heat_template_version: queens

description: >
  RabbitMQ service configured with Puppet

parameters:
  ServiceData:
    default: {}
    description: Dictionary packing service data
    type: json
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  RabbitUserName:
    default: guest
    description: The username for RabbitMQ
    type: string
  RabbitPassword:
    description: The password for RabbitMQ
    type: string
    hidden: true
  RabbitFDLimit:
    default: 65536
    description: Configures RabbitMQ FD limit
    type: number
  RabbitIPv6:
    default: false
    description: Enable IPv6 in RabbitMQ
    type: boolean
  RabbitCookie:
    type: string
    default: ''
    hidden: true
  RabbitHAQueues:
    description:
      The number of HA queues to be configured in rabbit. The default is -1 which
      translates to "ha-mode all". The special value 0 will be automatically
      overridden to CEIL(N/2) where N is the number of nodes running rabbitmq.
    default: -1
    type: number
  RabbitNetTickTime:
    description:
      The number of seconds to configure the value of the erlang
      net_ticktime kernel variable.
    default: 15
    type: number
  MonitoringSubscriptionRabbitmq:
    default: 'overcloud-rabbitmq'
    type: string
  EnableInternalTLS:
    type: boolean
    default: false

conditions:
  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}

outputs:
  role_data:
    description: Role data for the RabbitMQ role.
    value:
      service_name: rabbitmq
      monitoring_subscription: {get_param: MonitoringSubscriptionRabbitmq}
      config_settings:
        map_merge:
          -
            rabbitmq::file_limit: {get_param: RabbitFDLimit}
            rabbitmq::default_user: {get_param: RabbitUserName}
            rabbitmq::default_pass: {get_param: RabbitPassword}
            rabbit_ipv6: {get_param: RabbitIPv6}
            tripleo.rabbitmq.firewall_rules:
              '109 rabbitmq':
                dport:
                  - 4369
                  - 5672
                  - 25672
            rabbitmq::delete_guest_user: false
            rabbitmq::wipe_db_on_cookie_change: true
            rabbitmq::port: 5672
            rabbitmq::package_provider: yum
            rabbitmq::package_source: undef
            rabbitmq::repos_ensure: false
            rabbitmq::tcp_keepalive: true
            rabbitmq_environment:
              NODE_PORT: ''
              NODE_IP_ADDRESS: ''
              RABBITMQ_NODENAME: "rabbit@%{::hostname}"
              RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true}]"'
              'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}"
            rabbitmq_kernel_variables:
              inet_dist_listen_min: '25672'
              inet_dist_listen_max: '25672'
              net_ticktime: {get_param: RabbitNetTickTime}
            rabbitmq_config_variables:
              cluster_partition_handling: 'ignore'
              queue_master_locator: '<<"min-masters">>'
              loopback_users: '[]'
            rabbitmq::erlang_cookie:
              yaql:
                expression: $.data.passwords.where($ != '').first()
                data:
                  passwords:
                    - {get_param: RabbitCookie}
                    - {get_param: [DefaultPasswords, rabbit_cookie]}
            # NOTE: bind IP is found in hiera replacing the network name with the
            # local node IP for the given network; replacement examples
            # (eg. for internal_api):
            # internal_api -> IP
            # internal_api_uri -> [IP]
            # internal_api_subnet - > IP/CIDR
            rabbitmq::interface:
              str_replace:
                template:
                  "%{hiera('$NETWORK')}"
                params:
                  $NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
            rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues}
            rabbitmq::ssl: {get_param: EnableInternalTLS}
            rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
            rabbitmq::ssl_port: 5672
            rabbitmq::ssl_depth: 1
            rabbitmq::ssl_only: {get_param: EnableInternalTLS}
            rabbitmq::ssl_interface:
              str_replace:
                template:
                  "%{hiera('$NETWORK')}"
                params:
                  $NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
            # TODO(jaosorior): Remove this once we set a proper default in
            # puppet-tripleo
            tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}
          -
            if:
            - internal_tls_enabled
            - generate_service_certificates: true
              tripleo::profile::base::rabbitmq::certificate_specs:
                service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
                service_key: '/etc/pki/tls/private/rabbitmq.key'
                hostname:
                  str_replace:
                    template: "%{hiera('fqdn_NETWORK')}"
                    params:
                      NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
                principal:
                  str_replace:
                    template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
                    params:
                      NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
            - {}
      step_config: |
        include ::tripleo::profile::base::rabbitmq
      upgrade_tasks:
        - name: Stop rabbitmq service
          when: step|int == 2
          service: name=rabbitmq-server state=stopped
        - name: Start rabbitmq service
          when: step|int == 4
          service: name=rabbitmq-server state=started
      metadata_settings:
        if:
          - internal_tls_enabled
          -
            - service: rabbitmq
              network: {get_param: [ServiceNetMap, RabbitmqNetwork]}
              type: node
          - null