Convert ServiceNetMap evals to hiera interpolation
Since https://review.openstack.org/#/c/514707/ added the net_ip_map to hieradata, we can look up the per-network bind IPs via hiera interpolation instead of heat map_replace. In some cases the ServiceNetMap lookup is used for other things, but anywhere we make use of the "magic" translation via NetIpMap is changed the same way. This will enable more of the configuration data to be exposed per role vs per node in a future patch (to simplify our ansible workflow). Co-authored-by: Bogdan Dobrelya <bdobreli@redhat.com> Change-Id: Ie3da9fedbfce87e85f74d8780e7ad1ceadda79c8
This commit is contained in:
Steven Hardy
Emilien Macchi
parent
448598d681
commit
3a7baa8fa6
@ -231,7 +231,15 @@ outputs:
|
||||
ceph_docker_image_tag: {get_attr: [DockerImageUrlParts, value, image_tag]}
|
||||
containerized_deployment: true
|
||||
public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
|
||||
monitor_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
|
||||
monitor_address_block:
|
||||
get_param:
|
||||
- ServiceData
|
||||
- net_cidr_map
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
|
||||
cluster_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
|
||||
user_config: true
|
||||
ceph_stable: true
|
||||
|
||||
@ -72,7 +72,15 @@ outputs:
|
||||
- {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
|
||||
- radosgw_keystone: true
|
||||
radosgw_keystone_ssl: false
|
||||
radosgw_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephRgwNetwork]}]}
|
||||
radosgw_address_block:
|
||||
get_param:
|
||||
- ServiceData
|
||||
- net_cidr_map
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CephRgwNetwork]}
|
||||
radosgw_civetweb_port: {get_param: [EndpointMap, CephRgwInternal, port]}
|
||||
service_config_settings:
|
||||
keystone:
|
||||
|
||||
@ -89,7 +89,12 @@ outputs:
|
||||
map_merge:
|
||||
- get_attr: [MistralBase, role_data, config_settings]
|
||||
- mistral::api::api_workers: {get_param: MistralWorkers}
|
||||
mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
|
||||
mistral::api::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
|
||||
mistral::policy::policies: {get_param: MistralApiPolicies}
|
||||
tripleo.mistral_api.firewall_rules:
|
||||
'133 mistral':
|
||||
|
||||
@ -96,7 +96,11 @@ outputs:
|
||||
tripleo::stunnel::manage_service: false
|
||||
tripleo::stunnel::foreground: 'yes'
|
||||
tripleo::profile::pacemaker::database::redis_bundle::tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, RedisNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
|
||||
tripleo::profile::pacemaker::database::redis_bundle::tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template:
|
||||
|
||||
@ -539,10 +539,7 @@ resources:
|
||||
service_names: {get_param: ServiceNames}
|
||||
sensu::subscriptions: {get_param: MonitoringSubscriptions}
|
||||
net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
|
||||
service_configs:
|
||||
map_replace:
|
||||
- {get_param: ServiceConfigSettings}
|
||||
- values: {get_attr: [NetIpMap, net_ip_map]}
|
||||
service_configs: {get_param: ServiceConfigSettings}
|
||||
{{role.name.lower()}}_extraconfig:
|
||||
map_merge:
|
||||
{%- if role.deprecated_param_extraconfig is defined %}
|
||||
|
||||
@ -102,13 +102,18 @@ outputs:
|
||||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]}
|
||||
aodh::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]}
|
||||
service_config_settings:
|
||||
get_attr: [AodhBase, role_data, service_config_settings]
|
||||
step_config: |
|
||||
|
||||
@ -80,15 +80,21 @@ outputs:
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]}
|
||||
apache::ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
|
||||
apache::default_vhost: false
|
||||
apache::server_signature: 'Off'
|
||||
apache::server_tokens: 'Prod'
|
||||
apache_remote_proxy_ips_network:
|
||||
str_replace:
|
||||
template: "NETWORK_subnet"
|
||||
template:
|
||||
"%{hiera('$NETWORK_subnet')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
|
||||
$NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
|
||||
apache::mod::prefork::maxclients: { get_param: ApacheMaxRequestWorkers }
|
||||
apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit }
|
||||
apache::mod::remoteip::proxy_ips:
|
||||
|
||||
@ -132,7 +132,12 @@ outputs:
|
||||
barbican::api::rabbit_port: {get_param: RabbitClientPort}
|
||||
barbican::api::rabbit_heartbeat_timeout_threshold: 60
|
||||
barbican::api::service_name: 'httpd'
|
||||
barbican::wsgi::apache::bind_host: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
|
||||
barbican::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
|
||||
barbican::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
||||
barbican::wsgi::apache::workers: {get_param: BarbicanWorkers}
|
||||
barbican::wsgi::apache::servername:
|
||||
|
||||
@ -107,22 +107,27 @@ outputs:
|
||||
ceph::params::packages:
|
||||
- ceph-base
|
||||
- ceph-mon
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
ceph::profile::params::cluster_network:
|
||||
str_replace:
|
||||
template: "NETWORK_subnet"
|
||||
template: "%{hiera('$NETWORK_subnet')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, CephClusterNetwork]}
|
||||
ceph::profile::params::public_network:
|
||||
str_replace:
|
||||
template: "NETWORK_subnet"
|
||||
template: "%{hiera('$NETWORK_subnet')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
|
||||
ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephMonNetwork]}
|
||||
ceph::profile::params::public_addr:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
|
||||
ceph::profile::params::client_keys:
|
||||
map_replace:
|
||||
- client.admin:
|
||||
|
||||
@ -70,7 +70,12 @@ outputs:
|
||||
- tripleo::profile::base::ceph::rgw::rgw_key: {get_param: CephRgwKey}
|
||||
tripleo::profile::base::ceph::rgw::keystone_admin_token: {get_param: AdminToken}
|
||||
tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
tripleo::profile::base::ceph::rgw::civetweb_bind_ip: {get_param: [ServiceNetMap, CephRgwNetwork]}
|
||||
tripleo::profile::base::ceph::rgw::civetweb_bind_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CephRgwNetwork]}
|
||||
tripleo::profile::base::ceph::rgw::civetweb_bind_port: {get_param: [EndpointMap, CephRgwInternal, port]}
|
||||
tripleo::profile::base::ceph::rgw::rgw_keystone_version: v3
|
||||
ceph::profile::params::rgw_keystone_admin_domain: default
|
||||
|
||||
@ -137,12 +137,18 @@ outputs:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
|
||||
cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
||||
cinder::api::service_name: 'httpd'
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
cinder::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
|
||||
cinder::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
|
||||
-
|
||||
cinder::wsgi::apache::servername:
|
||||
str_replace:
|
||||
template:
|
||||
|
||||
@ -155,12 +155,17 @@ outputs:
|
||||
tripleo.cinder_volume.firewall_rules:
|
||||
'120 iscsi initiator':
|
||||
dport: 3260
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
|
||||
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
|
||||
service_config_settings:
|
||||
fluentd:
|
||||
tripleo_fluentd_groups_cinder_volume:
|
||||
|
||||
@ -110,7 +110,12 @@ outputs:
|
||||
congress::rabbit_password: {get_param: RabbitPassword}
|
||||
congress::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
|
||||
congress::rabbit_port: {get_param: RabbitClientPort}
|
||||
congress::server::bind_host: {get_param: [ServiceNetMap, CongressApiNetwork]}
|
||||
congress::server::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CongressApiNetwork]}
|
||||
|
||||
congress::keystone::authtoken::password: {get_param: CongressPassword}
|
||||
congress::keystone::authtoken::project_name: 'service'
|
||||
|
||||
@ -86,13 +86,18 @@ outputs:
|
||||
dport: 27018
|
||||
'103 mongod':
|
||||
dport: 27017
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
mongodb_bind_ip: {get_param: [ServiceNetMap, MongodbNetwork]}
|
||||
mongodb_bind_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]}
|
||||
# NOTE: This now takes an array, so we need to fetch the IP from hiera,
|
||||
# else Heat won't substitute the network name for the IP.
|
||||
mongodb::server::bind_ip:
|
||||
|
||||
@ -45,7 +45,12 @@ outputs:
|
||||
value:
|
||||
service_name: mysql_client
|
||||
config_settings:
|
||||
tripleo::profile::base::database::mysql::client::mysql_client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
tripleo::profile::base::database::mysql::client::mysql_client_bind_address:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS}
|
||||
tripleo::profile::base::database::mysql::client::ssl_ca: {get_param: InternalTLSCAFile}
|
||||
step_config: |
|
||||
|
||||
@ -102,13 +102,18 @@ outputs:
|
||||
- {get_param: [DefaultPasswords, mysql_root_password]}
|
||||
mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
|
||||
enable_galera: {get_param: EnableGalera}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
mysql_bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
tripleo::profile::base::database::mysql::bind_address:
|
||||
str_replace:
|
||||
template:
|
||||
@ -116,7 +121,11 @@ outputs:
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
tripleo::profile::base::database::mysql::client_bind_address:
|
||||
{get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
tripleo::profile::base::database::mysql::generate_dropin_file_limit:
|
||||
{get_param: MysqlIncreaseFileLimit}
|
||||
- if:
|
||||
|
||||
@ -60,7 +60,7 @@ outputs:
|
||||
redis::masterauth: {get_param: RedisPassword}
|
||||
redis::sentinel_auth_pass: {get_param: RedisPassword}
|
||||
redis_ipv6: {get_param: RedisIPv6}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
@ -74,7 +74,11 @@ outputs:
|
||||
- redis_ipv6
|
||||
- '::1'
|
||||
- '127.0.0.1'
|
||||
- {get_param: [ServiceNetMap, RedisNetwork]}
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
|
||||
redis::port: 6379
|
||||
redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}"
|
||||
redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}"
|
||||
@ -86,5 +90,9 @@ outputs:
|
||||
- redis_ipv6
|
||||
- '::1'
|
||||
- '127.0.0.1'
|
||||
- {get_param: [ServiceNetMap, RedisNetwork]}
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
|
||||
redis::ulimit: {get_param: RedisFDLimit}
|
||||
|
||||
@ -38,7 +38,11 @@ outputs:
|
||||
service_name: docker_registry
|
||||
config_settings:
|
||||
tripleo::profile::base::docker_registry::registry_host:
|
||||
{get_param: [ServiceNetMap, DockerRegistryNetwork]}
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, DockerRegistryNetwork]}
|
||||
tripleo::profile::base::docker_registry::registry_port:
|
||||
{get_param: [EndpointMap, DockerRegistryInternal, port]}
|
||||
tripleo.docker_registry.firewall_rules:
|
||||
|
||||
@ -159,14 +159,22 @@ outputs:
|
||||
if:
|
||||
- use_tls_proxy
|
||||
- tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, Ec2ApiNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
|
||||
tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
|
||||
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
|
||||
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_$NETWORK')}"
|
||||
|
||||
@ -60,12 +60,17 @@ outputs:
|
||||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
tripleo::profile::base::etcd::bind_ip: {get_param: [ServiceNetMap, EtcdNetwork]}
|
||||
tripleo::profile::base::etcd::bind_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
|
||||
tripleo::profile::base::etcd::client_port: '2379'
|
||||
tripleo::profile::base::etcd::peer_port: '2380'
|
||||
etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken}
|
||||
|
||||
@ -237,14 +237,18 @@ outputs:
|
||||
glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]}
|
||||
glance::api::os_region_name: {get_param: KeystoneRegion}
|
||||
glance::api::image_member_quota: {get_param: GlanceImageMemberQuota}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
tripleo::profile::base::glance::api::tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, GlanceApiNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
|
||||
tripleo::profile::base::glance::api::tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template:
|
||||
@ -259,7 +263,11 @@ outputs:
|
||||
if:
|
||||
- use_tls_proxy
|
||||
- 'localhost'
|
||||
- {get_param: [ServiceNetMap, GlanceApiNetwork]}
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
|
||||
glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
|
||||
glance_log_file: {get_param: GlanceLogFile}
|
||||
glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneV3Internal, uri] }
|
||||
|
||||
@ -124,13 +124,18 @@ outputs:
|
||||
$NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
|
||||
tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend}
|
||||
tripleo::profile::base::gnocchi::api::incoming_storage_driver: {get_param: GnocchiIncomingStorageDriver}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
|
||||
gnocchi::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
|
||||
gnocchi::wsgi::apache::wsgi_process_display_name: 'gnocchi_wsgi'
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::gnocchi::api
|
||||
|
||||
@ -95,15 +95,25 @@ outputs:
|
||||
dport:
|
||||
- 8000
|
||||
- 13800
|
||||
heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
|
||||
heat::api_cfn::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
|
||||
heat::wsgi::apache_api_cfn::ssl: {get_param: EnableInternalTLS}
|
||||
heat::api_cfn::service_name: 'httpd'
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
heat::wsgi::apache_api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
|
||||
heat::wsgi::apache_api_cfn::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
|
||||
heat::wsgi::apache_api_cfn::servername:
|
||||
str_replace:
|
||||
template:
|
||||
|
||||
@ -101,16 +101,26 @@ outputs:
|
||||
dport:
|
||||
- 8004
|
||||
- 13004
|
||||
heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
|
||||
heat::api::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]}
|
||||
heat::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
|
||||
heat::policy::policies: {get_param: HeatApiPolicies}
|
||||
heat::api::service_name: 'httpd'
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
heat::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
|
||||
heat::wsgi::apache_api::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]}
|
||||
heat::wsgi::apache_api::servername:
|
||||
str_replace:
|
||||
template:
|
||||
|
||||
@ -115,7 +115,12 @@ outputs:
|
||||
horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
|
||||
horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
|
||||
horizon::vhost_extra_params: {get_param: HorizonVhostExtraParams}
|
||||
horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]}
|
||||
horizon::bind_address:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
|
||||
horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
horizon::password_validator: {get_param: [HorizonPasswordValidator]}
|
||||
horizon::password_validator_help: {get_param: [HorizonPasswordValidatorHelp]}
|
||||
|
||||
@ -90,19 +90,29 @@ outputs:
|
||||
ironic::api::authtoken::username: 'ironic'
|
||||
ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
ironic::api::host_ip: {get_param: [ServiceNetMap, IronicApiNetwork]}
|
||||
ironic::api::host_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
|
||||
ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
|
||||
# This is used to build links in responses
|
||||
ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
|
||||
ironic::api::service_name: 'httpd'
|
||||
ironic::policy::policies: {get_param: IronicApiPolicies}
|
||||
ironic::wsgi::apache::bind_host: {get_param: [ServiceNetMap, IronicApiNetwork]}
|
||||
ironic::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
|
||||
ironic::wsgi::apache::port: {get_param: [EndpointMap, IronicInternal, port]}
|
||||
ironic::wsgi::apache::servername:
|
||||
str_replace:
|
||||
|
||||
@ -207,7 +207,12 @@ outputs:
|
||||
ironic::conductor::automated_clean: {get_param: IronicAutomatedClean}
|
||||
ironic::conductor::enabled_hardware_types: {get_param: IronicEnabledHardwareTypes}
|
||||
# We need an endpoint containing a real IP, not a VIP here
|
||||
ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
ironic_conductor_http_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
ironic::conductor::http_url:
|
||||
list_join:
|
||||
- ''
|
||||
@ -216,14 +221,24 @@ outputs:
|
||||
- {get_param: IronicIPXEPort}
|
||||
ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled}
|
||||
ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
ironic::drivers::pxe::tftp_server: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
ironic::pxe::tftp_bind_host: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
ironic::drivers::pxe::tftp_server:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
ironic::pxe::tftp_bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
# NOTE(dtantsur): UEFI only works with iPXE currently for us
|
||||
ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
|
||||
ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
|
||||
@ -256,7 +271,12 @@ outputs:
|
||||
# glance and neutron endpoints, virtual console IP. We override
|
||||
# the TFTP server IP in ironic-conductor.yaml as it should not be
|
||||
# the VIP, but rather a real IP of the host.
|
||||
ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
ironic::my_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
ironic::pxe::common::http_port: {get_param: IronicIPXEPort}
|
||||
# Credentials to access other services
|
||||
ironic::cinder::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
|
||||
@ -113,8 +113,18 @@ outputs:
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionIronicInspector}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- ironic::inspector::listen_address: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
|
||||
ironic::inspector::dnsmasq_local_ip: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
|
||||
- ironic::inspector::listen_address:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
|
||||
ironic::inspector::dnsmasq_local_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
|
||||
ironic::inspector::dnsmasq_ip_range: {get_param: IronicInspectorIpRange}
|
||||
ironic::inspector::dnsmasq_interface: {get_param: IronicInspectorInterface}
|
||||
ironic::inspector::debug: {get_param: Debug}
|
||||
|
||||
@ -424,15 +424,25 @@ outputs:
|
||||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
# NOTE: this applies to all 2 bind IP settings below...
|
||||
keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
|
||||
keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
|
||||
keystone::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
|
||||
keystone::wsgi::apache::admin_bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
|
||||
keystone::cron::token_flush::ensure: {get_param: KeystoneCronTokenFlushEnsure}
|
||||
keystone::cron::token_flush::minute: {get_param: KeystoneCronTokenFlushMinute}
|
||||
keystone::cron::token_flush::hour: {get_param: KeystoneCronTokenFlushHour}
|
||||
|
||||
@ -73,13 +73,18 @@ outputs:
|
||||
dport:
|
||||
- 8786
|
||||
- 13786
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
manila::api::bind_host: {get_param: [ServiceNetMap, ManilaApiNetwork]}
|
||||
manila::api::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, ManilaApiNetwork]}
|
||||
manila::api::enable_proxy_headers_parsing: true
|
||||
manila::api::default_share_type: 'default'
|
||||
step_config: |
|
||||
|
||||
@ -64,12 +64,17 @@ outputs:
|
||||
service_name: memcached
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionMemcached}
|
||||
config_settings:
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
memcached::listen_ip: {get_param: [ServiceNetMap, MemcachedNetwork]}
|
||||
memcached::listen_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]}
|
||||
memcached::max_memory: {get_param: MemcachedMaxMemory}
|
||||
memcached::verbosity:
|
||||
list_join:
|
||||
|
||||
@ -75,7 +75,12 @@ outputs:
|
||||
map_merge:
|
||||
- get_attr: [MistralBase, role_data, config_settings]
|
||||
- mistral::api::api_workers: {get_param: MistralWorkers}
|
||||
mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
|
||||
mistral::api::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
|
||||
mistral::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
||||
mistral::policy::policies: {get_param: MistralApiPolicies}
|
||||
tripleo.mistral_api.firewall_rules:
|
||||
@ -84,7 +89,12 @@ outputs:
|
||||
- 8989
|
||||
- 13989
|
||||
mistral::api::service_name: 'httpd'
|
||||
mistral::wsgi::apache::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
|
||||
mistral::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
|
||||
mistral::wsgi::apache::servername:
|
||||
str_replace:
|
||||
template:
|
||||
|
||||
@ -180,13 +180,17 @@ outputs:
|
||||
- 13696
|
||||
neutron::server::router_distributed: {get_param: NeutronEnableDVR}
|
||||
neutron::server::enable_dvr: {get_param: NeutronEnableDVR}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
tripleo::profile::base::neutron::server::tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, NeutronApiNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
|
||||
tripleo::profile::base::neutron::server::tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template:
|
||||
@ -201,7 +205,11 @@ outputs:
|
||||
if:
|
||||
- use_tls_proxy
|
||||
- 'localhost'
|
||||
- {get_param: [ServiceNetMap, NeutronApiNetwork]}
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
|
||||
tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA}
|
||||
-
|
||||
if:
|
||||
|
||||
@ -76,7 +76,12 @@ outputs:
|
||||
- neutron::agents::ml2::linuxbridge::physical_interface_mappings: {get_param: PhysicalInterfaceMapping}
|
||||
neutron::agents::ml2::linuxbridge::l2_population: {get_param: NeutronEnableL2Pop}
|
||||
neutron::agents::ml2::linuxbridge::tunnel_types: {get_param: NeutronTunnelTypes}
|
||||
neutron::agents::ml2::linuxbridge::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
neutron::agents::ml2::linuxbridge::local_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.BridgeInterfaceDriver'
|
||||
neutron::agents::dhcp::dhcp_driver: 'neutron.agent.linux.dhcp.Dnsmasq'
|
||||
-
|
||||
|
||||
@ -138,13 +138,18 @@ outputs:
|
||||
neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder}
|
||||
neutron::agents::ml2::ovs::tunnel_types: {get_param: NeutronTunnelTypes}
|
||||
neutron::agents::ml2::ovs::extensions: {get_param: NeutronAgentExtensions}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
neutron::agents::ml2::ovs::local_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
tripleo.neutron_ovs_agent.firewall_rules:
|
||||
'118 neutron vxlan networks':
|
||||
proto: 'udp'
|
||||
|
||||
@ -142,12 +142,17 @@ outputs:
|
||||
nova_wsgi_enabled: true
|
||||
nova::api::service_name: 'httpd'
|
||||
nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
nova::wsgi::apache_api::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
nova::wsgi::apache_api::servername:
|
||||
str_replace:
|
||||
template:
|
||||
|
||||
@ -161,7 +161,12 @@ outputs:
|
||||
service_name: nova_base
|
||||
config_settings:
|
||||
map_merge:
|
||||
- nova::my_ip: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
- nova::my_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
nova::rabbit_password: {get_param: RabbitPassword}
|
||||
nova::rabbit_userid: {get_param: RabbitUserName}
|
||||
nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
|
||||
|
||||
@ -217,13 +217,18 @@ outputs:
|
||||
# mode.
|
||||
nova::migration::live_migration_tunnelled: {get_param: NovaEnableRbdBackend}
|
||||
nova::compute::neutron::libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
nova::compute::vncserver_proxyclient_address: {get_param: [ServiceNetMap, NovaVncProxyNetwork]}
|
||||
nova::compute::vncserver_proxyclient_address:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaVncProxyNetwork]}
|
||||
nova::compute::vncproxy_host: {get_param: [EndpointMap, NovaPublic, host_nobrackets]}
|
||||
nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
|
||||
nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]}
|
||||
|
||||
@ -209,7 +209,12 @@ outputs:
|
||||
nova::compute::libvirt::qemu::configure_qemu: true
|
||||
nova::compute::libvirt::qemu::max_files: 32768
|
||||
nova::compute::libvirt::qemu::max_processes: 131072
|
||||
nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
|
||||
nova::compute::libvirt::vncserver_listen:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
|
||||
rbd_persistent_storage: {get_param: CinderEnableRbdBackend}
|
||||
tripleo.nova_libvirt.firewall_rules:
|
||||
'200 nova_libvirt':
|
||||
@ -226,7 +231,11 @@ outputs:
|
||||
tripleo::profile::base::nova::migration::client::libvirt_tls: true
|
||||
tripleo::profile::base::nova::libvirt::tls_password: {get_param: [LibvirtTLSPassword]}
|
||||
nova::migration::libvirt::listen_address:
|
||||
get_param: [ServiceNetMap, NovaLibvirtNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
|
||||
nova::migration::libvirt::live_migration_inbound_addr:
|
||||
str_replace:
|
||||
template:
|
||||
|
||||
@ -66,7 +66,11 @@ outputs:
|
||||
if:
|
||||
- use_tls_proxy
|
||||
- 'localhost'
|
||||
- {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
||||
-
|
||||
if:
|
||||
- nova_workers_zero
|
||||
@ -76,7 +80,11 @@ outputs:
|
||||
if:
|
||||
- use_tls_proxy
|
||||
- tripleo::profile::base::nova::api::metadata_tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, NovaMetadataNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
||||
tripleo::profile::base::nova::api::metadata_tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template:
|
||||
|
||||
@ -56,13 +56,23 @@ outputs:
|
||||
- "%{hiera('cold_migration_ssh_inbound_addr')}"
|
||||
- "%{hiera('live_migration_ssh_inbound_addr')}"
|
||||
live_migration_ssh_inbound_addr:
|
||||
get_param:
|
||||
- ServiceNetMap
|
||||
- str_replace:
|
||||
template: "ROLENAMEHostnameResolveNetwork"
|
||||
params:
|
||||
ROLENAME: {get_param: RoleName}
|
||||
cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK:
|
||||
get_param:
|
||||
- ServiceNetMap
|
||||
- str_replace:
|
||||
template: "ROLENAMEHostnameResolveNetwork"
|
||||
params:
|
||||
ROLENAME: {get_param: RoleName}
|
||||
cold_migration_ssh_inbound_addr:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
tripleo::profile::base::sshd::port:
|
||||
- 22
|
||||
- {get_param: MigrationSshPort}
|
||||
|
||||
@ -100,12 +100,17 @@ outputs:
|
||||
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
nova::wsgi::apache_placement::api_port: '8778'
|
||||
nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
nova::wsgi::apache_placement::bind_host: {get_param: [ServiceNetMap, NovaPlacementNetwork]}
|
||||
nova::wsgi::apache_placement::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaPlacementNetwork]}
|
||||
nova::wsgi::apache_placement::servername:
|
||||
str_replace:
|
||||
template:
|
||||
|
||||
@ -115,12 +115,17 @@ outputs:
|
||||
nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
|
||||
nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]}
|
||||
nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
nova::vncproxy::host: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
nova::vncproxy::host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
tripleo.nova_vnc_proxy.firewall_rules:
|
||||
'137 nova_vnc_proxy':
|
||||
dport:
|
||||
|
||||
@ -95,7 +95,12 @@ outputs:
|
||||
dport:
|
||||
- 9876
|
||||
- 13876
|
||||
octavia::api::host: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
|
||||
octavia::api::host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
|
||||
step_config: |
|
||||
include tripleo::profile::base::octavia::api
|
||||
service_config_settings:
|
||||
|
||||
@ -125,7 +125,12 @@ outputs:
|
||||
opendaylight::username: {get_param: OpenDaylightUsername}
|
||||
opendaylight::password: {get_param: OpenDaylightPassword}
|
||||
opendaylight::extra_features: {get_param: OpenDaylightFeatures}
|
||||
opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
||||
opendaylight::odl_bind_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
||||
opendaylight::manage_repositories: {get_param: OpenDaylightManageRepositories}
|
||||
tripleo.opendaylight_api.firewall_rules:
|
||||
'137 opendaylight api':
|
||||
|
||||
@ -178,7 +178,12 @@ outputs:
|
||||
neutron::plugins::ovs::opendaylight::odl_username: {get_param: OpenDaylightUsername}
|
||||
neutron::plugins::ovs::opendaylight::odl_password: {get_param: OpenDaylightPassword}
|
||||
opendaylight_check_url: {get_param: OpenDaylightCheckURL}
|
||||
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
neutron::agents::ml2::ovs::local_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
tripleo.opendaylight_ovs.firewall_rules:
|
||||
'118 neutron vxlan networks':
|
||||
proto: 'udp'
|
||||
|
||||
@ -99,7 +99,12 @@ outputs:
|
||||
- get_attr: [RoleParametersValue, value]
|
||||
- ovn::southbound::port: {get_param: OVNSouthboundServerPort}
|
||||
ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType}
|
||||
ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
ovn::controller::ovn_encap_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
ovn::controller::ovn_bridge: {get_param: OVNIntegrationBridge}
|
||||
nova::compute::force_config_drive: {if: [force_config_drive, true, false]}
|
||||
tripleo.ovn_controller.firewall_rules:
|
||||
|
||||
@ -47,7 +47,12 @@ outputs:
|
||||
config_settings:
|
||||
ovn::northbound::port: {get_param: OVNNorthboundServerPort}
|
||||
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
|
||||
ovn::northd::dbs_listen_ip: {get_param: [ServiceNetMap, OvnDbsNetwork]}
|
||||
ovn::northd::dbs_listen_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
|
||||
tripleo::haproxy::ovn_dbs_manage_lb: true
|
||||
tripleo.ovn_dbs.firewall_rules:
|
||||
'121 OVN DB server ports':
|
||||
|
||||
@ -63,14 +63,18 @@ outputs:
|
||||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
tripleo::profile::pacemaker::database::mysql::gmcast_listen_addr:
|
||||
get_param: [ServiceNetMap, MysqlNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
tripleo::profile::pacemaker::database::mysql::ca_file:
|
||||
get_param: InternalTLSCAFile
|
||||
step_config: |
|
||||
|
||||
@ -65,7 +65,11 @@ outputs:
|
||||
redis::notify_service: false
|
||||
redis::managed_by_cluster_manager: true
|
||||
tripleo::profile::pacemaker::database::redis::tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, RedisNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
|
||||
tripleo::profile::pacemaker::database::redis::tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template:
|
||||
|
||||
@ -103,13 +103,18 @@ outputs:
|
||||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
panko::wsgi::apache::bind_host: {get_param: [ServiceNetMap, PankoApiNetwork]}
|
||||
panko::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
|
||||
service_config_settings:
|
||||
get_attr: [PankoBase, role_data, service_config_settings]
|
||||
step_config: |
|
||||
|
||||
@ -61,7 +61,12 @@ outputs:
|
||||
'109 qdr':
|
||||
dport:
|
||||
- {get_param: RabbitClientPort}
|
||||
qdr::listener_addr: {get_param: [ServiceNetMap, QdrNetwork]}
|
||||
qdr::listener_addr:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, QdrNetwork]}
|
||||
# cannot pass qdr::listener_port directly because it needs to be a string
|
||||
# we do the conversion in the puppet layer
|
||||
tripleo::profile::base::qdr::qdr_listener_port: {get_param: RabbitClientPort}
|
||||
|
||||
@ -120,20 +120,30 @@ outputs:
|
||||
passwords:
|
||||
- {get_param: RabbitCookie}
|
||||
- {get_param: [DefaultPasswords, rabbit_cookie]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
rabbitmq::interface: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
rabbitmq::interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues}
|
||||
rabbitmq::ssl: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_port: 5672
|
||||
rabbitmq::ssl_depth: 1
|
||||
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_interface: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
rabbitmq::ssl_interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
# TODO(jaosorior): Remove this once we set a proper default in
|
||||
# puppet-tripleo
|
||||
tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}
|
||||
|
||||
@ -80,12 +80,17 @@ outputs:
|
||||
- sahara::port: {get_param: [EndpointMap, SaharaInternal, port]}
|
||||
sahara::policy::policies: {get_param: SaharaApiPolicies}
|
||||
sahara::service::api::api_workers: {get_param: SaharaWorkers}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
sahara::host: {get_param: [ServiceNetMap, SaharaApiNetwork]}
|
||||
sahara::host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, SaharaApiNetwork]}
|
||||
tripleo.sahara_api.firewall_rules:
|
||||
'132 sahara':
|
||||
dport:
|
||||
|
||||
@ -207,14 +207,18 @@ outputs:
|
||||
- 'proxy-logging'
|
||||
- 'proxy-server'
|
||||
swift::proxy::account_autocreate: true
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
tripleo::profile::base::swift::proxy::tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, SwiftProxyNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
|
||||
tripleo::profile::base::swift::proxy::tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template:
|
||||
@ -228,7 +232,11 @@ outputs:
|
||||
if:
|
||||
- use_tls_proxy
|
||||
- 'localhost'
|
||||
- {get_param: [ServiceNetMap, SwiftProxyNetwork]}
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::swift::proxy
|
||||
service_config_settings:
|
||||
|
||||
@ -130,7 +130,12 @@ outputs:
|
||||
- healthcheck
|
||||
- account-server
|
||||
swift::storage::disks::args: {get_param: SwiftRawDisks}
|
||||
swift::storage::all::storage_local_net_ip: {get_param: [ServiceNetMap, SwiftStorageNetwork]}
|
||||
swift::storage::all::storage_local_net_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, SwiftStorageNetwork]}
|
||||
swift::storage::all::account_server_workers: {get_param: SwiftAccountWorkers}
|
||||
swift::storage::all::container_server_workers: {get_param: SwiftContainerWorkers}
|
||||
swift::storage::all::object_server_workers: {get_param: SwiftObjectWorkers}
|
||||
|
||||
@ -111,7 +111,12 @@ outputs:
|
||||
tacker::rabbit_password: {get_param: RabbitPassword}
|
||||
tacker::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
|
||||
tacker::rabbit_port: {get_param: RabbitClientPort}
|
||||
tacker::server::bind_host: {get_param: [ServiceNetMap, TackerApiNetwork]}
|
||||
tacker::server::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, TackerApiNetwork]}
|
||||
|
||||
tacker::keystone::authtoken::project_name: 'service'
|
||||
tacker::keystone::authtoken::user_domain_name: 'Default'
|
||||
|
||||
@ -112,10 +112,25 @@ outputs:
|
||||
- {get_param: Debug }
|
||||
- {get_param: ZaqarDebug }
|
||||
zaqar::server::service_name: 'httpd'
|
||||
zaqar::transport::websocket::bind: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
||||
zaqar::transport::websocket::notification_bind: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
||||
zaqar::transport::websocket::bind:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
||||
zaqar::transport::websocket::notification_bind:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
||||
zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
||||
zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
||||
zaqar::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
||||
zaqar::message_pipeline: 'zaqar.notification.notifier'
|
||||
zaqar::max_messages_post_size: 1048576
|
||||
zaqar::unreliable: true
|
||||
|
||||
@ -0,0 +1,9 @@
|
||||
---
|
||||
upgrade:
|
||||
- |
|
||||
Per-service config_settings should now use hiera interpolation to set
|
||||
the bind IP for services, e.g "%{hiera('internal_api')}" whereas prior
|
||||
to this release we replaced e.g internal_api for the IP address internally.
|
||||
The network name can still be derived from the ServiceNetMap - all the
|
||||
in-tree templates have been converted to the new format, but any out
|
||||
of tree templates may require similar adjustment.
|
||||
Loading…
x
Reference in New Issue
Block a user