Browse Source

Convert ServiceNetMap evals to hiera interpolation

Since https://review.openstack.org/#/c/514707/ added the net_ip_map
to hieradata, we can look up the per-network bind IPs via hiera
interpolation instead of heat map_replace.

In some cases the ServiceNetMap lookup is used for other things,
but anywhere we make use of the "magic" translation via NetIpMap
is changed the same way.

This will enable more of the configuration data to be exposed per
role vs per node in a future patch (to simplify our ansible
workflow).

Co-authored-by: Bogdan Dobrelya <bdobreli@redhat.com>
Change-Id: Ie3da9fedbfce87e85f74d8780e7ad1ceadda79c8
changes/92/526692/16
Steven Hardy 4 years ago
committed by Emilien Macchi
parent
commit
3a7baa8fa6
  1. 10
      docker/services/ceph-ansible/ceph-base.yaml
  2. 10
      docker/services/ceph-ansible/ceph-rgw.yaml
  3. 7
      docker/services/mistral-api.yaml
  4. 6
      docker/services/pacemaker/database/redis.yaml
  5. 5
      puppet/role.role.j2.yaml
  6. 9
      puppet/services/aodh-api.yaml
  7. 12
      puppet/services/apache.j2.yaml
  8. 7
      puppet/services/barbican-api.yaml
  9. 13
      puppet/services/ceph-base.yaml
  10. 7
      puppet/services/ceph-rgw.yaml
  11. 10
      puppet/services/cinder-api.yaml
  12. 9
      puppet/services/cinder-volume.yaml
  13. 7
      puppet/services/congress.yaml
  14. 9
      puppet/services/database/mongodb.yaml
  15. 7
      puppet/services/database/mysql-client.yaml
  16. 15
      puppet/services/database/mysql.yaml
  17. 14
      puppet/services/database/redis-base.yaml
  18. 6
      puppet/services/docker-registry.yaml
  19. 12
      puppet/services/ec2-api.yaml
  20. 9
      puppet/services/etcd.yaml
  21. 14
      puppet/services/glance-api.yaml
  22. 9
      puppet/services/gnocchi-api.yaml
  23. 16
      puppet/services/heat-api-cfn.yaml
  24. 16
      puppet/services/heat-api.yaml
  25. 7
      puppet/services/horizon.yaml
  26. 16
      puppet/services/ironic-api.yaml
  27. 30
      puppet/services/ironic-conductor.yaml
  28. 14
      puppet/services/ironic-inspector.yaml
  29. 16
      puppet/services/keystone.yaml
  30. 9
      puppet/services/manila-api.yaml
  31. 9
      puppet/services/memcached.yaml
  32. 14
      puppet/services/mistral-api.yaml
  33. 14
      puppet/services/neutron-api.yaml
  34. 7
      puppet/services/neutron-linuxbridge-agent.yaml
  35. 9
      puppet/services/neutron-ovs-agent.yaml
  36. 9
      puppet/services/nova-api.yaml
  37. 7
      puppet/services/nova-base.yaml
  38. 9
      puppet/services/nova-compute.yaml
  39. 13
      puppet/services/nova-libvirt.yaml
  40. 12
      puppet/services/nova-metadata.yaml
  41. 24
      puppet/services/nova-migration-target.yaml
  42. 9
      puppet/services/nova-placement.yaml
  43. 9
      puppet/services/nova-vnc-proxy.yaml
  44. 7
      puppet/services/octavia-api.yaml
  45. 7
      puppet/services/opendaylight-api.yaml
  46. 7
      puppet/services/opendaylight-ovs.yaml
  47. 7
      puppet/services/ovn-controller.yaml
  48. 7
      puppet/services/ovn-dbs.yaml
  49. 8
      puppet/services/pacemaker/database/mysql.yaml
  50. 6
      puppet/services/pacemaker/database/redis.yaml
  51. 9
      puppet/services/panko-api.yaml
  52. 7
      puppet/services/qdr.yaml
  53. 16
      puppet/services/rabbitmq.yaml
  54. 9
      puppet/services/sahara-api.yaml
  55. 14
      puppet/services/swift-proxy.yaml
  56. 7
      puppet/services/swift-storage.yaml
  57. 7
      puppet/services/tacker.yaml
  58. 21
      puppet/services/zaqar-api.yaml
  59. 9
      releasenotes/notes/hiera_net_ip_map-ff866b443a28bdc4.yaml

10
docker/services/ceph-ansible/ceph-base.yaml

@ -231,7 +231,15 @@ outputs:
ceph_docker_image_tag: {get_attr: [DockerImageUrlParts, value, image_tag]}
containerized_deployment: true
public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
monitor_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
monitor_address_block:
get_param:
- ServiceData
- net_cidr_map
- str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
cluster_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
user_config: true
ceph_stable: true

10
docker/services/ceph-ansible/ceph-rgw.yaml

@ -72,7 +72,15 @@ outputs:
- {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
- radosgw_keystone: true
radosgw_keystone_ssl: false
radosgw_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephRgwNetwork]}]}
radosgw_address_block:
get_param:
- ServiceData
- net_cidr_map
- str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CephRgwNetwork]}
radosgw_civetweb_port: {get_param: [EndpointMap, CephRgwInternal, port]}
service_config_settings:
keystone:

7
docker/services/mistral-api.yaml

@ -89,7 +89,12 @@ outputs:
map_merge:
- get_attr: [MistralBase, role_data, config_settings]
- mistral::api::api_workers: {get_param: MistralWorkers}
mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
mistral::api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
mistral::policy::policies: {get_param: MistralApiPolicies}
tripleo.mistral_api.firewall_rules:
'133 mistral':

6
docker/services/pacemaker/database/redis.yaml

@ -96,7 +96,11 @@ outputs:
tripleo::stunnel::manage_service: false
tripleo::stunnel::foreground: 'yes'
tripleo::profile::pacemaker::database::redis_bundle::tls_proxy_bind_ip:
get_param: [ServiceNetMap, RedisNetwork]
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
tripleo::profile::pacemaker::database::redis_bundle::tls_proxy_fqdn:
str_replace:
template:

5
puppet/role.role.j2.yaml

@ -539,10 +539,7 @@ resources:
service_names: {get_param: ServiceNames}
sensu::subscriptions: {get_param: MonitoringSubscriptions}
net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
service_configs:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
service_configs: {get_param: ServiceConfigSettings}
{{role.name.lower()}}_extraconfig:
map_merge:
{%- if role.deprecated_param_extraconfig is defined %}

9
puppet/services/aodh-api.yaml

@ -102,13 +102,18 @@ outputs:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]}
aodh::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]}
service_config_settings:
get_attr: [AodhBase, role_data, service_config_settings]
step_config: |

12
puppet/services/apache.j2.yaml

@ -80,15 +80,21 @@ outputs:
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]}
apache::ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
apache::default_vhost: false
apache::server_signature: 'Off'
apache::server_tokens: 'Prod'
apache_remote_proxy_ips_network:
str_replace:
template: "NETWORK_subnet"
template:
"%{hiera('$NETWORK_subnet')}"
params:
NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
$NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
apache::mod::prefork::maxclients: { get_param: ApacheMaxRequestWorkers }
apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit }
apache::mod::remoteip::proxy_ips:

7
puppet/services/barbican-api.yaml

@ -132,7 +132,12 @@ outputs:
barbican::api::rabbit_port: {get_param: RabbitClientPort}
barbican::api::rabbit_heartbeat_timeout_threshold: 60
barbican::api::service_name: 'httpd'
barbican::wsgi::apache::bind_host: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
barbican::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
barbican::wsgi::apache::ssl: {get_param: EnableInternalTLS}
barbican::wsgi::apache::workers: {get_param: BarbicanWorkers}
barbican::wsgi::apache::servername:

13
puppet/services/ceph-base.yaml

@ -107,22 +107,27 @@ outputs:
ceph::params::packages:
- ceph-base
- ceph-mon
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
ceph::profile::params::cluster_network:
str_replace:
template: "NETWORK_subnet"
template: "%{hiera('$NETWORK_subnet')}"
params:
NETWORK: {get_param: [ServiceNetMap, CephClusterNetwork]}
ceph::profile::params::public_network:
str_replace:
template: "NETWORK_subnet"
template: "%{hiera('$NETWORK_subnet')}"
params:
NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephMonNetwork]}
ceph::profile::params::public_addr:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
ceph::profile::params::client_keys:
map_replace:
- client.admin:

7
puppet/services/ceph-rgw.yaml

@ -70,7 +70,12 @@ outputs:
- tripleo::profile::base::ceph::rgw::rgw_key: {get_param: CephRgwKey}
tripleo::profile::base::ceph::rgw::keystone_admin_token: {get_param: AdminToken}
tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
tripleo::profile::base::ceph::rgw::civetweb_bind_ip: {get_param: [ServiceNetMap, CephRgwNetwork]}
tripleo::profile::base::ceph::rgw::civetweb_bind_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CephRgwNetwork]}
tripleo::profile::base::ceph::rgw::civetweb_bind_port: {get_param: [EndpointMap, CephRgwInternal, port]}
tripleo::profile::base::ceph::rgw::rgw_keystone_version: v3
ceph::profile::params::rgw_keystone_admin_domain: default

10
puppet/services/cinder-api.yaml

@ -137,12 +137,18 @@ outputs:
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS}
cinder::api::service_name: 'httpd'
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
cinder::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
cinder::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
-
cinder::wsgi::apache::servername:
str_replace:
template:

9
puppet/services/cinder-volume.yaml

@ -155,12 +155,17 @@ outputs:
tripleo.cinder_volume.firewall_rules:
'120 iscsi initiator':
dport: 3260
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
service_config_settings:
fluentd:
tripleo_fluentd_groups_cinder_volume:

7
puppet/services/congress.yaml

@ -110,7 +110,12 @@ outputs:
congress::rabbit_password: {get_param: RabbitPassword}
congress::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
congress::rabbit_port: {get_param: RabbitClientPort}
congress::server::bind_host: {get_param: [ServiceNetMap, CongressApiNetwork]}
congress::server::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CongressApiNetwork]}
congress::keystone::authtoken::password: {get_param: CongressPassword}
congress::keystone::authtoken::project_name: 'service'

9
puppet/services/database/mongodb.yaml

@ -86,13 +86,18 @@ outputs:
dport: 27018
'103 mongod':
dport: 27017
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
mongodb_bind_ip: {get_param: [ServiceNetMap, MongodbNetwork]}
mongodb_bind_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]}
# NOTE: This now takes an array, so we need to fetch the IP from hiera,
# else Heat won't substitute the network name for the IP.
mongodb::server::bind_ip:

7
puppet/services/database/mysql-client.yaml

@ -45,7 +45,12 @@ outputs:
value:
service_name: mysql_client
config_settings:
tripleo::profile::base::database::mysql::client::mysql_client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]}
tripleo::profile::base::database::mysql::client::mysql_client_bind_address:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS}
tripleo::profile::base::database::mysql::client::ssl_ca: {get_param: InternalTLSCAFile}
step_config: |

15
puppet/services/database/mysql.yaml

@ -102,13 +102,18 @@ outputs:
- {get_param: [DefaultPasswords, mysql_root_password]}
mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
enable_galera: {get_param: EnableGalera}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]}
mysql_bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
tripleo::profile::base::database::mysql::bind_address:
str_replace:
template:
@ -116,7 +121,11 @@ outputs:
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
tripleo::profile::base::database::mysql::client_bind_address:
{get_param: [ServiceNetMap, MysqlNetwork]}
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
tripleo::profile::base::database::mysql::generate_dropin_file_limit:
{get_param: MysqlIncreaseFileLimit}
- if:

14
puppet/services/database/redis-base.yaml

@ -60,7 +60,7 @@ outputs:
redis::masterauth: {get_param: RedisPassword}
redis::sentinel_auth_pass: {get_param: RedisPassword}
redis_ipv6: {get_param: RedisIPv6}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
@ -74,7 +74,11 @@ outputs:
- redis_ipv6
- '::1'
- '127.0.0.1'
- {get_param: [ServiceNetMap, RedisNetwork]}
- str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
redis::port: 6379
redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}"
redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}"
@ -86,5 +90,9 @@ outputs:
- redis_ipv6
- '::1'
- '127.0.0.1'
- {get_param: [ServiceNetMap, RedisNetwork]}
- str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
redis::ulimit: {get_param: RedisFDLimit}

6
puppet/services/docker-registry.yaml

@ -38,7 +38,11 @@ outputs:
service_name: docker_registry
config_settings:
tripleo::profile::base::docker_registry::registry_host:
{get_param: [ServiceNetMap, DockerRegistryNetwork]}
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, DockerRegistryNetwork]}
tripleo::profile::base::docker_registry::registry_port:
{get_param: [EndpointMap, DockerRegistryInternal, port]}
tripleo.docker_registry.firewall_rules:

12
puppet/services/ec2-api.yaml

@ -159,14 +159,22 @@ outputs:
if:
- use_tls_proxy
- tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_bind_ip:
get_param: [ServiceNetMap, Ec2ApiNetwork]
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_fqdn:
str_replace:
template: "%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_bind_ip:
get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_fqdn:
str_replace:
template: "%{hiera('fqdn_$NETWORK')}"

9
puppet/services/etcd.yaml

@ -60,12 +60,17 @@ outputs:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
tripleo::profile::base::etcd::bind_ip: {get_param: [ServiceNetMap, EtcdNetwork]}
tripleo::profile::base::etcd::bind_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
tripleo::profile::base::etcd::client_port: '2379'
tripleo::profile::base::etcd::peer_port: '2380'
etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken}

14
puppet/services/glance-api.yaml

@ -237,14 +237,18 @@ outputs:
glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]}
glance::api::os_region_name: {get_param: KeystoneRegion}
glance::api::image_member_quota: {get_param: GlanceImageMemberQuota}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
tripleo::profile::base::glance::api::tls_proxy_bind_ip:
get_param: [ServiceNetMap, GlanceApiNetwork]
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
tripleo::profile::base::glance::api::tls_proxy_fqdn:
str_replace:
template:
@ -259,7 +263,11 @@ outputs:
if:
- use_tls_proxy
- 'localhost'
- {get_param: [ServiceNetMap, GlanceApiNetwork]}
- str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
glance_log_file: {get_param: GlanceLogFile}
glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneV3Internal, uri] }

9
puppet/services/gnocchi-api.yaml

@ -124,13 +124,18 @@ outputs:
$NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend}
tripleo::profile::base::gnocchi::api::incoming_storage_driver: {get_param: GnocchiIncomingStorageDriver}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
gnocchi::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
gnocchi::wsgi::apache::wsgi_process_display_name: 'gnocchi_wsgi'
step_config: |
include ::tripleo::profile::base::gnocchi::api

16
puppet/services/heat-api-cfn.yaml

@ -95,15 +95,25 @@ outputs:
dport:
- 8000
- 13800
heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
heat::api_cfn::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
heat::wsgi::apache_api_cfn::ssl: {get_param: EnableInternalTLS}
heat::api_cfn::service_name: 'httpd'
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
heat::wsgi::apache_api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
heat::wsgi::apache_api_cfn::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
heat::wsgi::apache_api_cfn::servername:
str_replace:
template:

16
puppet/services/heat-api.yaml

@ -101,16 +101,26 @@ outputs:
dport:
- 8004
- 13004
heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
heat::api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]}
heat::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
heat::policy::policies: {get_param: HeatApiPolicies}
heat::api::service_name: 'httpd'
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
heat::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
heat::wsgi::apache_api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]}
heat::wsgi::apache_api::servername:
str_replace:
template:

7
puppet/services/horizon.yaml

@ -115,7 +115,12 @@ outputs:
horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
horizon::vhost_extra_params: {get_param: HorizonVhostExtraParams}
horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]}
horizon::bind_address:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
horizon::password_validator: {get_param: [HorizonPasswordValidator]}
horizon::password_validator_help: {get_param: [HorizonPasswordValidatorHelp]}

16
puppet/services/ironic-api.yaml

@ -90,19 +90,29 @@ outputs:
ironic::api::authtoken::username: 'ironic'
ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
ironic::api::host_ip: {get_param: [ServiceNetMap, IronicApiNetwork]}
ironic::api::host_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
# This is used to build links in responses
ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
ironic::api::service_name: 'httpd'
ironic::policy::policies: {get_param: IronicApiPolicies}
ironic::wsgi::apache::bind_host: {get_param: [ServiceNetMap, IronicApiNetwork]}
ironic::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
ironic::wsgi::apache::port: {get_param: [EndpointMap, IronicInternal, port]}
ironic::wsgi::apache::servername:
str_replace:

30
puppet/services/ironic-conductor.yaml

@ -207,7 +207,12 @@ outputs:
ironic::conductor::automated_clean: {get_param: IronicAutomatedClean}
ironic::conductor::enabled_hardware_types: {get_param: IronicEnabledHardwareTypes}
# We need an endpoint containing a real IP, not a VIP here
ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]}
ironic_conductor_http_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
ironic::conductor::http_url:
list_join:
- ''
@ -216,14 +221,24 @@ outputs:
- {get_param: IronicIPXEPort}
ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled}
ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
ironic::drivers::pxe::tftp_server: {get_param: [ServiceNetMap, IronicNetwork]}
ironic::pxe::tftp_bind_host: {get_param: [ServiceNetMap, IronicNetwork]}
ironic::drivers::pxe::tftp_server:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
ironic::pxe::tftp_bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
# NOTE(dtantsur): UEFI only works with iPXE currently for us
ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
@ -256,7 +271,12 @@ outputs:
# glance and neutron endpoints, virtual console IP. We override
# the TFTP server IP in ironic-conductor.yaml as it should not be
# the VIP, but rather a real IP of the host.
ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]}
ironic::my_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
ironic::pxe::common::http_port: {get_param: IronicIPXEPort}
# Credentials to access other services
ironic::cinder::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}

14
puppet/services/ironic-inspector.yaml

@ -113,8 +113,18 @@ outputs:
monitoring_subscription: {get_param: MonitoringSubscriptionIronicInspector}
config_settings:
map_merge:
- ironic::inspector::listen_address: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
ironic::inspector::dnsmasq_local_ip: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
- ironic::inspector::listen_address:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
ironic::inspector::dnsmasq_local_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
ironic::inspector::dnsmasq_ip_range: {get_param: IronicInspectorIpRange}
ironic::inspector::dnsmasq_interface: {get_param: IronicInspectorInterface}
ironic::inspector::debug: {get_param: Debug}

16
puppet/services/keystone.yaml

@ -424,15 +424,25 @@ outputs:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
# NOTE: this applies to all 2 bind IP settings below...
keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
keystone::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
keystone::wsgi::apache::admin_bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
keystone::cron::token_flush::ensure: {get_param: KeystoneCronTokenFlushEnsure}
keystone::cron::token_flush::minute: {get_param: KeystoneCronTokenFlushMinute}
keystone::cron::token_flush::hour: {get_param: KeystoneCronTokenFlushHour}

9
puppet/services/manila-api.yaml

@ -73,13 +73,18 @@ outputs:
dport:
- 8786
- 13786
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
manila::api::bind_host: {get_param: [ServiceNetMap, ManilaApiNetwork]}
manila::api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ManilaApiNetwork]}
manila::api::enable_proxy_headers_parsing: true
manila::api::default_share_type: 'default'
step_config: |

9
puppet/services/memcached.yaml

@ -64,12 +64,17 @@ outputs:
service_name: memcached
monitoring_subscription: {get_param: MonitoringSubscriptionMemcached}
config_settings:
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
memcached::listen_ip: {get_param: [ServiceNetMap, MemcachedNetwork]}
memcached::listen_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]}
memcached::max_memory: {get_param: MemcachedMaxMemory}
memcached::verbosity:
list_join:

14
puppet/services/mistral-api.yaml

@ -75,7 +75,12 @@ outputs:
map_merge:
- get_attr: [MistralBase, role_data, config_settings]
- mistral::api::api_workers: {get_param: MistralWorkers}
mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
mistral::api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
mistral::wsgi::apache::ssl: {get_param: EnableInternalTLS}
mistral::policy::policies: {get_param: MistralApiPolicies}
tripleo.mistral_api.firewall_rules:
@ -84,7 +89,12 @@ outputs:
- 8989
- 13989
mistral::api::service_name: 'httpd'
mistral::wsgi::apache::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
mistral::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
mistral::wsgi::apache::servername:
str_replace:
template:

14
puppet/services/neutron-api.yaml

@ -180,13 +180,17 @@ outputs:
- 13696
neutron::server::router_distributed: {get_param: NeutronEnableDVR}
neutron::server::enable_dvr: {get_param: NeutronEnableDVR}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
tripleo::profile::base::neutron::server::tls_proxy_bind_ip:
get_param: [ServiceNetMap, NeutronApiNetwork]
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
tripleo::profile::base::neutron::server::tls_proxy_fqdn:
str_replace:
template:
@ -201,7 +205,11 @@ outputs:
if:
- use_tls_proxy
- 'localhost'
- {get_param: [ServiceNetMap, NeutronApiNetwork]}
- str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA}
-
if:

7
puppet/services/neutron-linuxbridge-agent.yaml

@ -76,7 +76,12 @@ outputs:
- neutron::agents::ml2::linuxbridge::physical_interface_mappings: {get_param: PhysicalInterfaceMapping}
neutron::agents::ml2::linuxbridge::l2_population: {get_param: NeutronEnableL2Pop}
neutron::agents::ml2::linuxbridge::tunnel_types: {get_param: NeutronTunnelTypes}
neutron::agents::ml2::linuxbridge::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
neutron::agents::ml2::linuxbridge::local_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.BridgeInterfaceDriver'
neutron::agents::dhcp::dhcp_driver: 'neutron.agent.linux.dhcp.Dnsmasq'
-

9
puppet/services/neutron-ovs-agent.yaml

@ -138,13 +138,18 @@ outputs:
neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder}
neutron::agents::ml2::ovs::tunnel_types: {get_param: NeutronTunnelTypes}
neutron::agents::ml2::ovs::extensions: {get_param: NeutronAgentExtensions}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
neutron::agents::ml2::ovs::local_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
tripleo.neutron_ovs_agent.firewall_rules:
'118 neutron vxlan networks':
proto: 'udp'

9
puppet/services/nova-api.yaml

@ -142,12 +142,17 @@ outputs:
nova_wsgi_enabled: true
nova::api::service_name: 'httpd'
nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::wsgi::apache_api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::wsgi::apache_api::servername:
str_replace:
template:

7
puppet/services/nova-base.yaml

@ -161,7 +161,12 @@ outputs:
service_name: nova_base
config_settings:
map_merge:
- nova::my_ip: {get_param: [ServiceNetMap, NovaApiNetwork]}
- nova::my_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::rabbit_password: {get_param: RabbitPassword}
nova::rabbit_userid: {get_param: RabbitUserName}
nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL}

9
puppet/services/nova-compute.yaml

@ -217,13 +217,18 @@ outputs:
# mode.
nova::migration::live_migration_tunnelled: {get_param: NovaEnableRbdBackend}
nova::compute::neutron::libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
nova::compute::vncserver_proxyclient_address: {get_param: [ServiceNetMap, NovaVncProxyNetwork]}
nova::compute::vncserver_proxyclient_address:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaVncProxyNetwork]}
nova::compute::vncproxy_host: {get_param: [EndpointMap, NovaPublic, host_nobrackets]}
nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]}

13
puppet/services/nova-libvirt.yaml

@ -209,7 +209,12 @@ outputs:
nova::compute::libvirt::qemu::configure_qemu: true
nova::compute::libvirt::qemu::max_files: 32768
nova::compute::libvirt::qemu::max_processes: 131072
nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
nova::compute::libvirt::vncserver_listen:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
rbd_persistent_storage: {get_param: CinderEnableRbdBackend}
tripleo.nova_libvirt.firewall_rules:
'200 nova_libvirt':
@ -226,7 +231,11 @@ outputs:
tripleo::profile::base::nova::migration::client::libvirt_tls: true
tripleo::profile::base::nova::libvirt::tls_password: {get_param: [LibvirtTLSPassword]}
nova::migration::libvirt::listen_address:
get_param: [ServiceNetMap, NovaLibvirtNetwork]
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
nova::migration::libvirt::live_migration_inbound_addr:
str_replace:
template:

12
puppet/services/nova-metadata.yaml

@ -66,7 +66,11 @@ outputs:
if:
- use_tls_proxy
- 'localhost'
- {get_param: [ServiceNetMap, NovaMetadataNetwork]}
- str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
-
if:
- nova_workers_zero
@ -76,7 +80,11 @@ outputs:
if:
- use_tls_proxy
- tripleo::profile::base::nova::api::metadata_tls_proxy_bind_ip:
get_param: [ServiceNetMap, NovaMetadataNetwork]
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
tripleo::profile::base::nova::api::metadata_tls_proxy_fqdn:
str_replace:
template:

24
puppet/services/nova-migration-target.yaml

@ -56,13 +56,23 @@ outputs:
- "%{hiera('cold_migration_ssh_inbound_addr')}"
- "%{hiera('live_migration_ssh_inbound_addr')}"
live_migration_ssh_inbound_addr:
get_param:
- ServiceNetMap
- str_replace:
template: "ROLENAMEHostnameResolveNetwork"
params:
ROLENAME: {get_param: RoleName}
cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaApiNetwork]}
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK:
get_param:
- ServiceNetMap
- str_replace:
template: "ROLENAMEHostnameResolveNetwork"
params:
ROLENAME: {get_param: RoleName}
cold_migration_ssh_inbound_addr:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
tripleo::profile::base::sshd::port:
- 22
- {get_param: MigrationSshPort}

9
puppet/services/nova-placement.yaml

@ -100,12 +100,17 @@ outputs:
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
nova::wsgi::apache_placement::api_port: '8778'
nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
nova::wsgi::apache_placement::bind_host: {get_param: [ServiceNetMap, NovaPlacementNetwork]}
nova::wsgi::apache_placement::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaPlacementNetwork]}
nova::wsgi::apache_placement::servername:
str_replace:
template:

9
puppet/services/nova-vnc-proxy.yaml

@ -115,12 +115,17 @@ outputs:
nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]}
nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
nova::vncproxy::host: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::vncproxy::host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
tripleo.nova_vnc_proxy.firewall_rules:
'137 nova_vnc_proxy':
dport:

7
puppet/services/octavia-api.yaml

@ -95,7 +95,12 @@ outputs:
dport:
- 9876
- 13876
octavia::api::host: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
octavia::api::host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
step_config: |
include tripleo::profile::base::octavia::api
service_config_settings:

7
puppet/services/opendaylight-api.yaml

@ -125,7 +125,12 @@ outputs:
opendaylight::username: {get_param: OpenDaylightUsername}
opendaylight::password: {get_param: OpenDaylightPassword}
opendaylight::extra_features: {get_param: OpenDaylightFeatures}
opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
opendaylight::odl_bind_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
opendaylight::manage_repositories: {get_param: OpenDaylightManageRepositories}
tripleo.opendaylight_api.firewall_rules:
'137 opendaylight api':

7
puppet/services/opendaylight-ovs.yaml

@ -178,7 +178,12 @@ outputs:
neutron::plugins::ovs::opendaylight::odl_username: {get_param: OpenDaylightUsername}
neutron::plugins::ovs::opendaylight::odl_password: {get_param: OpenDaylightPassword}
opendaylight_check_url: {get_param: OpenDaylightCheckURL}
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
neutron::agents::ml2::ovs::local_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
tripleo.opendaylight_ovs.firewall_rules:
'118 neutron vxlan networks':
proto: 'udp'

7
puppet/services/ovn-controller.yaml

@ -99,7 +99,12 @@ outputs:
- get_attr: [RoleParametersValue, value]
- ovn::southbound::port: {get_param: OVNSouthboundServerPort}
ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType}
ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
ovn::controller::ovn_encap_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
ovn::controller::ovn_bridge: {get_param: OVNIntegrationBridge}
nova::compute::force_config_drive: {if: [force_config_drive, true, false]}
tripleo.ovn_controller.firewall_rules:

7
puppet/services/ovn-dbs.yaml

@ -47,7 +47,12 @@ outputs:
config_settings:
ovn::northbound::port: {get_param: OVNNorthboundServerPort}
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
ovn::northd::dbs_listen_ip: {get_param: [ServiceNetMap, OvnDbsNetwork]}
ovn::northd::dbs_listen_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
tripleo::haproxy::ovn_dbs_manage_lb: true
tripleo.ovn_dbs.firewall_rules:
'121 OVN DB server ports':

8
puppet/services/pacemaker/database/mysql.yaml

@ -63,14 +63,18 @@ outputs:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
tripleo::profile::pacemaker::database::mysql::gmcast_listen_addr:
get_param: [ServiceNetMap, MysqlNetwork]
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
tripleo::profile::pacemaker::database::mysql::ca_file:
get_param: InternalTLSCAFile
step_config: |

6
puppet/services/pacemaker/database/redis.yaml

@ -65,7 +65,11 @@ outputs:
redis::notify_service: false
redis::managed_by_cluster_manager: true
tripleo::profile::pacemaker::database::redis::tls_proxy_bind_ip:
get_param: [ServiceNetMap, RedisNetwork]
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
tripleo::profile::pacemaker::database::redis::tls_proxy_fqdn:
str_replace:
template:

9
puppet/services/panko-api.yaml

@ -103,13 +103,18 @@ outputs:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
panko::wsgi::apache::bind_host: {get_param: [ServiceNetMap, PankoApiNetwork]}
panko::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
service_config_settings:
get_attr: [PankoBase, role_data, service_config_settings]
step_config: |

7
puppet/services/qdr.yaml

@ -61,7 +61,12 @@ outputs:
'109 qdr':
dport:
- {get_param: RabbitClientPort}
qdr::listener_addr: {get_param: [ServiceNetMap, QdrNetwork]}
qdr::listener_addr:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, QdrNetwork]}
# cannot pass qdr::listener_port directly because it needs to be a string
# we do the conversion in the puppet layer
tripleo::profile::base::qdr::qdr_listener_port: {get_param: RabbitClientPort}

16
puppet/services/rabbitmq.yaml

@ -120,20 +120,30 @@ outputs:
passwords:
- {get_param: RabbitCookie}
- {get_param: [DefaultPasswords, rabbit_cookie]}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
rabbitmq::interface: {get_param: [ServiceNetMap, RabbitmqNetwork]}
rabbitmq::interface:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues}
rabbitmq::ssl: {get_param: EnableInternalTLS}
rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
rabbitmq::ssl_port: 5672
rabbitmq::ssl_depth: 1
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
rabbitmq::ssl_interface: {get_param: [ServiceNetMap, RabbitmqNetwork]}
rabbitmq::ssl_interface:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
# TODO(jaosorior): Remove this once we set a proper default in
# puppet-tripleo
tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}

9
puppet/services/sahara-api.yaml

@ -80,12 +80,17 @@ outputs:
- sahara::port: {get_param: [EndpointMap, SaharaInternal, port]}
sahara::policy::policies: {get_param: SaharaApiPolicies}
sahara::service::api::api_workers: {get_param: SaharaWorkers}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
sahara::host: {get_param: [ServiceNetMap, SaharaApiNetwork]}
sahara::host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, SaharaApiNetwork]}
tripleo.sahara_api.firewall_rules:
'132 sahara':
dport:

14
puppet/services/swift-proxy.yaml

@ -207,14 +207,18 @@ outputs:
- 'proxy-logging'
- 'proxy-server'
swift::proxy::account_autocreate: true
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
tripleo::profile::base::swift::proxy::tls_proxy_bind_ip:
get_param: [ServiceNetMap, SwiftProxyNetwork]
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
tripleo::profile::base::swift::proxy::tls_proxy_fqdn:
str_replace:
template:
@ -228,7 +232,11 @@ outputs:
if:
- use_tls_proxy
- 'localhost'
- {get_param: [ServiceNetMap, SwiftProxyNetwork]}
- str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
step_config: |
include ::tripleo::profile::base::swift::proxy
service_config_settings:

7
puppet/services/swift-storage.yaml

@ -130,7 +130,12 @@ outputs:
- healthcheck
- account-server
swift::storage::disks::args: {get_param: SwiftRawDisks}
swift::storage::all::storage_local_net_ip: {get_param: [ServiceNetMap, SwiftStorageNetwork]}
swift::storage::all::storage_local_net_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, SwiftStorageNetwork]}
swift::storage::all::account_server_workers: {get_param: SwiftAccountWorkers}
swift::storage::all::container_server_workers: {get_param: SwiftContainerWorkers}
swift::storage::all::object_server_workers: {get_param: SwiftObjectWorkers}

7
puppet/services/tacker.yaml

@ -111,7 +111,12 @@ outputs:
tacker::rabbit_password: {get_param: RabbitPassword}
tacker::rabbit_use_ssl: {get_param: RabbitClientUseSSL}