heat_template_version: queens

description: >
  Openstack Zaqar service. Shared for all Heat services.

parameters:
  ServiceData:
    default: {}
    description: Dictionary packing service data
    type: json
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json
  Debug:
    default: false
    description: Set to True to enable debugging on all services.
    type: boolean
  ZaqarDebug:
    default: ''
    description: Set to True to enable debugging Zaqar service.
    type: string
    constraints:
      - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
  ZaqarPassword:
    description: The password for Zaqar
    type: string
    hidden: true
  KeystoneRegion:
    type: string
    default: 'regionOne'
    description: Keystone region for endpoint
  ZaqarPolicies:
    description: |
      A hash of policies to configure for Zaqar.
      e.g. { zaqar-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
    default: {}
    type: json
  ZaqarWorkers:
    type: string
    description: Set the number of workers for zaqar::wsgi::apache
    default: '%{::os_workers}'
  ZaqarMessageStore:
    type: string
    description: The messaging store for Zaqar
    default: mongodb
  ZaqarManagementStore:
    type: string
    description: The management store for Zaqar
    default: mongodb
  EnableInternalTLS:
    type: boolean
    default: false
  RedisPassword:
    description: The password for the redis service account.
    type: string
    hidden: true

conditions:
  zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]}
  service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']}
  zaqar_messaging_store_swift: {equals : [{get_param: ZaqarMessageStore}, 'swift']}
  zaqar_messaging_store_redis: {equals : [{get_param: ZaqarMessageStore}, 'redis']}
  zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']}

resources:

  ApacheServiceBase:
    type: ./apache.yaml
    properties:
      ServiceData: {get_param: ServiceData}
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      EndpointMap: {get_param: EndpointMap}
      EnableInternalTLS: {get_param: EnableInternalTLS}

outputs:
  role_data:
    description: Shared role data for the Zaqar services.
    value:
      service_name: zaqar_api
      config_settings:
        map_merge:
          - get_attr: [ApacheServiceBase, role_data, config_settings]
          - zaqar::policy::policies: {get_param: ZaqarPolicies}
            zaqar::keystone::authtoken::password: {get_param: ZaqarPassword}
            zaqar::keystone::authtoken::project_name: 'service'
            zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
            zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
            zaqar::keystone::trust::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
            zaqar::debug:
              if:
              - service_debug_unset
              - {get_param: Debug }
              - {get_param: ZaqarDebug }
            zaqar::server::service_name: 'httpd'
            zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]}
            zaqar::transport::websocket::notification_bind: {get_param: [EndpointMap, ZaqarInternal, host]}
            zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS}
            zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
            zaqar::message_pipeline: 'zaqar.notification.notifier'
            zaqar::max_messages_post_size: 1048576
            zaqar::unreliable: true
            zaqar::wsgi::apache::servername:
              str_replace:
                template:
                  "%{hiera('fqdn_$NETWORK')}"
                params:
                  $NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
            zaqar::message_store: {get_param: ZaqarMessageStore}
            zaqar::management_store: {get_param: ZaqarManagementStore}
          -
            if:
            - zaqar_messaging_store_swift
            -
              zaqar::messaging::swift::uri:
                list_join:
                  - ''
                  - ['swift://zaqar:', {get_param: ZaqarPassword}, '@/service']
              zaqar::messaging::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
              tripleo::profile::base::zaqar::messaging_store: 'swift'
            - {}
          -
            if:
            - zaqar_messaging_store_redis
            -
              zaqar_redis_password: {get_param: RedisPassword}
              tripleo::profile::base::zaqar::messaging_store: 'redis'
            - {}
          -
            if:
            - zaqar_management_store_sqlalchemy
            -
              tripleo::profile::base::zaqar::management_store: 'sqlalchemy'
              zaqar::management::sqlalchemy::uri:
                make_url:
                  scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
                  username: zaqar
                  password: {get_param: ZaqarPassword}
                  host: {get_param: [EndpointMap, MysqlInternal, host]}
                  path: /zaqar
                  query:
                    read_default_file: /etc/my.cnf.d/tripleo.cnf
                    read_default_group: tripleo
            - {}
          -
            if:
            - zaqar_workers_zero
            - {}
            - zaqar::wsgi::apache::workers: {get_param: ZaqarWorkers}
      service_config_settings:
        map_merge:
          - keystone:
              zaqar::keystone::auth::password: {get_param: ZaqarPassword}
              zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]}
              zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]}
              zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]}
              zaqar::keystone::auth::region: {get_param: KeystoneRegion}
              zaqar::keystone::auth::tenant: 'service'
              zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword}
              zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]}
              zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]}
              zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
              zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion}
              zaqar::keystone::auth_websocket::tenant: 'service'
              zaqar::keystone::trust::password: {get_param: ZaqarPassword}
              zaqar::keystone::trust::user_domain_name: 'Default'
          -
            if:
            - zaqar_management_store_sqlalchemy
            - mysql:
                zaqar::db::mysql::user: zaqar
                zaqar::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
                zaqar::db::mysql::dbname: zaqar
                zaqar::db::mysql::password: {get_param: ZaqarPassword}
                zaqar::db::mysql::allowed_hosts:
                  - '%'
                  - "%{hiera('mysql_bind_host')}"
            - {}
      step_config: |
        include ::tripleo::profile::base::zaqar
      metadata_settings:
        get_attr: [ApacheServiceBase, role_data, metadata_settings]
      upgrade_tasks:
        list_concat:
          - get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
          -
            - name: Check if zaqar is deployed
              command: systemctl is-enabled openstack-zaqar
              tags: common
              ignore_errors: True
              register: zaqar_enabled
            - name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
              shell: >
                /usr/bin/systemctl show 'openstack-zaqar' --property ActiveState |
                grep '\bactive\b'
              when:
                - step|int == 0
                - zaqar_enabled.rc == 0
              tags: validation
            - name: Check for zaqar running under apache (post upgrade)
              when: step|int == 1
              shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi"
              register: zaqar_apache
              ignore_errors: true
            - name: Stop zaqar service (running under httpd)
              service: name=httpd state=stopped
              when:
                - step|int == 1
                - zaqar_apache.rc == 0
            - name: Stop and disable zaqar service (pre-upgrade not under httpd)
              when:
                - step|int == 1
                - zaqar_enabled.rc == 0
              service: name=openstack-zaqar state=stopped enabled=no
            - name: Install openstack-zaqar package if it was disabled
              yum: name=openstack-zaqar state=latest
              when:
                - step|int == 3
                - zaqar_enabled.rc != 0