[train-squash] Backport "all Keystone resources with Ansible"
Manage all Keystone resources with Ansible Change-Id: I96a3351fca26cd8bb122a86cb4c3a58d5f88573e (cherry picked from commit7f40baabcd
) keystone: fix trailing space Change-Id: Id3642bd4f539f496d00298ab7996720f14cd0a3c (cherry picked from commit4c167191dc
) deployment: document keystone_resources Bring some documentation into the deployment README about the new keystone_resources interface. Change-Id: I17c2c451136eb4729e4751a250d5545019ea84ff (cherry picked from commit362e92fb82
) Add novajoin to EndpointMap Previously, novajoin was relying on hiera data to populate endpoints in keystone, but that recently changed for the rest of the OpenStack services. This commit updates novajoin to use the same approach with EndpointMap. Otherwise, deploying the undercloud fails with an error message similar to the following: Cannot create an endpoint with an invalid URL: http://%{hiera('ctlplane')}:9090/v1/. Change-Id: I0e177a5e21ed9fb5eacba7a766c153ba99af34ae (cherry picked from commit18e51ca533
) keystone/ldap: add missing cloud name ... or Ansible will use the default "openstack" cloud, which isn't good. We need to create domains in the actual overcloud. Change-Id: I129d7355364c87c40f51372b402620790a31ec81 (cherry picked from commitb3538251d6
)
This commit is contained in:
parent
a1824a3faf
commit
32279c4a32
|
@ -218,6 +218,10 @@ parameters:
|
|||
default: []
|
||||
description: List of VIP (virtual IP) hosts entries to be appended to /etc/hosts
|
||||
type: comma_delimited_list
|
||||
KeystoneResourcesConfigs:
|
||||
description: The keystone resources config.
|
||||
type: json
|
||||
default: {}
|
||||
|
||||
conditions:
|
||||
{% for role in enabled_roles %}
|
||||
|
@ -389,6 +393,7 @@ outputs:
|
|||
undercloud_hosts_entries: {get_param: UndercloudHostsEntries}
|
||||
extra_hosts_entries: {get_param: ExtraHostsEntries}
|
||||
vip_hosts_entries: {get_param: VipHostsEntries}
|
||||
keystone_resources: {get_param: KeystoneResourcesConfigs}
|
||||
common_deploy_steps_tasks: {get_file: deploy-steps-tasks.yaml}
|
||||
hiera_steps_tasks: {get_file: hiera-steps-tasks.yaml}
|
||||
deploy_steps_tasks_step_0: {get_file: deploy-steps-tasks-step-0.yaml}
|
||||
|
|
|
@ -133,6 +133,16 @@ resources:
|
|||
expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('global_config_settings')).where($ != null))
|
||||
data: {role_data: {get_attr: [ServiceChain, role_data]}}
|
||||
|
||||
KeystoneResourcesConfigs:
|
||||
type: OS::Heat::Value
|
||||
properties:
|
||||
type: json
|
||||
value:
|
||||
map_merge:
|
||||
yaql:
|
||||
expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('keystone_resources')).where($ != null))
|
||||
data: {role_data: {get_attr: [ServiceChain, role_data]}}
|
||||
|
||||
ServiceConfigSettings:
|
||||
type: OS::Heat::Value
|
||||
properties:
|
||||
|
@ -371,6 +381,7 @@ outputs:
|
|||
upgrade_batch_tasks: {get_attr: [UpgradeBatchTasks, value]}
|
||||
service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]}
|
||||
ansible_group_vars: {get_attr: [AnsibleGroupVars, value]}
|
||||
keystone_resources: {get_attr: [KeystoneResourcesConfigs, value]}
|
||||
|
||||
# Keys to support docker/services
|
||||
puppet_config: {get_attr: [PuppetConfig, value]}
|
||||
|
|
|
@ -328,3 +328,11 @@ implementation of this hook needs to conform to the following:
|
|||
|
||||
* This needs to define an output called `metadata` which will be given to the
|
||||
Nova Server resource as the instance's metadata.
|
||||
|
||||
Keystone resources management
|
||||
-----------------------------
|
||||
|
||||
Keystone resources, such as users, roles, domains, endpoints, services, role
|
||||
assignments, are now managed by `tripleo-keystone-resources`_ Ansible role.
|
||||
|
||||
.. _tripleo-keystone-resources: https://docs.openstack.org/tripleo-ansible/latest/roles/role-tripleo-keystone-resources.html
|
||||
|
|
|
@ -58,6 +58,14 @@ parameters:
|
|||
e.g. { aodh-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
||||
default: {}
|
||||
type: json
|
||||
KeystoneRegion:
|
||||
type: string
|
||||
default: 'regionOne'
|
||||
description: Keystone region for endpoint
|
||||
AodhPassword:
|
||||
description: The password for the aodh services.
|
||||
type: string
|
||||
hidden: true
|
||||
|
||||
conditions:
|
||||
|
||||
|
@ -97,6 +105,17 @@ outputs:
|
|||
description: Role data for the aodh API role.
|
||||
value:
|
||||
service_name: aodh_api
|
||||
keystone_resources:
|
||||
aodh:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, AodhPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, AodhInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, AodhAdmin, uri]}
|
||||
users:
|
||||
aodh:
|
||||
password: {get_param: AodhPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'alarming'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionAodhApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
|
|
@ -95,13 +95,6 @@ outputs:
|
|||
aodh::auth::auth_region: {get_param: KeystoneRegion}
|
||||
aodh::auth::auth_tenant_name: 'service'
|
||||
service_config_settings:
|
||||
keystone:
|
||||
aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]}
|
||||
aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]}
|
||||
aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]}
|
||||
aodh::keystone::auth::password: {get_param: AodhPassword}
|
||||
aodh::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
aodh::keystone::auth::tenant: 'service'
|
||||
mysql:
|
||||
aodh::db::mysql::user: aodh
|
||||
aodh::db::mysql::password: {get_param: AodhPassword}
|
||||
|
|
|
@ -181,6 +181,22 @@ outputs:
|
|||
description: Role data for the Barbican API role.
|
||||
value:
|
||||
service_name: barbican_api
|
||||
keystone_resources:
|
||||
barbican:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, BarbicanPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, BarbicanInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, BarbicanAdmin, uri]}
|
||||
users:
|
||||
barbican:
|
||||
password: {get_param: BarbicanPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'key-manager'
|
||||
roles:
|
||||
- key-manager:service-admin
|
||||
- creator
|
||||
- observer
|
||||
- audit
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||
|
@ -244,12 +260,6 @@ outputs:
|
|||
- '%'
|
||||
- "%{hiera('mysql_bind_host')}"
|
||||
keystone:
|
||||
barbican::keystone::auth::public_url: {get_param: [EndpointMap, BarbicanPublic, uri]}
|
||||
barbican::keystone::auth::internal_url: {get_param: [EndpointMap, BarbicanInternal, uri]}
|
||||
barbican::keystone::auth::admin_url: {get_param: [EndpointMap, BarbicanAdmin, uri]}
|
||||
barbican::keystone::auth::password: {get_param: BarbicanPassword}
|
||||
barbican::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
barbican::keystone::auth::tenant: 'service'
|
||||
tripleo::profile::base::keystone::barbican_notification_topics: ['barbican_notifications']
|
||||
nova_compute:
|
||||
nova::compute::keymgr_backend: >
|
||||
|
|
|
@ -52,6 +52,10 @@ parameters:
|
|||
default: false
|
||||
description: Whether to enable gnocchi usage.
|
||||
type: boolean
|
||||
CeilometerPassword:
|
||||
description: The password for the ceilometer service account.
|
||||
type: string
|
||||
hidden: true
|
||||
|
||||
conditions:
|
||||
ceilometer_enable_gnocchi: {equals: [{get_param: CeilometerEnableGnocchi}, True]}
|
||||
|
@ -77,6 +81,13 @@ outputs:
|
|||
value:
|
||||
service_name: ceilometer_agent_central
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCentral}
|
||||
keystone_resources:
|
||||
ceilometer:
|
||||
users:
|
||||
ceilometer:
|
||||
password: {get_param: CeilometerPassword}
|
||||
roles:
|
||||
- admin
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [CeilometerServiceBase, role_data, config_settings]
|
||||
|
|
|
@ -179,11 +179,5 @@ outputs:
|
|||
- {}
|
||||
service_config_settings:
|
||||
keystone:
|
||||
ceilometer_auth_enabled: true
|
||||
# NOTE(aschultz): no endpoints since ceilometer api removal
|
||||
ceilometer::keystone::auth::configure_endpoint: false
|
||||
ceilometer::keystone::auth::password: {get_param: CeilometerPassword}
|
||||
ceilometer::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
ceilometer::keystone::auth::tenant: 'service'
|
||||
# Enable default notification queue
|
||||
tripleo::profile::base::keystone::ceilometer_notification_topics: ["notifications"]
|
||||
|
|
|
@ -76,6 +76,22 @@ outputs:
|
|||
description: Role data for the Ceph RadosGW service.
|
||||
value:
|
||||
service_name: ceph_rgw
|
||||
keystone_resources:
|
||||
swift:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, CephRgwPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, CephRgwInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, CephRgwAdmin, uri]}
|
||||
users:
|
||||
swift:
|
||||
password: {get_param: SwiftPassword}
|
||||
roles:
|
||||
- admin
|
||||
- member
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'object-store'
|
||||
roles:
|
||||
- member
|
||||
upgrade_tasks: []
|
||||
puppet_config:
|
||||
config_image: ''
|
||||
|
@ -110,13 +126,3 @@ outputs:
|
|||
- - '9100'
|
||||
- []
|
||||
- {}
|
||||
service_config_settings:
|
||||
keystone:
|
||||
ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]}
|
||||
ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
|
||||
ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
|
||||
ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
ceph::rgw::keystone::auth::roles: [ 'admin', 'member' ]
|
||||
ceph::rgw::keystone::auth::tenant: service
|
||||
ceph::rgw::keystone::auth::user: swift
|
||||
ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
|
||||
|
|
|
@ -84,6 +84,9 @@ parameters:
|
|||
type: string
|
||||
default: 'messagingv2'
|
||||
description: Driver or drivers to handle sending notifications.
|
||||
RootStackName:
|
||||
description: The name of the stack/plan.
|
||||
type: string
|
||||
|
||||
conditions:
|
||||
|
||||
|
@ -124,11 +127,46 @@ outputs:
|
|||
description: Role data for the Cinder API role.
|
||||
value:
|
||||
service_name: cinder_api
|
||||
keystone_resources:
|
||||
cinder:
|
||||
users:
|
||||
cinder:
|
||||
password: {get_param: CinderPassword}
|
||||
roles:
|
||||
- admin
|
||||
- service
|
||||
cinderv2:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, CinderV2Public, uri]}
|
||||
internal: {get_param: [EndpointMap, CinderV2Internal, uri]}
|
||||
admin: {get_param: [EndpointMap, CinderV2Admin, uri]}
|
||||
users:
|
||||
cinderv2:
|
||||
password: {get_param: CinderPassword}
|
||||
roles:
|
||||
- admin
|
||||
- service
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'volumev2'
|
||||
cinderv3:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, CinderV3Public, uri]}
|
||||
internal: {get_param: [EndpointMap, CinderV3Internal, uri]}
|
||||
admin: {get_param: [EndpointMap, CinderV3Admin, uri]}
|
||||
users:
|
||||
cinderv3:
|
||||
password: {get_param: CinderPassword}
|
||||
roles:
|
||||
- admin
|
||||
- service
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'volumev3'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionCinderApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [CinderBase, role_data, config_settings]
|
||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||
- keystone_resources_managed: false
|
||||
- cinder::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
|
@ -191,17 +229,6 @@ outputs:
|
|||
- rsyslog:
|
||||
tripleo_logging_sources_cinder_api:
|
||||
- {get_param: CinderApiLoggingSource}
|
||||
keystone:
|
||||
cinder::keystone::auth::tenant: 'service'
|
||||
cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
|
||||
cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
|
||||
cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
|
||||
cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]}
|
||||
cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]}
|
||||
cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]}
|
||||
cinder::keystone::auth::password: {get_param: CinderPassword}
|
||||
cinder::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
cinder::keystone::auth::roles: ['admin', 'service']
|
||||
mysql:
|
||||
cinder::db::mysql::password: {get_param: CinderPassword}
|
||||
cinder::db::mysql::user: cinder
|
||||
|
@ -419,3 +446,20 @@ outputs:
|
|||
when:
|
||||
- step|int == 8
|
||||
- is_bootstrap_node|bool
|
||||
external_deploy_tasks:
|
||||
- name: Manage Cinder Volume Type
|
||||
become: true
|
||||
vars:
|
||||
default_volume_type: {get_param: CinderDefaultVolumeType}
|
||||
environment:
|
||||
OS_CLOUD: {get_param: RootStackName}
|
||||
when:
|
||||
- step|int == 5
|
||||
- not ansible_check_mode|bool
|
||||
shell: |
|
||||
if ! openstack volume type show "{{ default_volume_type }}"; then
|
||||
openstack volume type create --public "{{ default_volume_type }}"
|
||||
fi
|
||||
args:
|
||||
executable: /bin/bash
|
||||
changed_when: false
|
||||
|
|
|
@ -79,6 +79,17 @@ outputs:
|
|||
description: Role data for the Designate API role.
|
||||
value:
|
||||
service_name: designate_api
|
||||
keystone_resources:
|
||||
designate:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, DesignatePublic, uri_no_suffix]}
|
||||
internal: {get_param: [EndpointMap, DesignateInternal, uri_no_suffix]}
|
||||
admin: {get_param: [EndpointMap, DesignateAdmin, uri_no_suffix]}
|
||||
users:
|
||||
designate:
|
||||
password: {get_param: DesignatePassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'dns'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionDesignateApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -105,13 +116,6 @@ outputs:
|
|||
- {}
|
||||
- designate::api::workers: {get_param: DesignateWorkers}
|
||||
service_config_settings:
|
||||
keystone:
|
||||
designate::keystone::auth::tenant: 'service'
|
||||
designate::keystone::auth::public_url: {get_param: [EndpointMap, DesignatePublic, uri_no_suffix]}
|
||||
designate::keystone::auth::internal_url: { get_param: [ EndpointMap, DesignateInternal, uri_no_suffix ] }
|
||||
designate::keystone::auth::admin_url: { get_param: [ EndpointMap, DesignateAdmin, uri_no_suffix ] }
|
||||
designate::keystone::auth::password: {get_param: DesignatePassword}
|
||||
designate::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
neutron_api:
|
||||
neutron::designate::password: {get_param: NeutronPassword}
|
||||
neutron::designate::url: {get_param: [EndpointMap, DesignateInternal, uri]}
|
||||
|
|
|
@ -294,6 +294,17 @@ outputs:
|
|||
description: Role data for the Glance API role.
|
||||
value:
|
||||
service_name: glance_api
|
||||
keystone_resources:
|
||||
glance:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, GlancePublic, uri]}
|
||||
internal: {get_param: [EndpointMap, GlanceInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, GlanceAdmin, uri]}
|
||||
users:
|
||||
glance:
|
||||
password: {get_param: GlancePassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'image'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -428,13 +439,6 @@ outputs:
|
|||
- {}
|
||||
- glance::api::sync_db: false
|
||||
service_config_settings:
|
||||
keystone:
|
||||
glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
|
||||
glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
|
||||
glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
|
||||
glance::keystone::auth::password: {get_param: GlancePassword }
|
||||
glance::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
glance::keystone::auth::tenant: 'service'
|
||||
mysql:
|
||||
glance::db::mysql::password: {get_param: GlancePassword}
|
||||
glance::db::mysql::user: glance
|
||||
|
|
|
@ -143,6 +143,17 @@ outputs:
|
|||
description: Role data for the gnocchi API role.
|
||||
value:
|
||||
service_name: gnocchi_api
|
||||
keystone_resources:
|
||||
gnocchi:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, GnocchiPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, GnocchiInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, GnocchiAdmin, uri]}
|
||||
users:
|
||||
gnocchi:
|
||||
password: {get_param: GnocchiPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'metric'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -203,13 +214,6 @@ outputs:
|
|||
- rsyslog:
|
||||
tripleo_logging_sources_gnocchi_api:
|
||||
- {get_param: GnocchiApiLoggingSource}
|
||||
keystone:
|
||||
gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
|
||||
gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
|
||||
gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
|
||||
gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
|
||||
gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
gnocchi::keystone::auth::tenant: 'service'
|
||||
mysql:
|
||||
gnocchi::db::mysql::password: {get_param: GnocchiPassword}
|
||||
gnocchi::db::mysql::user: gnocchi
|
||||
|
|
|
@ -100,6 +100,17 @@ outputs:
|
|||
description: Role data for the Heat API CFN role.
|
||||
value:
|
||||
service_name: heat_api_cfn
|
||||
keystone_resources:
|
||||
heat-cfn:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, HeatCfnPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, HeatCfnInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
|
||||
users:
|
||||
heat-cfn:
|
||||
password: {get_param: HeatPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'cloudformation'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCnf}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -145,15 +156,6 @@ outputs:
|
|||
rsyslog:
|
||||
tripleo_logging_sources_heat_api_cfn:
|
||||
- {get_param: HeatApiCfnLoggingSource}
|
||||
keystone:
|
||||
map_merge:
|
||||
- get_attr: [HeatBase, role_data, service_config_settings, keystone]
|
||||
- heat::keystone::auth_cfn::tenant: 'service'
|
||||
heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]}
|
||||
heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]}
|
||||
heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
|
||||
heat::keystone::auth_cfn::password: {get_param: HeatPassword}
|
||||
heat::keystone::auth_cfn::region: {get_param: KeystoneRegion}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: heat_api_cfn
|
||||
|
|
|
@ -74,6 +74,10 @@ parameters:
|
|||
e.g. { heat-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
||||
default: {}
|
||||
type: json
|
||||
HeatStackDomainAdminPassword:
|
||||
description: Password for heat_stack_domain_admin user.
|
||||
type: string
|
||||
hidden: true
|
||||
|
||||
conditions:
|
||||
|
||||
|
@ -114,6 +118,26 @@ outputs:
|
|||
description: Role data for the Heat API role.
|
||||
value:
|
||||
service_name: heat_api
|
||||
keystone_resources:
|
||||
heat:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, HeatPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, HeatInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, HeatAdmin, uri]}
|
||||
users:
|
||||
heat:
|
||||
password: {get_param: HeatPassword}
|
||||
heat_stack_domain_admin:
|
||||
password: {get_param: HeatStackDomainAdminPassword}
|
||||
roles:
|
||||
- admin
|
||||
domain: heat_stack
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'orchestration'
|
||||
roles:
|
||||
- heat_stack_user
|
||||
domains:
|
||||
- heat_stack
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionHeatApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -162,15 +186,6 @@ outputs:
|
|||
rsyslog:
|
||||
tripleo_logging_sources_heat_api:
|
||||
- {get_param: HeatApiLoggingSource}
|
||||
keystone:
|
||||
map_merge:
|
||||
- get_attr: [HeatBase, role_data, service_config_settings, keystone]
|
||||
- heat::keystone::auth::tenant: 'service'
|
||||
heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]}
|
||||
heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]}
|
||||
heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
|
||||
heat::keystone::auth::password: {get_param: HeatPassword}
|
||||
heat::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: heat_api
|
||||
|
|
|
@ -186,8 +186,3 @@ outputs:
|
|||
heat::cron::purge_deleted::age_type: {get_param: HeatCronPurgeDeletedAgeType}
|
||||
heat::cron::purge_deleted::destination: {get_param: HeatCronPurgeDeletedDestination}
|
||||
heat::max_json_body_size: {get_param: HeatMaxJsonBodySize}
|
||||
service_config_settings:
|
||||
keystone:
|
||||
tripleo::profile::base::keystone::heat_admin_domain: 'heat_stack'
|
||||
tripleo::profile::base::keystone::heat_admin_user: 'heat_stack_domain_admin'
|
||||
tripleo::profile::base::keystone::heat_admin_email: 'heat_stack_domain_admin@localhost'
|
||||
|
|
|
@ -201,10 +201,6 @@ outputs:
|
|||
heat::db::mysql::allowed_hosts:
|
||||
- '%'
|
||||
- "%{hiera('mysql_bind_host')}"
|
||||
keystone:
|
||||
map_merge:
|
||||
- get_attr: [HeatBase, role_data, service_config_settings, keystone]
|
||||
- tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: heat
|
||||
|
|
|
@ -203,9 +203,8 @@ outputs:
|
|||
- debug_unset
|
||||
- horizon::django_debug: { get_param: HorizonDebug }
|
||||
- horizon::django_debug: { get_param: Debug }
|
||||
service_config_settings:
|
||||
keystone:
|
||||
keystone_enable_member: true
|
||||
ansible_group_vars:
|
||||
keystone_enable_member: true
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: horizon
|
||||
|
|
|
@ -106,6 +106,20 @@ outputs:
|
|||
description: Role data for the Ironic API role.
|
||||
value:
|
||||
service_name: ironic_api
|
||||
keystone_resources:
|
||||
ironic:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
|
||||
internal: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
|
||||
admin: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
|
||||
users:
|
||||
ironic:
|
||||
password: {get_param: IronicPassword}
|
||||
roles:
|
||||
- admin
|
||||
- service
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'baremetal'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionIronicApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -166,15 +180,6 @@ outputs:
|
|||
- 13385
|
||||
- apache::default_vhost: false
|
||||
service_config_settings:
|
||||
keystone:
|
||||
ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
|
||||
ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
|
||||
ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
|
||||
ironic::keystone::auth::auth_name: 'ironic'
|
||||
ironic::keystone::auth::password: {get_param: IronicPassword }
|
||||
ironic::keystone::auth::tenant: 'service'
|
||||
ironic::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
ironic::keystone::auth::roles: ['admin', 'service']
|
||||
mysql:
|
||||
ironic::db::mysql::password: {get_param: IronicPassword}
|
||||
ironic::db::mysql::user: ironic
|
||||
|
|
|
@ -181,6 +181,17 @@ outputs:
|
|||
description: Role data for the Ironic Inspector role.
|
||||
value:
|
||||
service_name: ironic_inspector
|
||||
keystone_resources:
|
||||
ironic-inspector:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, IronicInspectorPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, IronicInspectorInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, IronicInspectorAdmin, uri]}
|
||||
users:
|
||||
ironic-inspector:
|
||||
password: {get_param: IronicPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'baremetal-introspection'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionIronicInspector}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -304,13 +315,6 @@ outputs:
|
|||
- ironic::inspector::tftp_root: /var/lib/ironic/tftpboot
|
||||
- ironic::inspector::http_root: /var/lib/ironic/httpboot
|
||||
service_config_settings:
|
||||
keystone:
|
||||
ironic::keystone::auth_inspector::tenant: 'service'
|
||||
ironic::keystone::auth_inspector::public_url: {get_param: [EndpointMap, IronicInspectorPublic, uri]}
|
||||
ironic::keystone::auth_inspector::internal_url: {get_param: [EndpointMap, IronicInspectorInternal, uri]}
|
||||
ironic::keystone::auth_inspector::admin_url: {get_param: [EndpointMap, IronicInspectorAdmin, uri]}
|
||||
ironic::keystone::auth_inspector::password: {get_param: IronicPassword}
|
||||
ironic::keystone::auth_inspector::region: {get_param: KeystoneRegion}
|
||||
mysql:
|
||||
ironic::inspector::db::mysql::password: {get_param: IronicPassword}
|
||||
ironic::inspector::db::mysql::user: ironic-inspector
|
||||
|
|
|
@ -343,6 +343,7 @@ outputs:
|
|||
- {}
|
||||
- keystone::cors::allowed_origin: {get_param: KeystoneCorsAllowedOrigin}
|
||||
- keystone_enable_member: {get_param: KeystoneEnableMember}
|
||||
- keystone_resources_managed: false
|
||||
- keystone::database_connection:
|
||||
make_url:
|
||||
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
|
||||
|
@ -688,11 +689,46 @@ outputs:
|
|||
username: admin
|
||||
identity_api_version: '3'
|
||||
region_name: {get_param: KeystoneRegion}
|
||||
- name: Manage Keystone resources
|
||||
become: true
|
||||
when:
|
||||
- step|int == 4
|
||||
- not ansible_check_mode|bool
|
||||
block:
|
||||
- name: Manage Keystone resources for OpenStack services
|
||||
include_role:
|
||||
name: tripleo-keystone-resources
|
||||
vars:
|
||||
tripleo_keystone_resources_catalog_config: "{{ keystone_resources }}"
|
||||
tripleo_keystone_resources_service_project: 'service'
|
||||
tripleo_keystone_resources_cloud_name: {get_param: RootStackName}
|
||||
tripleo_keystone_resources_region: {get_param: KeystoneRegion}
|
||||
tripleo_keystone_resources_admin_endpoint: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
tripleo_keystone_resources_public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
tripleo_keystone_resources_internal_endpoint: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
tripleo_keystone_resources_admin_password: {get_param: AdminPassword}
|
||||
tripleo_keystone_resources_member_role_enabled: {get_param: KeystoneEnableMember}
|
||||
- name: is Keystone LDAP enabled
|
||||
set_fact:
|
||||
keystone_ldap_domain_enabled: {get_param: KeystoneLDAPDomainEnable}
|
||||
- name: Set fact for tripleo_keystone_ldap_domains
|
||||
set_fact:
|
||||
tripleo_keystone_ldap_domains: {get_param: KeystoneLDAPBackendConfigs}
|
||||
when: keystone_ldap_domain_enabled|bool
|
||||
- name: Manage Keystone domains from LDAP config
|
||||
when: keystone_ldap_domain_enabled|bool
|
||||
include_role:
|
||||
name: tripleo-keystone-resources
|
||||
tasks_from: domains
|
||||
vars:
|
||||
tripleo_keystone_resources_catalog_config: "{{ keystone_resources }}"
|
||||
tripleo_keystone_resources_cloud_name: {get_param: RootStackName}
|
||||
batched_tripleo_keystone_resources_domains: "{{ tripleo_keystone_ldap_domains | list }}"
|
||||
container_puppet_tasks:
|
||||
# Keystone endpoint creation occurs only on single node
|
||||
step_3:
|
||||
config_volume: 'keystone_init_tasks'
|
||||
puppet_tags: 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain'
|
||||
puppet_tags: 'keystone_config'
|
||||
step_config: 'include ::tripleo::profile::base::keystone'
|
||||
config_image: *keystone_config_image
|
||||
host_prep_tasks: {get_attr: [KeystoneLogging, host_prep_tasks]}
|
||||
|
|
|
@ -94,6 +94,27 @@ outputs:
|
|||
description: Role data for the Manila API role.
|
||||
value:
|
||||
service_name: manila_api
|
||||
keystone_resources:
|
||||
manila:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, ManilaV1Public, uri]}
|
||||
internal: {get_param: [EndpointMap, ManilaV1Internal, uri]}
|
||||
admin: {get_param: [EndpointMap, ManilaV1Admin, uri]}
|
||||
users:
|
||||
manila:
|
||||
password: {get_param: ManilaPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'share'
|
||||
manilav2:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, ManilaPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, ManilaInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, ManilaAdmin, uri]}
|
||||
users:
|
||||
manilav2:
|
||||
password: {get_param: ManilaPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'sharev2'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionManilaApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -142,19 +163,7 @@ outputs:
|
|||
- manila_workers_zero
|
||||
- {}
|
||||
- manila::wsgi::apache::workers: {get_param: ManilaWorkers}
|
||||
service_config_settings:
|
||||
map_merge:
|
||||
- get_attr: [ManilaBase, role_data, service_config_settings]
|
||||
- keystone:
|
||||
manila::keystone::auth::tenant: 'service'
|
||||
manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]}
|
||||
manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]}
|
||||
manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]}
|
||||
manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]}
|
||||
manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]}
|
||||
manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]}
|
||||
manila::keystone::auth::password: {get_param: ManilaPassword}
|
||||
manila::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]}
|
||||
# BEGIN DOCKER SETTINGS #
|
||||
puppet_config:
|
||||
config_volume: manila
|
||||
|
|
|
@ -66,6 +66,14 @@ parameters:
|
|||
default: ''
|
||||
description: Indicate whether this resource may be shared with the domain received in the request
|
||||
"origin" header.
|
||||
MistralPassword:
|
||||
description: The password for the Mistral service and db account, used by the Mistral services.
|
||||
type: string
|
||||
hidden: true
|
||||
KeystoneRegion:
|
||||
type: string
|
||||
default: 'regionOne'
|
||||
description: Keystone region for endpoint
|
||||
|
||||
conditions:
|
||||
mistral_workers_zero: {equals : [{get_param: MistralWorkers}, 0]}
|
||||
|
@ -94,6 +102,17 @@ outputs:
|
|||
description: Role data for the Mistral API role.
|
||||
value:
|
||||
service_name: mistral_api
|
||||
keystone_resources:
|
||||
mistral:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, MistralPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, MistralInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, MistralAdmin, uri]}
|
||||
users:
|
||||
mistral:
|
||||
password: {get_param: MistralPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'workflowv2'
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [MistralBase, role_data, config_settings]
|
||||
|
|
|
@ -45,10 +45,6 @@ parameters:
|
|||
description: The password for the Mistral service and db account, used by the Mistral services.
|
||||
type: string
|
||||
hidden: true
|
||||
KeystoneRegion:
|
||||
type: string
|
||||
default: 'regionOne'
|
||||
description: Keystone region for endpoint
|
||||
NotificationDriver:
|
||||
type: string
|
||||
default: 'messagingv2'
|
||||
|
@ -93,13 +89,6 @@ outputs:
|
|||
- - {get_param: [EndpointMap, KeystoneV3Internal, uri]}
|
||||
- '/ec2tokens'
|
||||
service_config_settings:
|
||||
keystone:
|
||||
mistral::keystone::auth::tenant: 'service'
|
||||
mistral::keystone::auth::public_url: {get_param: [EndpointMap, MistralPublic, uri]}
|
||||
mistral::keystone::auth::internal_url: {get_param: [EndpointMap, MistralInternal, uri]}
|
||||
mistral::keystone::auth::admin_url: {get_param: [EndpointMap, MistralAdmin, uri]}
|
||||
mistral::keystone::auth::password: {get_param: MistralPassword}
|
||||
mistral::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
mysql:
|
||||
mistral::db::mysql::user: mistral
|
||||
mistral::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
||||
|
|
|
@ -224,6 +224,17 @@ outputs:
|
|||
description: Role data for the Neutron API role.
|
||||
value:
|
||||
service_name: neutron_api
|
||||
keystone_resources:
|
||||
neutron:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, NeutronPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, NeutronInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, NeutronAdmin, uri]}
|
||||
users:
|
||||
neutron:
|
||||
password: {get_param: NeutronPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'network'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -371,13 +382,6 @@ outputs:
|
|||
rsyslog:
|
||||
tripleo_logging_sources_neutron_api:
|
||||
- {get_param: NeutronApiLoggingSource}
|
||||
keystone:
|
||||
neutron::keystone::auth::tenant: 'service'
|
||||
neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
|
||||
neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
|
||||
neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
|
||||
neutron::keystone::auth::password: {get_param: NeutronPassword}
|
||||
neutron::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
mysql:
|
||||
neutron::db::mysql::password: {get_param: NeutronPassword}
|
||||
neutron::db::mysql::user: neutron
|
||||
|
|
|
@ -152,6 +152,20 @@ outputs:
|
|||
description: Role data for the Nova API role.
|
||||
value:
|
||||
service_name: nova_api
|
||||
keystone_resources:
|
||||
nova:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, NovaPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, NovaInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, NovaAdmin, uri]}
|
||||
users:
|
||||
nova:
|
||||
roles:
|
||||
- admin
|
||||
- service
|
||||
password: {get_param: NovaPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'compute'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionNovaApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -231,14 +245,6 @@ outputs:
|
|||
nova::db::mysql_api::allowed_hosts:
|
||||
- '%'
|
||||
- "%{hiera('mysql_bind_host')}"
|
||||
keystone:
|
||||
nova::keystone::auth::tenant: 'service'
|
||||
nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
|
||||
nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
|
||||
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
|
||||
nova::keystone::auth::password: {get_param: NovaPassword}
|
||||
nova::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
nova::keystone::auth::roles: ['admin', 'service']
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: nova
|
||||
|
|
|
@ -172,13 +172,6 @@ outputs:
|
|||
rsyslog:
|
||||
tripleo_logging_sources_nova_metadata:
|
||||
- {get_param: NovaMetadataLoggingSource}
|
||||
keystone:
|
||||
nova::keystone::auth::tenant: 'service'
|
||||
nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
|
||||
nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
|
||||
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
|
||||
nova::keystone::auth::password: {get_param: NovaPassword}
|
||||
nova::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
mysql:
|
||||
map_merge:
|
||||
- {get_attr: [NovaBase, role_data, service_config_settings, mysql]}
|
||||
|
|
|
@ -89,6 +89,17 @@ outputs:
|
|||
description: Role data for the novajoin API role.
|
||||
value:
|
||||
service_name: novajoin
|
||||
keystone_resources:
|
||||
novajoin:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, NovajoinPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, NovajoinInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, NovajoinAdmin, uri]}
|
||||
users:
|
||||
novajoin:
|
||||
password: {get_param: NovajoinPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'compute-vendordata-plugin'
|
||||
config_settings:
|
||||
tripleo::profile::base::novajoin::oslomsg_rpc_password: {get_param: RpcPassword}
|
||||
tripleo::profile::base::novajoin::oslomsg_rpc_port: {get_param: RabbitClientPort}
|
||||
|
@ -118,10 +129,6 @@ outputs:
|
|||
dport:
|
||||
- 9090
|
||||
service_config_settings:
|
||||
keystone:
|
||||
nova::metadata::novajoin::auth::tenant: 'service'
|
||||
nova::metadata::novajoin::auth::password: {get_param: NovajoinPassword}
|
||||
nova::metadata::novajoin::auth::region: {get_param: KeystoneRegion}
|
||||
nova_metadata: &nova_vendordata
|
||||
novajoin_address:
|
||||
str_replace:
|
||||
|
|
|
@ -131,6 +131,17 @@ outputs:
|
|||
description: Role data for the Octavia API role.
|
||||
value:
|
||||
service_name: octavia_api
|
||||
keystone_resources:
|
||||
octavia:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, OctaviaPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, OctaviaInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, OctaviaAdmin, uri]}
|
||||
users:
|
||||
octavia:
|
||||
password: {get_param: OctaviaPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'load-balancer'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -191,13 +202,6 @@ outputs:
|
|||
rsyslog:
|
||||
tripleo_logging_sources_octavia_api:
|
||||
- {get_param: OctaviaApiLoggingSource}
|
||||
keystone:
|
||||
octavia::keystone::auth::tenant: {get_param: OctaviaProjectName}
|
||||
octavia::keystone::auth::public_url: {get_param: [EndpointMap, OctaviaPublic, uri]}
|
||||
octavia::keystone::auth::internal_url: { get_param: [ EndpointMap, OctaviaInternal, uri ] }
|
||||
octavia::keystone::auth::admin_url: { get_param: [ EndpointMap, OctaviaAdmin, uri ] }
|
||||
octavia::keystone::auth::password: {get_param: OctaviaPassword}
|
||||
octavia::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
mysql:
|
||||
octavia::db::mysql::password: {get_param: OctaviaPassword}
|
||||
octavia::db::mysql::user: {get_param: OctaviaUserName}
|
||||
|
|
|
@ -110,6 +110,17 @@ outputs:
|
|||
description: Role data for the Placement API role.
|
||||
value:
|
||||
service_name: placement
|
||||
keystone_resources:
|
||||
placement:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, PlacementPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, PlacementInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, PlacementAdmin, uri]}
|
||||
users:
|
||||
placement:
|
||||
password: {get_param: PlacementPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'placement'
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [PlacementLogging, config_settings]
|
||||
|
@ -163,13 +174,6 @@ outputs:
|
|||
- rsyslog:
|
||||
tripleo_logging_sources_placement:
|
||||
- {get_param: PlacementLoggingSource}
|
||||
keystone:
|
||||
placement::keystone::auth::tenant: 'service'
|
||||
placement::keystone::auth::public_url: {get_param: [EndpointMap, PlacementPublic, uri]}
|
||||
placement::keystone::auth::internal_url: {get_param: [EndpointMap, PlacementInternal, uri]}
|
||||
placement::keystone::auth::admin_url: {get_param: [EndpointMap, PlacementAdmin, uri]}
|
||||
placement::keystone::auth::password: {get_param: PlacementPassword}
|
||||
placement::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
mysql:
|
||||
placement::db::mysql::password: {get_param: PlacementPassword}
|
||||
placement::db::mysql::user: placement
|
||||
|
|
|
@ -92,6 +92,17 @@ outputs:
|
|||
description: Role data for the Sahara API role.
|
||||
value:
|
||||
service_name: sahara_api
|
||||
keystone_resources:
|
||||
sahara:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, SaharaPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, SaharaInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, SaharaAdmin, uri]}
|
||||
users:
|
||||
sahara:
|
||||
password: {get_param: SaharaPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'data-processing'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionSaharaApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -120,13 +131,6 @@ outputs:
|
|||
rsyslog:
|
||||
tripleo_logging_sources_sahara_api:
|
||||
- {get_param: SaharaApiLoggingSource}
|
||||
keystone:
|
||||
sahara::keystone::auth::tenant: 'service'
|
||||
sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]}
|
||||
sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]}
|
||||
sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]}
|
||||
sahara::keystone::auth::password: {get_param: SaharaPassword }
|
||||
sahara::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
mysql:
|
||||
sahara::db::mysql::password: {get_param: SaharaPassword}
|
||||
sahara::db::mysql::user: sahara
|
||||
|
|
|
@ -63,20 +63,29 @@ outputs:
|
|||
|
||||
step_config:
|
||||
|
||||
service_config_settings:
|
||||
keystone:
|
||||
swift::keystone::auth::public_url: {get_param: ExternalPublicUrl}
|
||||
swift::keystone::auth::internal_url: {get_param: ExternalInternalUrl}
|
||||
swift::keystone::auth::admin_url: {get_param: ExternalAdminUrl}
|
||||
swift::keystone::auth::public_url_s3: ''
|
||||
swift::keystone::auth::internal_url_s3: ''
|
||||
swift::keystone::auth::admin_url_s3: ''
|
||||
swift::keystone::auth::password: {get_param: SwiftPassword}
|
||||
swift::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
swift::keystone::auth::tenant: {get_param: ExternalSwiftUserTenant}
|
||||
swift::keystone::auth::configure_s3_endpoint: false
|
||||
swift::keystone::auth::operator_roles:
|
||||
- admin
|
||||
keystone_resources:
|
||||
swift:
|
||||
endpoints:
|
||||
public:
|
||||
if:
|
||||
- deprecated_external_public_url
|
||||
- {get_param: ExternalPublicUrl}
|
||||
- {get_param: ExternalSwiftPublicUrl}
|
||||
internal:
|
||||
if:
|
||||
- deprecated_external_internal_url
|
||||
- {get_param: ExternalInternalUrl}
|
||||
- {get_param: ExternalSwiftInternalUrl}
|
||||
admin:
|
||||
if:
|
||||
- deprecated_external_admin_url
|
||||
- {get_param: ExternalAdminUrl}
|
||||
- {get_param: ExternalSwiftAdminUrl}
|
||||
users:
|
||||
swift:
|
||||
password: {get_param: SwiftPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'object-store'
|
||||
roles:
|
||||
- swiftoperator
|
||||
- ResellerAdmin
|
||||
|
||||
|
|
|
@ -126,6 +126,20 @@ outputs:
|
|||
description: Role data for the swift proxy.
|
||||
value:
|
||||
service_name: swift_proxy
|
||||
keystone_resources:
|
||||
swift:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, SwiftPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, SwiftInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, SwiftAdmin, uri]}
|
||||
users:
|
||||
swift:
|
||||
password: {get_param: SwiftPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'object-store'
|
||||
roles:
|
||||
- swiftoperator
|
||||
- ResellerAdmin
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionSwiftProxy}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -253,22 +267,6 @@ outputs:
|
|||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
|
||||
service_config_settings:
|
||||
keystone:
|
||||
swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
|
||||
swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
|
||||
swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
|
||||
swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
|
||||
swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
|
||||
swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
|
||||
swift::keystone::auth::password: {get_param: SwiftPassword}
|
||||
swift::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
swift::keystone::auth::tenant: 'service'
|
||||
swift::keystone::auth::configure_s3_endpoint: false
|
||||
swift::keystone::auth::operator_roles:
|
||||
- admin
|
||||
- swiftoperator
|
||||
- ResellerAdmin
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: swift
|
||||
|
|
|
@ -80,6 +80,10 @@ parameters:
|
|||
type: json
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
KeystoneRegion:
|
||||
type: string
|
||||
default: 'regionOne'
|
||||
description: Keystone region for endpoint
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
|
@ -100,7 +104,27 @@ outputs:
|
|||
service_config_settings:
|
||||
rabbitmq:
|
||||
vrts_rabbitmq_passwd: {get_param: VrtsRabbitPassword}
|
||||
keystone:
|
||||
vrts_keystone_passwd: {get_param: VrtsKeystonePassword}
|
||||
mysql:
|
||||
vrts_mysql_passwd: {get_param: VrtsMysqlPassword}
|
||||
keystone_resources:
|
||||
hyperscale:
|
||||
# Replicating what was done with Puppet manifest:
|
||||
# https://github.com/vtas-hyperscale-ci/puppet-veritas_hyperscale/blob/7c7868adb027c5bcfdcb6fc9d86610470759ae28/manifests/hs_keystone.pp#L17
|
||||
# Moving forward, we should have the Veritas part of EndpointMap so the service
|
||||
# can live outside of the Keystone node.
|
||||
endpoints:
|
||||
public: &veritas_endpoint
|
||||
make_url:
|
||||
scheme: {get_param: [EndpointMap, KeystoneAdmin, protocol]}
|
||||
host: {get_param: [EndpointMap, KeystoneAdmin, host]}
|
||||
port: 8753
|
||||
path: /v1/%(tenant_id)s
|
||||
internal: *veritas_endpoint
|
||||
admin: *veritas_endpoint
|
||||
users:
|
||||
hyperscale:
|
||||
password: {get_param: VrtsKeystonePassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'infrastructure'
|
||||
roles:
|
||||
- infra_admin
|
||||
|
|
|
@ -116,6 +116,27 @@ outputs:
|
|||
description: Role data for the Zaqar API role.
|
||||
value:
|
||||
service_name: zaqar_api
|
||||
keystone_resources:
|
||||
zaqar:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, ZaqarPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, ZaqarInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, ZaqarAdmin, uri]}
|
||||
users:
|
||||
zaqar:
|
||||
password: {get_param: ZaqarPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'messaging'
|
||||
zaqar-websocket:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]}
|
||||
users:
|
||||
zaqar-websocket:
|
||||
password: {get_param: ZaqarPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'messaging-websocket'
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||
|
@ -204,18 +225,6 @@ outputs:
|
|||
service_config_settings:
|
||||
map_merge:
|
||||
- keystone:
|
||||
zaqar::keystone::auth::password: {get_param: ZaqarPassword}
|
||||
zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]}
|
||||
zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]}
|
||||
zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]}
|
||||
zaqar::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
zaqar::keystone::auth::tenant: 'service'
|
||||
zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword}
|
||||
zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]}
|
||||
zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]}
|
||||
zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
|
||||
zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion}
|
||||
zaqar::keystone::auth_websocket::tenant: 'service'
|
||||
zaqar::keystone::trust::password: {get_param: ZaqarPassword}
|
||||
zaqar::keystone::trust::user_domain_name: 'Default'
|
||||
tripleo::zaqar_api::firewall_rules:
|
||||
|
|
|
@ -78,6 +78,9 @@ parameter_defaults:
|
|||
NovaAdmin: {protocol: http, port: '8774', host: IP_ADDRESS}
|
||||
NovaInternal: {protocol: http, port: '8774', host: IP_ADDRESS}
|
||||
NovaPublic: {protocol: http, port: '8774', host: IP_ADDRESS}
|
||||
NovajoinAdmin: {protocol: http, port: '9090', host: IP_ADDRESS}
|
||||
NovajoinInternal: {protocol: http, port: '9090', host: IP_ADDRESS}
|
||||
NovajoinPublic: {protocol: http, port: '9090', host: IP_ADDRESS}
|
||||
NovaMetadataInternal: {protocol: http, port: '8775', host: IP_ADDRESS}
|
||||
NovaUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
|
||||
PlacementAdmin: {protocol: http, port: '8778', host: IP_ADDRESS}
|
||||
|
|
|
@ -74,6 +74,9 @@ parameter_defaults:
|
|||
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
|
||||
NovajoinAdmin: {protocol: 'http', port: '9090', host: 'IP_ADDRESS'}
|
||||
NovajoinInternal: {protocol: 'http', port: '9090', host: 'IP_ADDRESS'}
|
||||
NovajoinPublic: {protocol: 'https', port: '13090', host: 'CLOUDNAME'}
|
||||
NovaMetadataInternal: {protocol: 'https', port: '8775', host: 'IP_ADDRESS'}
|
||||
NovaUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
||||
PlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
|
||||
|
|
|
@ -74,6 +74,9 @@ parameter_defaults:
|
|||
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||
NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
|
||||
NovajoinAdmin: {protocol: 'http', port: '9090', host: 'IP_ADDRESS'}
|
||||
NovajoinInternal: {protocol: 'http', port: '9090', host: 'IP_ADDRESS'}
|
||||
NovajoinPublic: {protocol: 'https', port: '13090', host: 'IP_ADDRESS'}
|
||||
NovaMetadataInternal: {protocol: 'https', port: '8775', host: 'IP_ADDRESS'}
|
||||
NovaUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
||||
PlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
|
||||
|
|
|
@ -74,6 +74,9 @@ parameter_defaults:
|
|||
NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
|
||||
NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
|
||||
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
|
||||
NovajoinAdmin: {protocol: 'https', port: '9090', host: 'CLOUDNAME'}
|
||||
NovajoinInternal: {protocol: 'https', port: '9090', host: 'CLOUDNAME'}
|
||||
NovajoinPublic: {protocol: 'https', port: '13090', host: 'CLOUDNAME'}
|
||||
NovaMetadataInternal: {protocol: 'https', port: '8775', host: 'CLOUDNAME'}
|
||||
NovaUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
|
||||
PlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
|
||||
|
|
|
@ -398,3 +398,18 @@ NovaMetadata:
|
|||
Internal:
|
||||
net_param: NovaMetadata
|
||||
port: 8775
|
||||
|
||||
Novajoin:
|
||||
Internal:
|
||||
net_param: Novajoin
|
||||
uri_suffixes:
|
||||
'': /v1
|
||||
Public:
|
||||
net_param: Public
|
||||
uri_suffixes:
|
||||
'': /v1
|
||||
Admin:
|
||||
net_param: Novajoin
|
||||
uri_suffixes:
|
||||
'': /v1
|
||||
port: 9090
|
||||
|
|
|
@ -287,6 +287,18 @@ parameters:
|
|||
protocol: http
|
||||
port: '6080'
|
||||
host: IP_ADDRESS
|
||||
NovajoinAdmin:
|
||||
protocol: http
|
||||
port: '9090'
|
||||
host: IP_ADDRESS
|
||||
NovajoinInternal:
|
||||
protocol: http
|
||||
port: '9090'
|
||||
host: IP_ADDRESS
|
||||
NovajoinPublic:
|
||||
protocol: http
|
||||
port: '9090'
|
||||
host: IP_ADDRESS
|
||||
OctaviaAdmin:
|
||||
protocol: http
|
||||
port: '9876'
|
||||
|
@ -10918,6 +10930,390 @@ outputs:
|
|||
- EndpointMap
|
||||
- OctaviaPublic
|
||||
- port
|
||||
NovajoinAdmin:
|
||||
host:
|
||||
str_replace:
|
||||
template:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinAdmin
|
||||
- host
|
||||
params:
|
||||
CLOUDNAME:
|
||||
get_param:
|
||||
- CloudEndpoints
|
||||
- get_param:
|
||||
- ServiceNetMap
|
||||
- NovajoinNetwork
|
||||
IP_ADDRESS:
|
||||
get_param:
|
||||
- NetIpMap
|
||||
- str_replace:
|
||||
params:
|
||||
NETWORK:
|
||||
get_param:
|
||||
- ServiceNetMap
|
||||
- NovajoinNetwork
|
||||
template: NETWORK_uri
|
||||
host_nobrackets:
|
||||
str_replace:
|
||||
template:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinAdmin
|
||||
- host
|
||||
params:
|
||||
CLOUDNAME:
|
||||
get_param:
|
||||
- CloudEndpoints
|
||||
- get_param:
|
||||
- ServiceNetMap
|
||||
- NovajoinNetwork
|
||||
IP_ADDRESS:
|
||||
get_param:
|
||||
- NetIpMap
|
||||
- get_param:
|
||||
- ServiceNetMap
|
||||
- NovajoinNetwork
|
||||
port:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinAdmin
|
||||
- port
|
||||
protocol:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinAdmin
|
||||
- protocol
|
||||
uri:
|
||||
make_url:
|
||||
scheme:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinAdmin
|
||||
- protocol
|
||||
host:
|
||||
str_replace:
|
||||
template:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinAdmin
|
||||
- host
|
||||
params:
|
||||
CLOUDNAME:
|
||||
get_param:
|
||||
- CloudEndpoints
|
||||
- get_param:
|
||||
- ServiceNetMap
|
||||
- NovajoinNetwork
|
||||
IP_ADDRESS:
|
||||
get_param:
|
||||
- NetIpMap
|
||||
- str_replace:
|
||||
params:
|
||||
NETWORK:
|
||||
get_param:
|
||||
- ServiceNetMap
|
||||
- NovajoinNetwork
|
||||
template: NETWORK_uri
|
||||
port:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinAdmin
|
||||
- port
|
||||
path: /v1
|
||||
uri_no_suffix:
|
||||
make_url:
|
||||
scheme:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinAdmin
|
||||
- protocol
|
||||
host:
|
||||
str_replace:
|
||||
template:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinAdmin
|
||||
- host
|
||||
params:
|
||||
CLOUDNAME:
|
||||
get_param:
|
||||
- CloudEndpoints
|
||||
- get_param:
|
||||
- ServiceNetMap
|
||||
- NovajoinNetwork
|
||||
IP_ADDRESS:
|
||||
get_param:
|
||||
- NetIpMap
|
||||
- str_replace:
|
||||
params:
|
||||
NETWORK:
|
||||
get_param:
|
||||
- ServiceNetMap
|
||||
- NovajoinNetwork
|
||||
template: NETWORK_uri
|
||||
port:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinAdmin
|
||||
- port
|
||||
NovajoinInternal:
|
||||
host:
|
||||
str_replace:
|
||||
template:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinInternal
|
||||
- host
|
||||
params:
|
||||
CLOUDNAME:
|
||||
get_param:
|
||||
- CloudEndpoints
|
||||
- get_param:
|
||||
- ServiceNetMap
|
||||
- NovajoinNetwork
|
||||
IP_ADDRESS:
|
||||
get_param:
|
||||
- NetIpMap
|
||||
- str_replace:
|
||||
params:
|
||||
NETWORK:
|
||||
get_param:
|
||||
- ServiceNetMap
|
||||
- NovajoinNetwork
|
||||
template: NETWORK_uri
|
||||
host_nobrackets:
|
||||
str_replace:
|
||||
template:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinInternal
|
||||
- host
|
||||
params:
|
||||
CLOUDNAME:
|
||||
get_param:
|
||||
- CloudEndpoints
|
||||
- get_param:
|
||||
- ServiceNetMap
|
||||
- NovajoinNetwork
|
||||
IP_ADDRESS:
|
||||
get_param:
|
||||
- NetIpMap
|
||||
- get_param:
|
||||
- ServiceNetMap
|
||||
- NovajoinNetwork
|
||||
port:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinInternal
|
||||
- port
|
||||
protocol:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinInternal
|
||||
- protocol
|
||||
uri:
|
||||
make_url:
|
||||
scheme:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinInternal
|
||||
- protocol
|
||||
host:
|
||||
str_replace:
|
||||
template:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinInternal
|
||||
- host
|
||||
params:
|
||||
CLOUDNAME:
|
||||
get_param:
|
||||
- CloudEndpoints
|
||||
- get_param:
|
||||
- ServiceNetMap
|
||||
- NovajoinNetwork
|
||||
IP_ADDRESS:
|
||||
get_param:
|
||||
- NetIpMap
|
||||
- str_replace:
|
||||
params:
|
||||
NETWORK:
|
||||
get_param:
|
||||
- ServiceNetMap
|
||||
- NovajoinNetwork
|
||||
template: NETWORK_uri
|
||||
port:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinInternal
|
||||
- port
|
||||
path: /v1
|
||||
uri_no_suffix:
|
||||
make_url:
|
||||
scheme:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinInternal
|
||||
- protocol
|
||||
host:
|
||||
str_replace:
|
||||
template:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinInternal
|
||||
- host
|
||||
params:
|
||||
CLOUDNAME:
|
||||
get_param:
|
||||
- CloudEndpoints
|
||||
- get_param:
|
||||
- ServiceNetMap
|
||||
- NovajoinNetwork
|
||||
IP_ADDRESS:
|
||||
get_param:
|
||||
- NetIpMap
|
||||
- str_replace:
|
||||
params:
|
||||
NETWORK:
|
||||
get_param:
|
||||
- ServiceNetMap
|
||||
- NovajoinNetwork
|
||||
template: NETWORK_uri
|
||||
port:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinInternal
|
||||
- port
|
||||
NovajoinPublic:
|
||||
host:
|
||||
str_replace:
|
||||
template:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinPublic
|
||||
- host
|
||||
params:
|
||||
CLOUDNAME:
|
||||
get_param:
|
||||
- CloudEndpoints
|
||||
- get_param:
|
||||
- ServiceNetMap
|
||||
- PublicNetwork
|
||||
IP_ADDRESS:
|
||||
get_param:
|
||||
- NetIpMap
|
||||
- str_replace:
|
||||
params:
|
||||
NETWORK:
|
||||
get_param:
|
||||
- ServiceNetMap
|
||||
- PublicNetwork
|
||||
template: NETWORK_uri
|
||||
host_nobrackets:
|
||||
str_replace:
|
||||
template:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinPublic
|
||||
- host
|
||||
params:
|
||||
CLOUDNAME:
|
||||
get_param:
|
||||
- CloudEndpoints
|
||||
- get_param:
|
||||
- ServiceNetMap
|
||||
- PublicNetwork
|
||||
IP_ADDRESS:
|
||||
get_param:
|
||||
- NetIpMap
|
||||
- get_param:
|
||||
- ServiceNetMap
|
||||
- PublicNetwork
|
||||
port:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinPublic
|
||||
- port
|
||||
protocol:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinPublic
|
||||
- protocol
|
||||
uri:
|
||||
make_url:
|
||||
scheme:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinPublic
|
||||
- protocol
|
||||
host:
|
||||
str_replace:
|
||||
template:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinPublic
|
||||
- host
|
||||
params:
|
||||
CLOUDNAME:
|
||||
get_param:
|
||||
- CloudEndpoints
|
||||
- get_param:
|
||||
- ServiceNetMap
|
||||
- PublicNetwork
|
||||
IP_ADDRESS:
|
||||
get_param:
|
||||
- NetIpMap
|
||||
- str_replace:
|
||||
params:
|
||||
NETWORK:
|
||||
get_param:
|
||||
- ServiceNetMap
|
||||
- PublicNetwork
|
||||
template: NETWORK_uri
|
||||
port:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinPublic
|
||||
- port
|
||||
path: /v1
|
||||
uri_no_suffix:
|
||||
make_url:
|
||||
scheme:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinPublic
|
||||
- protocol
|
||||
host:
|
||||
str_replace:
|
||||
template:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinPublic
|
||||
- host
|
||||
params:
|
||||
CLOUDNAME:
|
||||
get_param:
|
||||
- CloudEndpoints
|
||||
- get_param:
|
||||
- ServiceNetMap
|
||||
- PublicNetwork
|
||||
IP_ADDRESS:
|
||||
get_param:
|
||||
- NetIpMap
|
||||
- str_replace:
|
||||
params:
|
||||
NETWORK:
|
||||
get_param:
|
||||
- ServiceNetMap
|
||||
- PublicNetwork
|
||||
template: NETWORK_uri
|
||||
port:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- NovajoinPublic
|
||||
- port
|
||||
PlacementAdmin:
|
||||
host:
|
||||
str_replace:
|
||||
|
|
|
@ -1129,6 +1129,11 @@ resources:
|
|||
- add_vips_to_etc_hosts
|
||||
- {get_attr: [VipHosts, value]}
|
||||
- ''
|
||||
KeystoneResourcesConfigs:
|
||||
map_merge:
|
||||
{% for role in roles %}
|
||||
- get_attr: [{{role.name}}ServiceChainRoleData, value, keystone_resources]
|
||||
{% endfor %}
|
||||
|
||||
outputs:
|
||||
ManagedEndpoints:
|
||||
|
|
|
@ -182,6 +182,9 @@ environments:
|
|||
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||
NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
|
||||
NovajoinAdmin: {protocol: 'http', port: '9090', host: 'IP_ADDRESS'}
|
||||
NovajoinInternal: {protocol: 'http', port: '9090', host: 'IP_ADDRESS'}
|
||||
NovajoinPublic: {protocol: 'https', port: '13090', host: 'IP_ADDRESS'}
|
||||
NovaMetadataInternal: {protocol: 'https', port: '8775', host: 'IP_ADDRESS'}
|
||||
NovaUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
||||
PlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
|
||||
|
@ -290,6 +293,9 @@ environments:
|
|||
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
|
||||
NovajoinAdmin: {protocol: 'http', port: '9090', host: 'IP_ADDRESS'}
|
||||
NovajoinInternal: {protocol: 'http', port: '9090', host: 'IP_ADDRESS'}
|
||||
NovajoinPublic: {protocol: 'https', port: '13090', host: 'CLOUDNAME'}
|
||||
NovaMetadataInternal: {protocol: 'https', port: '8775', host: 'IP_ADDRESS'}
|
||||
NovaUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
||||
PlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
|
||||
|
@ -398,6 +404,9 @@ environments:
|
|||
NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
|
||||
NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
|
||||
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
|
||||
NovajoinAdmin: {protocol: 'https', port: '9090', host: 'CLOUDNAME'}
|
||||
NovajoinInternal: {protocol: 'https', port: '9090', host: 'CLOUDNAME'}
|
||||
NovajoinPublic: {protocol: 'https', port: '13090', host: 'CLOUDNAME'}
|
||||
NovaMetadataInternal: {protocol: 'https', port: '8775', host: 'CLOUDNAME'}
|
||||
NovaUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
|
||||
PlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
|
||||
|
@ -516,6 +525,9 @@ environments:
|
|||
NovaAdmin: {protocol: http, port: '8774', host: IP_ADDRESS}
|
||||
NovaInternal: {protocol: http, port: '8774', host: IP_ADDRESS}
|
||||
NovaPublic: {protocol: http, port: '8774', host: IP_ADDRESS}
|
||||
NovajoinAdmin: {protocol: http, port: '9090', host: IP_ADDRESS}
|
||||
NovajoinInternal: {protocol: http, port: '9090', host: IP_ADDRESS}
|
||||
NovajoinPublic: {protocol: http, port: '9090', host: IP_ADDRESS}
|
||||
NovaMetadataInternal: {protocol: http, port: '8775', host: IP_ADDRESS}
|
||||
NovaUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
|
||||
PlacementAdmin: {protocol: http, port: '8778', host: IP_ADDRESS}
|
||||
|
|
Loading…
Reference in New Issue