kolla-ansible/ansible/roles/heat/templates/heat.conf.j2
Bharat Kunwar c20c69ee5e kolla-ansible fix to correct magnum k8s deployment
Magnum was unable to fire up k8s cluster because heat-container-agent
inside kube-master was pointing to internal keystone endpoint instead of
public endpoint. This fix tells kolla ansible to set clients_keystone
auth_uri to public endpoint so that heat-container-agent communication
with heat is successfully authenticated by keystone.

Change-Id: Ida49528f88685710b5e6b8f3c4d4622506af5ae1
Closes-Bug: #1762754
2018-05-04 17:23:37 +01:00

110 lines
3.5 KiB
Django/Jinja

[DEFAULT]
debug = {{ heat_logging_debug }}
log_dir = /var/log/kolla/heat
heat_watch_server_url = {{ public_protocol }}://{{ kolla_external_fqdn }}:{{ heat_api_cfn_port }}
heat_metadata_server_url = {{ public_protocol }}://{{ kolla_external_fqdn }}:{{ heat_api_cfn_port }}
heat_waitcondition_server_url = {{ public_protocol }}://{{ kolla_external_fqdn }}:{{ heat_api_cfn_port }}/v1/waitcondition
heat_stack_user_role = {{ heat_stack_user_role }}
stack_domain_admin = heat_domain_admin
stack_domain_admin_password = {{ heat_domain_admin_password }}
stack_user_domain_name = heat_user_domain
deferred_auth_method = trusts
trusts_delegated_roles = heat_stack_owner
{% if service_name == 'heat-engine' %}
num_engine_workers = {{ openstack_service_workers }}
{% endif %}
transport_url = {{ rpc_transport_url }}
{% if service_name == 'heat-api' %}
[heat_api]
bind_host = {{ api_interface_address }}
bind_port = {{ heat_api_port }}
workers = {{ openstack_service_workers }}
{% endif %}
{% if service_name == 'heat-api-cfn' %}
[heat_api_cfn]
bind_host = {{ api_interface_address }}
bind_port = {{ heat_api_cfn_port }}
workers = {{ openstack_service_workers }}
{% endif %}
[database]
connection = mysql+pymysql://{{ heat_database_user }}:{{ heat_database_password }}@{{ heat_database_address }}/{{ heat_database_name }}
max_retries = -1
[keystone_authtoken]
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ heat_keystone_user }}
password = {{ heat_keystone_password }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
[cache]
backend = oslo_cache.memcache_pool
enabled = True
memcache_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
[trustee]
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
auth_type = password
user_domain_id = {{ default_user_domain_id }}
username = {{ heat_keystone_user }}
password = {{ heat_keystone_password }}
[ec2authtoken]
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3
[clients_keystone]
auth_uri = {{ public_protocol }}://{{ kolla_external_fqdn }}:{{ keystone_public_port }}
[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
{% if enable_ceilometer | bool %}
driver = messagingv2
topics = notifications
{% else %}
driver = noop
{% endif %}
{% if heat_policy_file is defined %}
[oslo_policy]
policy_file = {{ heat_policy_file }}
{% endif %}
[clients]
endpoint_type = internalURL
[clients_heat]
endpoint_type = publicURL
[oslo_middleware]
enable_proxy_headers_parsing = True
{% if enable_osprofiler | bool %}
[profiler]
enabled = true
trace_sqlalchemy = true
hmac_keys = {{ osprofiler_secret }}
{% if enable_elasticsearch | bool %}
connection_string = elasticsearch://{{ elasticsearch_address }}:{{ elasticsearch_port }}
{% endif %}
{% endif %}