requested rule is not found. (string value)
# Deprecated group/name - [DEFAULT]/policy_default_rule
#policy_default_rule = default
# Directories where policy configuration files are stored. They can be relative
# to any directory in the search path defined by the config_dir option, or
# absolute paths. The file defined by policy_file must exist for these
# directories to be searched. Missing or empty directories are ignored. (multi
# valued)
# Deprecated group/name - [DEFAULT]/policy_dirs
#policy_dirs = policy.d
[paste_deploy]
#
# From heat.common.config
#
# The flavor to use. (string value)
#flavor = <None>
# The API paste config file to use. (string value)
api_paste_config = {{ heat_api_paste_config_path }}
[profiler]
#
# From heat.common.config
#
#
# Enables the profiling for all services on this node. Default value is False
# (fully disable the profiling feature).
#
# Possible values:
#
# * True: Enables the feature
# * False: Disables the feature. The profiling cannot be started via this
# project
# operations. If the profiling is triggered by another project, this project
# part
# will be empty.
# (boolean value)
# Deprecated group/name - [profiler]/profiler_enabled
#enabled = false
#
# Enables SQL requests profiling in services. Default value is False (SQL
# requests won't be traced).
#
# Possible values:
#
# * True: Enables SQL requests profiling. Each SQL query will be part of the
# trace and can the be analyzed by how much time was spent for that.
# * False: Disables SQL requests profiling. The spent time is only shown on a
# higher level of operations. Single SQL queries cannot be analyzed this
# way.
# (boolean value)
#trace_sqlalchemy = false
#
# Secret key(s) to use for encrypting context data for performance profiling.
# This string value should have the following format:
# <key1>[,<key2>,...<keyn>],
# where each key is some random string. A user who triggers the profiling via
# the REST API has to set one of these keys in the headers of the REST API call
# to include profiling results of this node for this particular project.
#
# Both "enabled" flag and "hmac_keys" config options should be set to enable
# profiling. Also, to generate correct profiling information across all
# services
# at least one key needs to be consistent between OpenStack projects. This
# ensures it can be used from client side to generate the trace, containing
# information from all possible resources. (string value)
#hmac_keys = SECRET_KEY
#
# Connection string for a notifier backend. Default value is messaging:// which
# sets the notifier to oslo_messaging.
#
# Examples of possible values:
#
# * messaging://: use oslo_messaging driver for sending notifications.
# (string value)
#connection_string = messaging://
[revision]
#
# From heat.common.config
#
# Heat build revision. If you would prefer to manage your build revision
# separately, you can move this section to a different file and add it as
# another config option. (string value)
#heat_revision = unknown
[ssl]
#
# From oslo.service.sslutils
#
# CA certificate file to use to verify connecting clients. (string value)
# Deprecated group/name - [DEFAULT]/ssl_ca_file
#ca_file = <None>
# Certificate file to use when starting the server securely. (string value)
# Deprecated group/name - [DEFAULT]/ssl_cert_file
#cert_file = <None>
# Private key file to use when starting the server securely. (string value)
# Deprecated group/name - [DEFAULT]/ssl_key_file
#key_file = <None>
# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
# distributions. (string value)
#version = <None>
# Sets the list of available ciphers. value should be a string in the OpenSSL
# cipher list format. (string value)
#ciphers = <None>
[trustee]
#
# From heat.common.context
#
# Authentication type to load (string value)
# Deprecated group/name - [trustee]/auth_plugin
auth_type = password
# Config Section from which to load plugin specific options (string value)
#auth_section = <None>
# Authentication URL (string value)
auth_url = {{ heat_keystone_auth_url }}
# Domain ID to scope to (string value)
#domain_id = <None>
# Domain name to scope to (string value)
#domain_name = <None>
# Project ID to scope to (string value)
# Deprecated group/name - [trustee]/tenant-id
#project_id = <None>
# Project name to scope to (string value)
# Deprecated group/name - [trustee]/tenant-name
#project_name = <None>
# Domain ID containing project (string value)
#project_domain_id = <None>
# Domain name containing project (string value)
#project_domain_name = <None>
# Trust ID (string value)
#trust_id = <None>
# Optional domain ID to use with v3 and v2 parameters. It will be used for both
# the user and project domain in v3 and ignored in v2 authentication. (string
# value)
#default_domain_id = <None>
# Optional domain name to use with v3 API and v2 parameters. It will be used
# for both the user and project domain in v3 and ignored in v2 authentication.
# (string value)
#default_domain_name = <None>
# User id (string value)
#user_id = <None>
# Username (string value)
# Deprecated group/name - [trustee]/user-name
username = {{ heat_keystone_admin_user }}
# User's domain id (string value)
#user_domain_id = <None>
# User's domain name (string value)
user_domain_name = {{ heat_keystone_admin_user_domain_id }}
# User's password (string value)
password = {{ heat_keystone_admin_password }}
[volumes]
#
# From heat.common.config
#
# Indicate if cinder-backup service is enabled. This is a temporary workaround
# until cinder-backup service becomes discoverable, see LP#1334856. (boolean
# value)
#backups_enabled = true
[audit_middleware_notifications]
driver = {{ heat_audit_notification_driver }}
### End of File ###
## Do NOT put anything after this line ##
0707010000004C000041ED0000000000000000000000075D5302B900000000000000000000000000000000000000000000003900000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-engine0707010000004D000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000004200000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-engine/defaults0707010000004E000081A40000000000000000000000015D5302B9000002A7000000000000000000000000000000000000004B00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-engine/defaults/main.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
heat_component: "heat-engine"
0707010000004F000041ED0000000000000000000000035D5302B900000000000000000000000000000000000000000000003F00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-engine/files07070100000050000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000004900000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-engine/files/templates07070100000051000081A40000000000000000000000015D5302B900000EC6000000000000000000000000000000000000006100000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-engine/files/templates/AWS_RDS_DBInstance.yamlHeatTemplateFormatVersion: '2012-12-12'
Description: 'Builtin AWS::RDS::DBInstance'
Parameters:
AllocatedStorage:
Type: String
DBInstanceClass:
Type: String
DBName:
Type: String
DBSecurityGroups:
Type: CommaDelimitedList
Default: ''
Engine:
Type: String
AllowedValues: ['MySQL']
MasterUsername:
Type: String
MasterUserPassword:
Type: String
Port:
Type: String
Default: '3306'
KeyName:
Type: String
Default: ''
Mappings:
DBInstanceToInstance:
db.m1.small: {Instance: m1.small}
db.m1.large: {Instance: m1.large}
db.m1.xlarge: {Instance: m1.xlarge}
db.m2.xlarge: {Instance: m2.xlarge}
db.m2.2xlarge: {Instance: m2.2xlarge}
db.m2.4xlarge: {Instance: m2.4xlarge}
Resources:
ServerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: 'Enable SSH access'
SecurityGroupIngress:
- IpProtocol: icmp
FromPort: '-1'
ToPort: '-1'
CidrIp: '0.0.0.0/0'
- IpProtocol: tcp
FromPort: '22'
ToPort : '22'
CidrIp : '0.0.0.0/0'
- IpProtocol: tcp
FromPort: {Ref: Port}
ToPort : {Ref: Port}
CidrIp : '0.0.0.0/0'
DatabaseInstance:
Type: AWS::EC2::Instance
Metadata:
AWS::CloudFormation::Init:
config:
files:
/tmp/db_setup.sql:
content:
'Fn::Replace':
- DBName: {Ref: DBName}
MasterUserPassword: {Ref: MasterUserPassword}
MasterUsername: {Ref: MasterUsername}
- |
CREATE DATABASE DBName;
GRANT ALL PRIVILEGES ON DBName.* TO "MasterUsername"@"%"
IDENTIFIED BY "MasterUserPassword";
FLUSH PRIVILEGES;
EXIT
mode: '000644'
owner: root
group: root
packages:
yum:
mariadb: []
mariadb-server: []
services:
systemd:
mysqld:
enabled: true
ensureRunning: true
Properties:
ImageId: F19-x86_64-cfntools
InstanceType: {'Fn::FindInMap': [DBInstanceToInstance,
{Ref: DBInstanceClass}, Instance]}
KeyName: {Ref: KeyName}
SecurityGroups: [{"Ref" : "ServerSecurityGroup"}]
UserData:
Fn::Base64:
Fn::Replace:
- 'AWS::StackName': {Ref: 'AWS::StackName'}
'AWS::Region': {Ref: 'AWS::Region'}
MasterUserPassword: {Ref: MasterUserPassword}
WaitHandle: {Ref: WaitHandle}
- |
#!/bin/bash -v
#
iptables -F
# Helper function
function error_exit
{
/opt/aws/bin/cfn-signal -e 1 -r \"$1\" 'WaitHandle'
exit 1
}
/opt/aws/bin/cfn-init -s AWS::StackName -r DatabaseInstance --region AWS::Region || error_exit 'Failed to run cfn-init'
# Setup MySQL root password and create a user
mysqladmin -u root password 'MasterUserPassword'
mysql -u root --password='MasterUserPassword' < /tmp/db_setup.sql || error_exit 'Failed to setup mysql'
# Database setup completed, signal success
/opt/aws/bin/cfn-signal -e 0 -r "MySQL server setup complete" 'WaitHandle'
WaitHandle:
Type: AWS::CloudFormation::WaitConditionHandle
WaitCondition:
Type: AWS::CloudFormation::WaitCondition
DependsOn: DatabaseInstance
Properties:
Handle: {Ref: WaitHandle}
Timeout: "600"
Outputs:
Endpoint.Address: {'Fn::GetAtt': [DatabaseInstance, PublicIp]}
Endpoint.Port: {Ref: Port}
07070100000052000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000003E00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-engine/meta07070100000053000081A40000000000000000000000015D5302B9000002A7000000000000000000000000000000000000004700000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-engine/meta/main.yml#
# (c) Copyright 2015 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
dependencies:
- role: heat-common
07070100000054000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000003F00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-engine/tasks07070100000055000081A40000000000000000000000015D5302B90000099E000000000000000000000000000000000000004D00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-engine/tasks/configure.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- include: ../../heat-common/tasks/_set_directories.yml
vars:
install_package_result: "{{ ardana_notify_heat_engine_install_result }}"
- include: ../../heat-common/tasks/configure.yml
- include: ../../heat-common/tasks/_write_conf.yml
src: "../../heat-engine/templates/engine.conf.j2"
dest: "{{ heat_service_conf_dir }}/engine.conf"
- name: heat-engine | configure | notify on engine.conf change
command: /bin/true
register: ardana_notify_heat_engine_restart_required
when: write_conf_result.changed
- name: heat-engine | configure | Create engine-logging.conf
become: yes
template:
src: "engine-logging.conf.j2"
dest: "{{ heat_service_conf_dir }}/engine-logging.conf"
owner: "{{ heat_system_user }}"
group: "{{ heat_system_group }}"
mode: "0400"
register: ardana_notify_heat_engine_restart_required
- name: heat-engine | configure | Copy files to config dir
become: yes
copy:
src: "{{ item }}"
dest: "{{ heat_service_conf_dir }}"
owner: "{{ heat_system_user }}"
group: "{{ heat_system_group }}"
mode: 0640
with_items:
- templates
register: ardana_notify_heat_engine_restart_required
- name: heat-engine | configure | Template environment.d default.yaml
become: yes
template:
src: "environment.d/default.yaml"
dest: "{{ heat_environment_dir }}/default.yaml"
owner: "{{ heat_system_user }}"
group: "{{ heat_system_group }}"
mode: 0600
register: ardana_notify_heat_engine_restart_required
- name: heat-engine | configure | touch engine log files
become: yes
file:
path: "{{ item }}"
owner: "{{ heat_system_user }}"
group: "{{ heat_log_group }}"
mode: 0640
state: touch
with_items:
- "{{ heat_log_location }}/heat-engine-json.log"
- "{{ heat_log_location }}/heat-engine.log"
07070100000056000081A40000000000000000000000015D5302B9000006B4000000000000000000000000000000000000004B00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-engine/tasks/install.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017-2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: heat-engine | install | update venv cache
become: yes
install_package:
cache: update
- name: heat-engine | install | install heat-engine service
become: yes
install_package:
name: heat
service: heat-engine
state: present
activate: act_off
register: ardana_notify_heat_engine_install_result
- name: heat-engine | install | register persistent fact of install
command: /bin/true
register: ardana_notify_heat_engine_restart_required
when: ardana_notify_heat_engine_install_result.changed
- include: ../../heat-common/tasks/_set_directories.yml
vars:
install_package_result: "{{ ardana_notify_heat_engine_install_result }}"
- name: heat-engine | install | register heat-engine service
become: yes
setup_systemd:
service: heat-engine
cmd: heat-engine
user: "{{ heat_system_user }}"
group: "{{ heat_system_group }}"
args: >
--config-file={{ heat_service_conf_dir }}/heat.conf
--config-file={{ heat_service_conf_dir }}/engine.conf
- include: ../../heat-common/tasks/install.yml
07070100000057000081A40000000000000000000000015D5302B900000699000000000000000000000000000000000000004900000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-engine/tasks/start.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: heat-engine | start | activate the latest installed version
become: yes
install_package:
name: heat
service: heat-engine
activate: act_on
version: "{{ ardana_notify_heat_engine_install_result.version }}"
when: ardana_notify_heat_engine_install_result is defined
- name: heat-engine | start | register persistent fact of activate
command: /bin/true
register: ardana_notify_heat_engine_restart_required
when: (ardana_notify_heat_engine_install_result is defined and
ardana_notify_heat_engine_install_result.changed)
- name: heat-engine | start | restart heat-engine service
become: yes
service: name=heat-engine state=restarted
when: (ardana_notify_heat_all_restart_required is defined and
ardana_notify_heat_all_restart_required.changed) or
(ardana_notify_heat_engine_restart_required is defined and
ardana_notify_heat_engine_restart_required.changed)
- name: heat-engine | start | start heat-engine service
become: yes
service: name=heat-engine state=started
07070100000058000081A40000000000000000000000015D5302B9000002BB000000000000000000000000000000000000004A00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-engine/tasks/status.yml#
# (c) Copyright 2015 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- include: ../../heat-common/tasks/_service_status.yml
07070100000059000081A40000000000000000000000015D5302B900000363000000000000000000000000000000000000004800000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-engine/tasks/stop.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: heat-engine | stop | stop heat-api service
become: yes
service: name=heat-engine state=stopped
register: stop_result
failed_when:
"stop_result|failed and 'service not found' not in stop_result.msg"
0707010000005A000041ED0000000000000000000000035D5302B900000000000000000000000000000000000000000000004300000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-engine/templates0707010000005B000081A40000000000000000000000015D5302B9000006B0000000000000000000000000000000000000005A00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-engine/templates/engine-logging.conf.j2{#
#
# (c) Copyright 2015 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
#}
[loggers]
keys: root, iso8601
[handlers]
keys: watchedfile, logstash
[formatters]
keys: context, logstash
[logger_root]
qualname: root
handlers: watchedfile, logstash
level: NOTSET
[logger_iso8601]
qualname: iso8601
handlers: watchedfile
level: WARNING
# Writes to disk
[handler_watchedfile]
class: handlers.WatchedFileHandler
args: ('/var/log/heat/heat-engine.log',)
formatter: context
level: INFO
# Writes JSON to disk, beaver will ship to logstash
[handler_logstash]
class: handlers.WatchedFileHandler
args: ('/var/log/heat/heat-engine-json.log',)
formatter: logstash
level: INFO
# datefmt must be set otherwise you end up with too many (msecs) fields
[formatter_context]
class: oslo_log.formatters.ContextFormatter
args: (datefmt=datefmt)
format: %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user)s %(tenant)s] %(instance)s%(message)s
datefmt: %Y-%m-%d %H:%M:%S
# the "format" and "datefmt" actually set the "type" and "tags"
[formatter_logstash]
class: logstash.LogstashFormatterVersion1
format: heat
datefmt: heat-engine
0707010000005C000081A40000000000000000000000015D5302B9000002D1000000000000000000000000000000000000005200000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-engine/templates/engine.conf.j2{#
#
# (c) Copyright 2015 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
#}
[DEFAULT]
log_config_append={{ heat_service_conf_dir }}/engine-logging.conf
0707010000005D000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000005100000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-engine/templates/environment.d0707010000005E000081A40000000000000000000000015D5302B900000383000000000000000000000000000000000000005E00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-engine/templates/environment.d/default.yaml{#
#
# (c) Copyright 2015 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
#}
resource_registry:
# allow older templates with Quantum in them.
"OS::Quantum*": "OS::Neutron*"
"OS::Metering::Alarm": "OS::Ceilometer::Alarm"
"AWS::RDS::DBInstance": "file://{{ heat_service_conf_dir }}/templates/AWS_RDS_DBInstance.yaml"
0707010000005F000041ED0000000000000000000000055D5302B900000000000000000000000000000000000000000000003D00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-monitoring07070100000060000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000004600000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-monitoring/defaults07070100000061000081A40000000000000000000000015D5302B90000040E000000000000000000000000000000000000004F00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-monitoring/defaults/main.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
heat_api_local_url: 'http://{{ host.bind.HEA_API.internal.ip_address | ipwrap }}:{{ host.bind.HEA_API.internal.port }}'
heat_api_cfn_local_url: 'http://{{ host.bind.HEA_ACF.internal.ip_address | ipwrap }}:{{ host.bind.HEA_ACF.internal.port }}'
heat_api_internal_url: "{{ HEA_API.advertises.vips.private[0].url }}"
heat_api_cfn_internal_url: "{{ HEA_ACF.advertises.vips.private[0].url }}"
07070100000062000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000004200000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-monitoring/meta07070100000063000081A40000000000000000000000015D5302B9000002D2000000000000000000000000000000000000004B00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-monitoring/meta/main.yml#
# (c) Copyright 2015 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
dependencies:
- { role: monasca-agent, run_mode: Use }
- role: heat-common
07070100000064000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000004300000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-monitoring/tasks07070100000065000081A40000000000000000000000015D5302B9000005E3000000000000000000000000000000000000005A00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-monitoring/tasks/heat_api_cfn_check.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# Setup Monasca http check on heat local http url
- name: heat-monitoring | heat_api_cfn_check | Setup active check against local
heat-api-cfn url
become: yes
monasca_agent_plugin:
name: "httpcheck"
args:
url: "{{ heat_api_cfn_local_url }}"
match_pattern: ".*v1.0.*"
dimensions: "service:orchestration,\
component:heat-api-cfn,\
monitored_host_type:instance"
# Setup monitoring of Internal VIP
- name: heat-monitoring | heat_api_cfn_check | Setup active check against
heat-api-cfn Internal VIP
become: yes
monasca_agent_plugin:
name: "httpcheck"
args:
url: "{{ heat_api_cfn_internal_url }}"
match_pattern: ".*v1.0.*"
dimensions: "service:orchestration,\
component:heat-api-cfn,\
monitored_host_type:vip,\
api_endpoint:private"
07070100000066000081A40000000000000000000000015D5302B9000005C3000000000000000000000000000000000000005600000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-monitoring/tasks/heat_api_check.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# Setup Monasca http check on heat local http url
- name: heat-monitoring | heat_api_check | Setup active check against local
heat-api url
become: yes
monasca_agent_plugin:
name: "httpcheck"
args:
url: "{{ heat_api_local_url }}"
match_pattern: ".*v1.0.*"
dimensions: "service:orchestration,\
component:heat-api,\
monitored_host_type:instance"
# Setup monitoring of Internal VIP
- name: heat-monitoring | heat_api_check | Setup active check against heat-api
Internal VIP
become: yes
monasca_agent_plugin:
name: "httpcheck"
args:
url: "{{ heat_api_internal_url }}"
match_pattern: ".*v1.0.*"
dimensions: "service:orchestration,\
component:heat-api,\
monitored_host_type:vip,\
api_endpoint:private"
07070100000067000081A40000000000000000000000015D5302B900000337000000000000000000000000000000000000005500000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-monitoring/tasks/process_check.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: heat-monitoring | process_check | Run monasca agent heat detection
plugin
become: yes
monasca_agent_plugin:
name: Heat
args: "disable_http_check=yes"
07070100000068000041ED0000000000000000000000055D5302B900000000000000000000000000000000000000000000004100000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-post-configure07070100000069000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000004A00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-post-configure/defaults0707010000006A000081A40000000000000000000000015D5302B9000003C9000000000000000000000000000000000000005300000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-post-configure/defaults/main.yml#
# (c) Copyright 2015 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
mysql:
login_host: >
{{ HEA_ENG | item('consumes_FND_MDB.vips.private[0].host',
default=HEA_ENG.consumes_FND_MDB.vips.private[0].host) }}
heat_admin_user : "{{ HEA_ENG.consumes_FND_MDB.vars.accounts.heat.username }}"
heat_admin_password : "{{ HEA_ENG.consumes_FND_MDB.vars.accounts.heat.password | quote }}"
0707010000006B000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000004600000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-post-configure/meta0707010000006C000081A40000000000000000000000015D5302B9000002A7000000000000000000000000000000000000004F00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-post-configure/meta/main.yml#
# (c) Copyright 2015 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
dependencies:
- role: heat-engine
0707010000006D000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000004700000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-post-configure/tasks0707010000006E000081A40000000000000000000000015D5302B900000373000000000000000000000000000000000000005800000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-post-configure/tasks/db_configure.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: heat-post-configure | db_configure | heat-manage db_sync
become: yes
command: >
{{ heat_service_bin_dir }}/heat-manage
--config-file {{ heat_service_conf_dir }}/heat.conf db_sync
run_once_per: verb_hosts.HEA_ENG
0707010000006F000041ED0000000000000000000000055D5302B900000000000000000000000000000000000000000000004000000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-pre-configure07070100000070000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000004900000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-pre-configure/defaults07070100000071000081A40000000000000000000000015D5302B900000488000000000000000000000000000000000000005200000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-pre-configure/defaults/main.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
keystone:
service_tenant : "{{ KEY_API.vars.keystone_service_tenant }}"
heat_admin_user : "{{ HEA_API.consumes_KEY_API.vars.keystone_heat_user }}"
heat_admin_password : "{{ HEA_API.consumes_KEY_API.vars.keystone_heat_password | quote }}"
role: "{{ KEY_API.vars.keystone_admin_role }}"
default_domain : "Default"
endpoint: "{{ HEA_API.consumes_KEY_API.vips.private[0].url }}/v3"
admin_user: "{{ KEY_API.vars.keystone_admin_user }}"
admin_password: "{{ KEY_API.vars.keystone_admin_pwd | quote }}"
07070100000072000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000004500000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-pre-configure/meta07070100000073000081A40000000000000000000000015D5302B9000002A7000000000000000000000000000000000000004E00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-pre-configure/meta/main.yml#
# (c) Copyright 2015 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
dependencies:
- role: heat-common
07070100000074000041ED0000000000000000000000025D5302B900000000000000000000000000000000000000000000004600000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-pre-configure/tasks07070100000075000081A40000000000000000000000015D5302B900000617000000000000000000000000000000000000007000000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-pre-configure/tasks/keystone_change_domain_admin_password.yml#
# (c) Copyright 2016-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: heat-pre-configure | keystone_change_domain_admin_password | Get a
domain scoped token
keystone_v3:
endpoint: "{{ keystone.endpoint }}"
login_username: "{{ keystone.admin_user }}"
login_password: "{{ keystone.admin_password }}"
login_user_domain_name: "{{ keystone.default_domain }}"
login_domain_name: "{{ keystone.default_domain }}"
action: "token_get"
run_once: true
register: domain_scoped_token_result
- name: heat-pre-configure | keystone_change_domain_admin_password | Change
heat_domain_admin Keystone password
keystone_v3:
action: "reset_password_by_admin"
endpoint: "{{ keystone.endpoint }}"
login_token: "{{ domain_scoped_token_result.result }}"
user_name: "{{ heat_stack_domain_admin_user }}"
user_password: "{{ heat_stack_domain_admin_user_password }}"
user_domain_name: "{{ heat_stack_user_domain_name }}"
run_once: true
07070100000076000081A40000000000000000000000015D5302B9000005EF000000000000000000000000000000000000006B00000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-pre-configure/tasks/keystone_change_service_password.yml#
# (c) Copyright 2016-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: heat-pre-configure | keystone_change_service_password | Get a domain
scoped token
keystone_v3:
endpoint: "{{ keystone.endpoint }}"
login_username: "{{ keystone.admin_user }}"
login_password: "{{ keystone.admin_password }}"
login_user_domain_name: "{{ keystone.default_domain }}"
login_domain_name: "{{ keystone.default_domain }}"
action: "token_get"
run_once: true
register: domain_scoped_token_result
- name: heat-pre-configure | keystone_change_service_password | Change heat
Keystone password
keystone_v3:
action: "reset_password_by_admin"
endpoint: "{{ keystone.endpoint }}"
login_token: "{{ domain_scoped_token_result.result }}"
user_name: "{{ keystone.heat_admin_user }}"
user_password: "{{ keystone.heat_admin_password }}"
user_domain_name: "{{ keystone.default_domain }}"
run_once: true
07070100000077000081A40000000000000000000000015D5302B9000007A8000000000000000000000000000000000000005800000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-pre-configure/tasks/keystone_conf.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: heat-pre-configure | keystone_conf | Get a domain scoped token
keystone_v3:
endpoint: "{{ keystone.endpoint }}"
login_username: "{{ keystone.admin_user }}"
login_password: "{{ keystone.admin_password }}"
login_user_domain_name: "{{ keystone.default_domain }}"
login_domain_name: "{{ keystone.default_domain }}"
action: "token_get"
run_once: true
register: domain_scoped_token_result
- name: heat-pre-configure | keystone_conf | create heat service user
keystone_v3:
action : "create_user"
endpoint: "{{ keystone.endpoint }}"
login_token: "{{ domain_scoped_token_result.result }}"
user_name: "{{ keystone.heat_admin_user }}"
user_password: "{{ keystone.heat_admin_password }}"
user_domain_name: "{{ keystone.default_domain }}"
run_once: true
- name: heat-pre-configure | keystone_conf | create heat service user-role
assignment
keystone_v3:
action: "grant_project_role"
endpoint: "{{ keystone.endpoint }}"
login_token: "{{ domain_scoped_token_result.result }}"
project_name: "{{ keystone.service_tenant }}"
user_name: "{{ keystone.heat_admin_user }}"
role_name: "{{ keystone.role }}"
user_domain_name: "{{ keystone.default_domain }}"
project_domain_name: "{{ keystone.default_domain }}"
run_once: true
07070100000078000081A40000000000000000000000015D5302B900000A06000000000000000000000000000000000000006000000000ardana-heat-9.0+git.1565721273.f44b8d7/roles/heat-pre-configure/tasks/keystone_domain_setup.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: heat-pre-configure | keystone_domain_setup | create heat_stack_user role
keystone_v3:
action: "create_role"
login_token: "{{ domain_scoped_token_result.result }}"
endpoint: "{{ keystone.endpoint }}"
role_name: "{{ heat_stack_user_role }}"
run_once: true
- name: heat-pre-configure | keystone_domain_setup | create heat domain
keystone_v3:
action: "create_domain"
login_token: "{{ domain_scoped_token_result.result }}"
endpoint: "{{ keystone.endpoint }}"
domain_name: "{{ heat_stack_user_domain_name }}"
description: "Owns users and projects created by heat"
register: create_domain_result
run_once: true
- name: heat-pre-configure | keystone_domain_setup | set fact for heat domain id
set_fact:
heat_stack_domain_id: "{{ create_domain_result.result.id }}"
run_once: true
- name: heat-pre-configure | keystone_domain_setup | create heat domain admin
user
keystone_v3:
action : "create_user"
endpoint: "{{ keystone.endpoint }}"
login_token: "{{ domain_scoped_token_result.result }}"
user_name: "{{ heat_stack_domain_admin_user }}"
user_password: "{{ heat_stack_domain_admin_user_password }}"
user_domain_name: "{{ heat_stack_user_domain_name }}"
register: create_user_result
run_once: true
- name: heat-pre-configure | keystone_domain_setup | Set fact for heat domain
user id
set_fact:
stack_domain_user_id: "{{ create_user_result.result.id }}"
- name: heat-pre-configure | keystone_domain_setup | create heat service
user-role assignment
keystone_v3:
action: "grant_domain_role"
endpoint: "{{ keystone.endpoint }}"
login_token: "{{ domain_scoped_token_result.result }}"
user_name: "{{ heat_stack_domain_admin_user }}"
role_name: "{{ keystone.role }}"
user_domain_name: "{{ heat_stack_user_domain_name }}"
domain_name: "{{ heat_stack_user_domain_name }}"
run_once: true
07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000B00000000TRAILER!!!411 blocks
