137 lines
5.1 KiB
YAML
137 lines
5.1 KiB
YAML
dsl_version: 0.1.0
|
|
service:
|
|
name: heat-api
|
|
ports:
|
|
- {{ heat.api_port }}
|
|
containers:
|
|
- name: heat-api
|
|
image: heat-api
|
|
pre:
|
|
- name: heat-db-create
|
|
dependencies:
|
|
- database
|
|
type: single
|
|
command:
|
|
mysql -u root -p{{ db.root_password }} -h {{ address("database") }} -e "create database {{ heat.db.name }};
|
|
create user '{{ heat.db.username }}'@'%' identified by '{{ heat.db.password }}'
|
|
{% if db.tls.enabled %} require ssl {% endif %};
|
|
grant all privileges on {{ heat.db.name }}.* to '{{ heat.db.username }}'@'%' identified by '{{ heat.db.password }}'
|
|
{% if db.tls.enabled %} require ssl {% endif %};"
|
|
- name: heat-db-sync
|
|
files:
|
|
- heat-conf
|
|
dependencies:
|
|
- heat-db-create
|
|
type: single
|
|
command: heat-manage db_sync
|
|
- name: heat-user-create
|
|
dependencies:
|
|
- keystone-create-domain
|
|
type: single
|
|
command:
|
|
openstack user create --domain {{ service_account.domain }} --password {{ heat.password }} {{ heat.user }}
|
|
- name: heat-admin-role-add
|
|
dependencies:
|
|
- heat-user-create
|
|
type: single
|
|
command:
|
|
openstack role add --project {{ service_account.project }} --user {{ heat.user }} admin
|
|
- name: heat-service-create
|
|
dependencies:
|
|
- keystone
|
|
type: single
|
|
command:
|
|
openstack service create --name heat --description "OpenStack orchestration service" orchestration
|
|
- name: heat-public-endpoint-create
|
|
dependencies:
|
|
- heat-service-create
|
|
type: single
|
|
command:
|
|
openstack endpoint create --region RegionOne orchestration public {{ address('heat-api', heat.api_port, external=True, with_scheme=True) }}/v1/%\(tenant_id\)s
|
|
- name: heat-internal-endpoint-create
|
|
dependencies:
|
|
- heat-service-create
|
|
type: single
|
|
command:
|
|
openstack endpoint create --region RegionOne orchestration internal {{ address('heat-api', heat.api_port, with_scheme=True) }}/v1/%\(tenant_id\)s
|
|
- name: heat-admin-endpoint-create
|
|
dependencies:
|
|
- heat-service-create
|
|
type: single
|
|
command:
|
|
openstack endpoint create --region RegionOne orchestration admin {{ address('heat-api', heat.api_port, with_scheme=True) }}/v1/%\(tenant_id\)s
|
|
# Orchestration requires additional information in the Identity service to manage stacks.
|
|
# For detailed explanation see: http://docs.openstack.org/project-install-guide/orchestration/newton/install-ubuntu.html
|
|
- name: heat-create-domain
|
|
type: single
|
|
command:
|
|
openstack domain create --description "Owns users and projects created by heat" {{ heat.domain.name }}
|
|
dependencies:
|
|
- keystone
|
|
- name: heat-domain-admin-user-create
|
|
type: single
|
|
command:
|
|
openstack user create --domain {{ heat.domain.name }} --password {{ heat.domain.password }} {{ heat.domain.user }}
|
|
dependencies:
|
|
- heat-create-domain
|
|
- name: heat-grant-doman-user-admin-privileges
|
|
type: single
|
|
command:
|
|
openstack role add --domain {{ heat.domain.name }} --user-domain {{ heat.domain.name }} --user {{ heat.domain.user }} admin
|
|
dependencies:
|
|
- heat-domain-admin-user-create
|
|
# You must add the heat_stack_owner role to each user that manages stacks after addinf new users.
|
|
- name: heat-stack-owner-role-create
|
|
type: single
|
|
command:
|
|
openstack role create heat_stack_owner
|
|
dependencies:
|
|
- heat-grant-doman-user-admin-privileges
|
|
# The Orchestration service automatically assigns the heat_stack_user role to users that it creates during stack deployment.
|
|
- name: heat-stack-user-role-create
|
|
type: single
|
|
command:
|
|
openstack role create heat_stack_user
|
|
dependencies:
|
|
- heat-grant-doman-user-admin-privileges
|
|
daemon:
|
|
dependencies:
|
|
- rpc
|
|
files:
|
|
- heat-conf
|
|
command: heat-api --config-file /etc/heat/heat.conf
|
|
# {% if heat.tls.enabled %}
|
|
- name: nginx-heat-api
|
|
image: nginx
|
|
daemon:
|
|
files:
|
|
- upstreams
|
|
- servers
|
|
- server-cert
|
|
- server-key
|
|
command: nginx
|
|
# {% endif %}
|
|
|
|
files:
|
|
heat-conf:
|
|
path: /etc/heat/heat.conf
|
|
content: heat.conf.j2
|
|
# {% if heat.tls.enabled %}
|
|
servers:
|
|
path: /etc/nginx/conf.d/servers.conf
|
|
content: nginx-api.conf.j2
|
|
perm: "0400"
|
|
upstreams:
|
|
path: /etc/nginx/conf.d/upstreams.conf
|
|
content: upstreams.conf.j2
|
|
perm: "0400"
|
|
server-cert:
|
|
path: /opt/ccp/etc/tls/server-cert.pem
|
|
content: server-cert.pem.j2
|
|
perm: "0400"
|
|
server-key:
|
|
path: /opt/ccp/etc/tls/server-key.pem
|
|
content: server-key.pem.j2
|
|
perm: "0400"
|
|
# {% endif %}
|