diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml index bddb646954..436faf21f6 100644 --- a/docker/services/ceph-ansible/ceph-base.yaml +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -231,7 +231,15 @@ outputs: ceph_docker_image_tag: {get_attr: [DockerImageUrlParts, value, image_tag]} containerized_deployment: true public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} - monitor_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} + monitor_address_block: + get_param: + - ServiceData + - net_cidr_map + - str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]} cluster_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} user_config: true ceph_stable: true diff --git a/docker/services/ceph-ansible/ceph-rgw.yaml b/docker/services/ceph-ansible/ceph-rgw.yaml index 5bbee3e0b0..9d9d04ba94 100644 --- a/docker/services/ceph-ansible/ceph-rgw.yaml +++ b/docker/services/ceph-ansible/ceph-rgw.yaml @@ -72,7 +72,15 @@ outputs: - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]} - radosgw_keystone: true radosgw_keystone_ssl: false - radosgw_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephRgwNetwork]}]} + radosgw_address_block: + get_param: + - ServiceData + - net_cidr_map + - str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, CephRgwNetwork]} radosgw_civetweb_port: {get_param: [EndpointMap, CephRgwInternal, port]} service_config_settings: keystone: diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml index 4fd3b88d28..405c482c8c 100644 --- a/docker/services/mistral-api.yaml +++ b/docker/services/mistral-api.yaml @@ -89,7 +89,12 @@ outputs: map_merge: - get_attr: [MistralBase, role_data, config_settings] - mistral::api::api_workers: {get_param: MistralWorkers} - mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]} + mistral::api::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]} mistral::policy::policies: {get_param: MistralApiPolicies} tripleo.mistral_api.firewall_rules: '133 mistral': diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml index 4162ee3e70..98dd5f22c2 100644 --- a/docker/services/pacemaker/database/redis.yaml +++ b/docker/services/pacemaker/database/redis.yaml @@ -96,7 +96,11 @@ outputs: tripleo::stunnel::manage_service: false tripleo::stunnel::foreground: 'yes' tripleo::profile::pacemaker::database::redis_bundle::tls_proxy_bind_ip: - get_param: [ServiceNetMap, RedisNetwork] + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} tripleo::profile::pacemaker::database::redis_bundle::tls_proxy_fqdn: str_replace: template: diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index d623b5421d..f843a3800e 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -539,10 +539,7 @@ resources: service_names: {get_param: ServiceNames} sensu::subscriptions: {get_param: MonitoringSubscriptions} net_ip_map: {get_attr: [NetIpMap, net_ip_map]} - service_configs: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} + service_configs: {get_param: ServiceConfigSettings} {{role.name.lower()}}_extraconfig: map_merge: {%- if role.deprecated_param_extraconfig is defined %} diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index 59d2113a20..6600d6955b 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -102,13 +102,18 @@ outputs: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]} - # NOTE: bind IP is found in Heat replacing the network name with the + # NOTE: bind IP is found in hiera replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]} + aodh::wsgi::apache::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]} service_config_settings: get_attr: [AodhBase, role_data, service_config_settings] step_config: | diff --git a/puppet/services/apache.j2.yaml b/puppet/services/apache.j2.yaml index b8c04e71f8..3b2572c2b9 100644 --- a/puppet/services/apache.j2.yaml +++ b/puppet/services/apache.j2.yaml @@ -80,15 +80,21 @@ outputs: # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]} + apache::ip: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]} apache::default_vhost: false apache::server_signature: 'Off' apache::server_tokens: 'Prod' apache_remote_proxy_ips_network: str_replace: - template: "NETWORK_subnet" + template: + "%{hiera('$NETWORK_subnet')}" params: - NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]} + $NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]} apache::mod::prefork::maxclients: { get_param: ApacheMaxRequestWorkers } apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit } apache::mod::remoteip::proxy_ips: diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index b0ff7a0df5..59f64b43d5 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -132,7 +132,12 @@ outputs: barbican::api::rabbit_port: {get_param: RabbitClientPort} barbican::api::rabbit_heartbeat_timeout_threshold: 60 barbican::api::service_name: 'httpd' - barbican::wsgi::apache::bind_host: {get_param: [ServiceNetMap, BarbicanApiNetwork]} + barbican::wsgi::apache::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, BarbicanApiNetwork]} barbican::wsgi::apache::ssl: {get_param: EnableInternalTLS} barbican::wsgi::apache::workers: {get_param: BarbicanWorkers} barbican::wsgi::apache::servername: diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index dc3f2a5051..4c8d53c9f5 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -107,22 +107,27 @@ outputs: ceph::params::packages: - ceph-base - ceph-mon - # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # NOTE: bind IP is found in hiera replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR ceph::profile::params::cluster_network: str_replace: - template: "NETWORK_subnet" + template: "%{hiera('$NETWORK_subnet')}" params: NETWORK: {get_param: [ServiceNetMap, CephClusterNetwork]} ceph::profile::params::public_network: str_replace: - template: "NETWORK_subnet" + template: "%{hiera('$NETWORK_subnet')}" params: NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]} - ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephMonNetwork]} + ceph::profile::params::public_addr: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]} ceph::profile::params::client_keys: map_replace: - client.admin: diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index 3af413eb76..0f0b386814 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -70,7 +70,12 @@ outputs: - tripleo::profile::base::ceph::rgw::rgw_key: {get_param: CephRgwKey} tripleo::profile::base::ceph::rgw::keystone_admin_token: {get_param: AdminToken} tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} - tripleo::profile::base::ceph::rgw::civetweb_bind_ip: {get_param: [ServiceNetMap, CephRgwNetwork]} + tripleo::profile::base::ceph::rgw::civetweb_bind_ip: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, CephRgwNetwork]} tripleo::profile::base::ceph::rgw::civetweb_bind_port: {get_param: [EndpointMap, CephRgwInternal, port]} tripleo::profile::base::ceph::rgw::rgw_keystone_version: v3 ceph::profile::params::rgw_keystone_admin_domain: default diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index a5e1bcb6e5..1af3496237 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -137,12 +137,18 @@ outputs: $NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]} cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS} cinder::api::service_name: 'httpd' - # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # NOTE: bind IP is found in hiera replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - cinder::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]} + cinder::wsgi::apache::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]} + - cinder::wsgi::apache::servername: str_replace: template: diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index 99fa78bab8..2ef1b8c70d 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -155,12 +155,17 @@ outputs: tripleo.cinder_volume.firewall_rules: '120 iscsi initiator': dport: 3260 - # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # NOTE: bind IP is found in hiera replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_param: [ServiceNetMap, CinderIscsiNetwork]} + tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, CinderIscsiNetwork]} service_config_settings: fluentd: tripleo_fluentd_groups_cinder_volume: diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml index 523dbfece4..89c9f36536 100644 --- a/puppet/services/congress.yaml +++ b/puppet/services/congress.yaml @@ -110,7 +110,12 @@ outputs: congress::rabbit_password: {get_param: RabbitPassword} congress::rabbit_use_ssl: {get_param: RabbitClientUseSSL} congress::rabbit_port: {get_param: RabbitClientPort} - congress::server::bind_host: {get_param: [ServiceNetMap, CongressApiNetwork]} + congress::server::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, CongressApiNetwork]} congress::keystone::authtoken::password: {get_param: CongressPassword} congress::keystone::authtoken::project_name: 'service' diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml index fef239b9cc..af0e7f2f44 100644 --- a/puppet/services/database/mongodb.yaml +++ b/puppet/services/database/mongodb.yaml @@ -86,13 +86,18 @@ outputs: dport: 27018 '103 mongod': dport: 27017 - # NOTE: bind IP is found in Heat replacing the network name with the + # NOTE: bind IP is found in hiera replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - mongodb_bind_ip: {get_param: [ServiceNetMap, MongodbNetwork]} + mongodb_bind_ip: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]} # NOTE: This now takes an array, so we need to fetch the IP from hiera, # else Heat won't substitute the network name for the IP. mongodb::server::bind_ip: diff --git a/puppet/services/database/mysql-client.yaml b/puppet/services/database/mysql-client.yaml index 6215b60587..013f84ba17 100644 --- a/puppet/services/database/mysql-client.yaml +++ b/puppet/services/database/mysql-client.yaml @@ -45,7 +45,12 @@ outputs: value: service_name: mysql_client config_settings: - tripleo::profile::base::database::mysql::client::mysql_client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]} + tripleo::profile::base::database::mysql::client::mysql_client_bind_address: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS} tripleo::profile::base::database::mysql::client::ssl_ca: {get_param: InternalTLSCAFile} step_config: | diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index f1dfb170e2..2307e0622a 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -102,13 +102,18 @@ outputs: - {get_param: [DefaultPasswords, mysql_root_password]} mysql_clustercheck_password: {get_param: MysqlClustercheckPassword} enable_galera: {get_param: EnableGalera} - # NOTE: bind IP is found in Heat replacing the network name with the + # NOTE: bind IP is found in hiera replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]} + mysql_bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} tripleo::profile::base::database::mysql::bind_address: str_replace: template: @@ -116,7 +121,11 @@ outputs: params: $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} tripleo::profile::base::database::mysql::client_bind_address: - {get_param: [ServiceNetMap, MysqlNetwork]} + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} tripleo::profile::base::database::mysql::generate_dropin_file_limit: {get_param: MysqlIncreaseFileLimit} - if: diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml index c51fe94520..94e62df2f8 100644 --- a/puppet/services/database/redis-base.yaml +++ b/puppet/services/database/redis-base.yaml @@ -60,7 +60,7 @@ outputs: redis::masterauth: {get_param: RedisPassword} redis::sentinel_auth_pass: {get_param: RedisPassword} redis_ipv6: {get_param: RedisIPv6} - # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # NOTE: bind IP is found in hiera replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] @@ -74,7 +74,11 @@ outputs: - redis_ipv6 - '::1' - '127.0.0.1' - - {get_param: [ServiceNetMap, RedisNetwork]} + - str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} redis::port: 6379 redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}" redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}" @@ -86,5 +90,9 @@ outputs: - redis_ipv6 - '::1' - '127.0.0.1' - - {get_param: [ServiceNetMap, RedisNetwork]} + - str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} redis::ulimit: {get_param: RedisFDLimit} diff --git a/puppet/services/docker-registry.yaml b/puppet/services/docker-registry.yaml index 15d884ecc1..6368d92b94 100644 --- a/puppet/services/docker-registry.yaml +++ b/puppet/services/docker-registry.yaml @@ -38,7 +38,11 @@ outputs: service_name: docker_registry config_settings: tripleo::profile::base::docker_registry::registry_host: - {get_param: [ServiceNetMap, DockerRegistryNetwork]} + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, DockerRegistryNetwork]} tripleo::profile::base::docker_registry::registry_port: {get_param: [EndpointMap, DockerRegistryInternal, port]} tripleo.docker_registry.firewall_rules: diff --git a/puppet/services/ec2-api.yaml b/puppet/services/ec2-api.yaml index 876d5c3fe0..1fb5896fdd 100644 --- a/puppet/services/ec2-api.yaml +++ b/puppet/services/ec2-api.yaml @@ -159,14 +159,22 @@ outputs: if: - use_tls_proxy - tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_bind_ip: - get_param: [ServiceNetMap, Ec2ApiNetwork] + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]} tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_fqdn: str_replace: template: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]} tripleo::profile::base::nova::ec2api::metadata_tls_proxy_bind_ip: - get_param: [ServiceNetMap, Ec2ApiMetadataNetwork] + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]} tripleo::profile::base::nova::ec2api::metadata_tls_proxy_fqdn: str_replace: template: "%{hiera('fqdn_$NETWORK')}" diff --git a/puppet/services/etcd.yaml b/puppet/services/etcd.yaml index 0334fa58c8..d061faefdd 100644 --- a/puppet/services/etcd.yaml +++ b/puppet/services/etcd.yaml @@ -60,12 +60,17 @@ outputs: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]} - # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # NOTE: bind IP is found in hiera replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - tripleo::profile::base::etcd::bind_ip: {get_param: [ServiceNetMap, EtcdNetwork]} + tripleo::profile::base::etcd::bind_ip: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]} tripleo::profile::base::etcd::client_port: '2379' tripleo::profile::base::etcd::peer_port: '2380' etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken} diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 4dd720bfd1..64d357dc1e 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -237,14 +237,18 @@ outputs: glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]} glance::api::os_region_name: {get_param: KeystoneRegion} glance::api::image_member_quota: {get_param: GlanceImageMemberQuota} - # NOTE: bind IP is found in Heat replacing the network name with the + # NOTE: bind IP is found in hiera replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR tripleo::profile::base::glance::api::tls_proxy_bind_ip: - get_param: [ServiceNetMap, GlanceApiNetwork] + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]} tripleo::profile::base::glance::api::tls_proxy_fqdn: str_replace: template: @@ -259,7 +263,11 @@ outputs: if: - use_tls_proxy - 'localhost' - - {get_param: [ServiceNetMap, GlanceApiNetwork]} + - str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]} glance_notifier_strategy: {get_param: GlanceNotifierStrategy} glance_log_file: {get_param: GlanceLogFile} glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneV3Internal, uri] } diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index 676800561c..d3eacaf3cc 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -124,13 +124,18 @@ outputs: $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]} tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend} tripleo::profile::base::gnocchi::api::incoming_storage_driver: {get_param: GnocchiIncomingStorageDriver} - # NOTE: bind IP is found in Heat replacing the network name with the + # NOTE: bind IP is found in hiera replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]} + gnocchi::wsgi::apache::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]} gnocchi::wsgi::apache::wsgi_process_display_name: 'gnocchi_wsgi' step_config: | include ::tripleo::profile::base::gnocchi::api diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index b3d5fe2426..010548fb54 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -95,15 +95,25 @@ outputs: dport: - 8000 - 13800 - heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]} + heat::api_cfn::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]} heat::wsgi::apache_api_cfn::ssl: {get_param: EnableInternalTLS} heat::api_cfn::service_name: 'httpd' - # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # NOTE: bind IP is found in hiera replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - heat::wsgi::apache_api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]} + heat::wsgi::apache_api_cfn::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]} heat::wsgi::apache_api_cfn::servername: str_replace: template: diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index 63d5873ecb..8d69430ed5 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -101,16 +101,26 @@ outputs: dport: - 8004 - 13004 - heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]} + heat::api::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]} heat::wsgi::apache_api::ssl: {get_param: EnableInternalTLS} heat::policy::policies: {get_param: HeatApiPolicies} heat::api::service_name: 'httpd' - # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # NOTE: bind IP is found in hiera replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - heat::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]} + heat::wsgi::apache_api::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]} heat::wsgi::apache_api::servername: str_replace: template: diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index ef81ebd505..97c1c1d47a 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -115,7 +115,12 @@ outputs: horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache horizon::django_session_engine: 'django.contrib.sessions.backends.cache' horizon::vhost_extra_params: {get_param: HorizonVhostExtraParams} - horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]} + horizon::bind_address: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]} horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} horizon::password_validator: {get_param: [HorizonPasswordValidator]} horizon::password_validator_help: {get_param: [HorizonPasswordValidatorHelp]} diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index 86c9849699..fc22931779 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -90,19 +90,29 @@ outputs: ironic::api::authtoken::username: 'ironic' ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} - # NOTE: bind IP is found in Heat replacing the network name with the + # NOTE: bind IP is found in hiera replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - ironic::api::host_ip: {get_param: [ServiceNetMap, IronicApiNetwork]} + ironic::api::host_ip: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]} ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]} # This is used to build links in responses ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} ironic::api::service_name: 'httpd' ironic::policy::policies: {get_param: IronicApiPolicies} - ironic::wsgi::apache::bind_host: {get_param: [ServiceNetMap, IronicApiNetwork]} + ironic::wsgi::apache::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]} ironic::wsgi::apache::port: {get_param: [EndpointMap, IronicInternal, port]} ironic::wsgi::apache::servername: str_replace: diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index 7106730544..c1dc814a79 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -207,7 +207,12 @@ outputs: ironic::conductor::automated_clean: {get_param: IronicAutomatedClean} ironic::conductor::enabled_hardware_types: {get_param: IronicEnabledHardwareTypes} # We need an endpoint containing a real IP, not a VIP here - ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]} + ironic_conductor_http_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, IronicNetwork]} ironic::conductor::http_url: list_join: - '' @@ -216,14 +221,24 @@ outputs: - {get_param: IronicIPXEPort} ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled} ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} - # NOTE: bind IP is found in Heat replacing the network name with the + # NOTE: bind IP is found in hiera replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - ironic::drivers::pxe::tftp_server: {get_param: [ServiceNetMap, IronicNetwork]} - ironic::pxe::tftp_bind_host: {get_param: [ServiceNetMap, IronicNetwork]} + ironic::drivers::pxe::tftp_server: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, IronicNetwork]} + ironic::pxe::tftp_bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, IronicNetwork]} # NOTE(dtantsur): UEFI only works with iPXE currently for us ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template' ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi' @@ -256,7 +271,12 @@ outputs: # glance and neutron endpoints, virtual console IP. We override # the TFTP server IP in ironic-conductor.yaml as it should not be # the VIP, but rather a real IP of the host. - ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]} + ironic::my_ip: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, IronicNetwork]} ironic::pxe::common::http_port: {get_param: IronicIPXEPort} # Credentials to access other services ironic::cinder::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} diff --git a/puppet/services/ironic-inspector.yaml b/puppet/services/ironic-inspector.yaml index a20878eca1..3ce3a8471e 100644 --- a/puppet/services/ironic-inspector.yaml +++ b/puppet/services/ironic-inspector.yaml @@ -113,8 +113,18 @@ outputs: monitoring_subscription: {get_param: MonitoringSubscriptionIronicInspector} config_settings: map_merge: - - ironic::inspector::listen_address: {get_param: [ServiceNetMap, IronicInspectorNetwork]} - ironic::inspector::dnsmasq_local_ip: {get_param: [ServiceNetMap, IronicInspectorNetwork]} + - ironic::inspector::listen_address: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, IronicInspectorNetwork]} + ironic::inspector::dnsmasq_local_ip: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, IronicInspectorNetwork]} ironic::inspector::dnsmasq_ip_range: {get_param: IronicInspectorIpRange} ironic::inspector::dnsmasq_interface: {get_param: IronicInspectorInterface} ironic::inspector::debug: {get_param: Debug} diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 83e54a13fc..cd46f21ab9 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -424,15 +424,25 @@ outputs: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} - # NOTE: bind IP is found in Heat replacing the network name with the + # NOTE: bind IP is found in hiera replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR # NOTE: this applies to all 2 bind IP settings below... - keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} - keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} + keystone::wsgi::apache::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} + keystone::wsgi::apache::admin_bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} keystone::cron::token_flush::ensure: {get_param: KeystoneCronTokenFlushEnsure} keystone::cron::token_flush::minute: {get_param: KeystoneCronTokenFlushMinute} keystone::cron::token_flush::hour: {get_param: KeystoneCronTokenFlushHour} diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml index 9b3a7e49af..c70a634433 100644 --- a/puppet/services/manila-api.yaml +++ b/puppet/services/manila-api.yaml @@ -73,13 +73,18 @@ outputs: dport: - 8786 - 13786 - # NOTE: bind IP is found in Heat replacing the network name with the + # NOTE: bind IP is found in hiera replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - manila::api::bind_host: {get_param: [ServiceNetMap, ManilaApiNetwork]} + manila::api::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, ManilaApiNetwork]} manila::api::enable_proxy_headers_parsing: true manila::api::default_share_type: 'default' step_config: | diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml index d3348e95ce..756543211e 100644 --- a/puppet/services/memcached.yaml +++ b/puppet/services/memcached.yaml @@ -64,12 +64,17 @@ outputs: service_name: memcached monitoring_subscription: {get_param: MonitoringSubscriptionMemcached} config_settings: - # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # NOTE: bind IP is found in hiera replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - memcached::listen_ip: {get_param: [ServiceNetMap, MemcachedNetwork]} + memcached::listen_ip: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]} memcached::max_memory: {get_param: MemcachedMaxMemory} memcached::verbosity: list_join: diff --git a/puppet/services/mistral-api.yaml b/puppet/services/mistral-api.yaml index 2f339538f2..11da0a44a2 100644 --- a/puppet/services/mistral-api.yaml +++ b/puppet/services/mistral-api.yaml @@ -75,7 +75,12 @@ outputs: map_merge: - get_attr: [MistralBase, role_data, config_settings] - mistral::api::api_workers: {get_param: MistralWorkers} - mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]} + mistral::api::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]} mistral::wsgi::apache::ssl: {get_param: EnableInternalTLS} mistral::policy::policies: {get_param: MistralApiPolicies} tripleo.mistral_api.firewall_rules: @@ -84,7 +89,12 @@ outputs: - 8989 - 13989 mistral::api::service_name: 'httpd' - mistral::wsgi::apache::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]} + mistral::wsgi::apache::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]} mistral::wsgi::apache::servername: str_replace: template: diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index 9b741c205f..ddd414249f 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -180,13 +180,17 @@ outputs: - 13696 neutron::server::router_distributed: {get_param: NeutronEnableDVR} neutron::server::enable_dvr: {get_param: NeutronEnableDVR} - # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # NOTE: bind IP is found in hiera replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR tripleo::profile::base::neutron::server::tls_proxy_bind_ip: - get_param: [ServiceNetMap, NeutronApiNetwork] + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]} tripleo::profile::base::neutron::server::tls_proxy_fqdn: str_replace: template: @@ -201,7 +205,11 @@ outputs: if: - use_tls_proxy - 'localhost' - - {get_param: [ServiceNetMap, NeutronApiNetwork]} + - str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]} tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA} - if: diff --git a/puppet/services/neutron-linuxbridge-agent.yaml b/puppet/services/neutron-linuxbridge-agent.yaml index 6f5bda88f6..bd18cc70f2 100644 --- a/puppet/services/neutron-linuxbridge-agent.yaml +++ b/puppet/services/neutron-linuxbridge-agent.yaml @@ -76,7 +76,12 @@ outputs: - neutron::agents::ml2::linuxbridge::physical_interface_mappings: {get_param: PhysicalInterfaceMapping} neutron::agents::ml2::linuxbridge::l2_population: {get_param: NeutronEnableL2Pop} neutron::agents::ml2::linuxbridge::tunnel_types: {get_param: NeutronTunnelTypes} - neutron::agents::ml2::linuxbridge::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} + neutron::agents::ml2::linuxbridge::local_ip: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]} neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.BridgeInterfaceDriver' neutron::agents::dhcp::dhcp_driver: 'neutron.agent.linux.dhcp.Dnsmasq' - diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 0d8ac5f593..26430eb64f 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -138,13 +138,18 @@ outputs: neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder} neutron::agents::ml2::ovs::tunnel_types: {get_param: NeutronTunnelTypes} neutron::agents::ml2::ovs::extensions: {get_param: NeutronAgentExtensions} - # NOTE: bind IP is found in Heat replacing the network name with the + # NOTE: bind IP is found in hiera replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} + neutron::agents::ml2::ovs::local_ip: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]} tripleo.neutron_ovs_agent.firewall_rules: '118 neutron vxlan networks': proto: 'udp' diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index e880fb5851..f7a861ab2c 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -142,12 +142,17 @@ outputs: nova_wsgi_enabled: true nova::api::service_name: 'httpd' nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS} - # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # NOTE: bind IP is found in hiera replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::wsgi::apache_api::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} nova::wsgi::apache_api::servername: str_replace: template: diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index ec9a9c015f..b569431e1a 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -161,7 +161,12 @@ outputs: service_name: nova_base config_settings: map_merge: - - nova::my_ip: {get_param: [ServiceNetMap, NovaApiNetwork]} + - nova::my_ip: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} nova::rabbit_password: {get_param: RabbitPassword} nova::rabbit_userid: {get_param: RabbitUserName} nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index c840cbe013..4bb6749c88 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -217,13 +217,18 @@ outputs: # mode. nova::migration::live_migration_tunnelled: {get_param: NovaEnableRbdBackend} nova::compute::neutron::libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver} - # NOTE: bind IP is found in Heat replacing the network name with the + # NOTE: bind IP is found in hiera replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - nova::compute::vncserver_proxyclient_address: {get_param: [ServiceNetMap, NovaVncProxyNetwork]} + nova::compute::vncserver_proxyclient_address: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaVncProxyNetwork]} nova::compute::vncproxy_host: {get_param: [EndpointMap, NovaPublic, host_nobrackets]} nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]} nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]} diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 1d233cee31..e7e69366b6 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -209,7 +209,12 @@ outputs: nova::compute::libvirt::qemu::configure_qemu: true nova::compute::libvirt::qemu::max_files: 32768 nova::compute::libvirt::qemu::max_processes: 131072 - nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + nova::compute::libvirt::vncserver_listen: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} rbd_persistent_storage: {get_param: CinderEnableRbdBackend} tripleo.nova_libvirt.firewall_rules: '200 nova_libvirt': @@ -226,7 +231,11 @@ outputs: tripleo::profile::base::nova::migration::client::libvirt_tls: true tripleo::profile::base::nova::libvirt::tls_password: {get_param: [LibvirtTLSPassword]} nova::migration::libvirt::listen_address: - get_param: [ServiceNetMap, NovaLibvirtNetwork] + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} nova::migration::libvirt::live_migration_inbound_addr: str_replace: template: diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml index 2b9c809b32..96a1da53dd 100644 --- a/puppet/services/nova-metadata.yaml +++ b/puppet/services/nova-metadata.yaml @@ -66,7 +66,11 @@ outputs: if: - use_tls_proxy - 'localhost' - - {get_param: [ServiceNetMap, NovaMetadataNetwork]} + - str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]} - if: - nova_workers_zero @@ -76,7 +80,11 @@ outputs: if: - use_tls_proxy - tripleo::profile::base::nova::api::metadata_tls_proxy_bind_ip: - get_param: [ServiceNetMap, NovaMetadataNetwork] + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]} tripleo::profile::base::nova::api::metadata_tls_proxy_fqdn: str_replace: template: diff --git a/puppet/services/nova-migration-target.yaml b/puppet/services/nova-migration-target.yaml index 04489127fe..f3f4a26f73 100644 --- a/puppet/services/nova-migration-target.yaml +++ b/puppet/services/nova-migration-target.yaml @@ -56,13 +56,23 @@ outputs: - "%{hiera('cold_migration_ssh_inbound_addr')}" - "%{hiera('live_migration_ssh_inbound_addr')}" live_migration_ssh_inbound_addr: - get_param: - - ServiceNetMap - - str_replace: - template: "ROLENAMEHostnameResolveNetwork" - params: - ROLENAME: {get_param: RoleName} - cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaApiNetwork]} + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: + get_param: + - ServiceNetMap + - str_replace: + template: "ROLENAMEHostnameResolveNetwork" + params: + ROLENAME: {get_param: RoleName} + cold_migration_ssh_inbound_addr: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} tripleo::profile::base::sshd::port: - 22 - {get_param: MigrationSshPort} diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml index b5f4b31f93..920bf0ab31 100644 --- a/puppet/services/nova-placement.yaml +++ b/puppet/services/nova-placement.yaml @@ -100,12 +100,17 @@ outputs: nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} nova::wsgi::apache_placement::api_port: '8778' nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS} - # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # NOTE: bind IP is found in hiera replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - nova::wsgi::apache_placement::bind_host: {get_param: [ServiceNetMap, NovaPlacementNetwork]} + nova::wsgi::apache_placement::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaPlacementNetwork]} nova::wsgi::apache_placement::servername: str_replace: template: diff --git a/puppet/services/nova-vnc-proxy.yaml b/puppet/services/nova-vnc-proxy.yaml index a0427c63b2..1cd454a8f0 100644 --- a/puppet/services/nova-vnc-proxy.yaml +++ b/puppet/services/nova-vnc-proxy.yaml @@ -115,12 +115,17 @@ outputs: nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]} nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]} nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]} - # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # NOTE: bind IP is found in hiera replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - nova::vncproxy::host: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::vncproxy::host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} tripleo.nova_vnc_proxy.firewall_rules: '137 nova_vnc_proxy': dport: diff --git a/puppet/services/octavia-api.yaml b/puppet/services/octavia-api.yaml index 9ecb39fc21..d034e79897 100644 --- a/puppet/services/octavia-api.yaml +++ b/puppet/services/octavia-api.yaml @@ -95,7 +95,12 @@ outputs: dport: - 9876 - 13876 - octavia::api::host: {get_param: [ServiceNetMap, OctaviaApiNetwork]} + octavia::api::host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]} step_config: | include tripleo::profile::base::octavia::api service_config_settings: diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml index c6a1cecb70..b09b019c1e 100644 --- a/puppet/services/opendaylight-api.yaml +++ b/puppet/services/opendaylight-api.yaml @@ -125,7 +125,12 @@ outputs: opendaylight::username: {get_param: OpenDaylightUsername} opendaylight::password: {get_param: OpenDaylightPassword} opendaylight::extra_features: {get_param: OpenDaylightFeatures} - opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]} + opendaylight::odl_bind_ip: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]} opendaylight::manage_repositories: {get_param: OpenDaylightManageRepositories} tripleo.opendaylight_api.firewall_rules: '137 opendaylight api': diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index 3390645eab..0df5705fac 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -178,7 +178,12 @@ outputs: neutron::plugins::ovs::opendaylight::odl_username: {get_param: OpenDaylightUsername} neutron::plugins::ovs::opendaylight::odl_password: {get_param: OpenDaylightPassword} opendaylight_check_url: {get_param: OpenDaylightCheckURL} - neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} + neutron::agents::ml2::ovs::local_ip: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]} tripleo.opendaylight_ovs.firewall_rules: '118 neutron vxlan networks': proto: 'udp' diff --git a/puppet/services/ovn-controller.yaml b/puppet/services/ovn-controller.yaml index 25471de084..e48409761c 100644 --- a/puppet/services/ovn-controller.yaml +++ b/puppet/services/ovn-controller.yaml @@ -99,7 +99,12 @@ outputs: - get_attr: [RoleParametersValue, value] - ovn::southbound::port: {get_param: OVNSouthboundServerPort} ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType} - ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} + ovn::controller::ovn_encap_ip: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]} ovn::controller::ovn_bridge: {get_param: OVNIntegrationBridge} nova::compute::force_config_drive: {if: [force_config_drive, true, false]} tripleo.ovn_controller.firewall_rules: diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml index f9031721bb..9bcfcca744 100644 --- a/puppet/services/ovn-dbs.yaml +++ b/puppet/services/ovn-dbs.yaml @@ -47,7 +47,12 @@ outputs: config_settings: ovn::northbound::port: {get_param: OVNNorthboundServerPort} ovn::southbound::port: {get_param: OVNSouthboundServerPort} - ovn::northd::dbs_listen_ip: {get_param: [ServiceNetMap, OvnDbsNetwork]} + ovn::northd::dbs_listen_ip: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]} tripleo::haproxy::ovn_dbs_manage_lb: true tripleo.ovn_dbs.firewall_rules: '121 OVN DB server ports': diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml index 7fcb4b3cac..8d124817dd 100644 --- a/puppet/services/pacemaker/database/mysql.yaml +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -63,14 +63,18 @@ outputs: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} - # NOTE: bind IP is found in Heat replacing the network name with the + # NOTE: bind IP is found in hiera replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR tripleo::profile::pacemaker::database::mysql::gmcast_listen_addr: - get_param: [ServiceNetMap, MysqlNetwork] + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} tripleo::profile::pacemaker::database::mysql::ca_file: get_param: InternalTLSCAFile step_config: | diff --git a/puppet/services/pacemaker/database/redis.yaml b/puppet/services/pacemaker/database/redis.yaml index c1d8bbbadb..2298ec2d46 100644 --- a/puppet/services/pacemaker/database/redis.yaml +++ b/puppet/services/pacemaker/database/redis.yaml @@ -65,7 +65,11 @@ outputs: redis::notify_service: false redis::managed_by_cluster_manager: true tripleo::profile::pacemaker::database::redis::tls_proxy_bind_ip: - get_param: [ServiceNetMap, RedisNetwork] + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} tripleo::profile::pacemaker::database::redis::tls_proxy_fqdn: str_replace: template: diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml index d4a1446552..f24fac6f46 100644 --- a/puppet/services/panko-api.yaml +++ b/puppet/services/panko-api.yaml @@ -103,13 +103,18 @@ outputs: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} - # NOTE: bind IP is found in Heat replacing the network name with the + # NOTE: bind IP is found in hiera replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - panko::wsgi::apache::bind_host: {get_param: [ServiceNetMap, PankoApiNetwork]} + panko::wsgi::apache::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} service_config_settings: get_attr: [PankoBase, role_data, service_config_settings] step_config: | diff --git a/puppet/services/qdr.yaml b/puppet/services/qdr.yaml index dd78b6fb7d..96a71f6b32 100644 --- a/puppet/services/qdr.yaml +++ b/puppet/services/qdr.yaml @@ -61,7 +61,12 @@ outputs: '109 qdr': dport: - {get_param: RabbitClientPort} - qdr::listener_addr: {get_param: [ServiceNetMap, QdrNetwork]} + qdr::listener_addr: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, QdrNetwork]} # cannot pass qdr::listener_port directly because it needs to be a string # we do the conversion in the puppet layer tripleo::profile::base::qdr::qdr_listener_port: {get_param: RabbitClientPort} diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 7e2c2f8e47..ce8011cf08 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -120,20 +120,30 @@ outputs: passwords: - {get_param: RabbitCookie} - {get_param: [DefaultPasswords, rabbit_cookie]} - # NOTE: bind IP is found in Heat replacing the network name with the + # NOTE: bind IP is found in hiera replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - rabbitmq::interface: {get_param: [ServiceNetMap, RabbitmqNetwork]} + rabbitmq::interface: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]} rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues} rabbitmq::ssl: {get_param: EnableInternalTLS} rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS} rabbitmq::ssl_port: 5672 rabbitmq::ssl_depth: 1 rabbitmq::ssl_only: {get_param: EnableInternalTLS} - rabbitmq::ssl_interface: {get_param: [ServiceNetMap, RabbitmqNetwork]} + rabbitmq::ssl_interface: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]} # TODO(jaosorior): Remove this once we set a proper default in # puppet-tripleo tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS} diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index 115d13f71f..f45a63f668 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -80,12 +80,17 @@ outputs: - sahara::port: {get_param: [EndpointMap, SaharaInternal, port]} sahara::policy::policies: {get_param: SaharaApiPolicies} sahara::service::api::api_workers: {get_param: SaharaWorkers} - # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # NOTE: bind IP is found in hiera replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - sahara::host: {get_param: [ServiceNetMap, SaharaApiNetwork]} + sahara::host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, SaharaApiNetwork]} tripleo.sahara_api.firewall_rules: '132 sahara': dport: diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 993daf9431..2fd91bb789 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -207,14 +207,18 @@ outputs: - 'proxy-logging' - 'proxy-server' swift::proxy::account_autocreate: true - # NOTE: bind IP is found in Heat replacing the network name with the + # NOTE: bind IP is found in hiera replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR tripleo::profile::base::swift::proxy::tls_proxy_bind_ip: - get_param: [ServiceNetMap, SwiftProxyNetwork] + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]} tripleo::profile::base::swift::proxy::tls_proxy_fqdn: str_replace: template: @@ -228,7 +232,11 @@ outputs: if: - use_tls_proxy - 'localhost' - - {get_param: [ServiceNetMap, SwiftProxyNetwork]} + - str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]} step_config: | include ::tripleo::profile::base::swift::proxy service_config_settings: diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml index 815a04bf43..dc2f7b6280 100644 --- a/puppet/services/swift-storage.yaml +++ b/puppet/services/swift-storage.yaml @@ -130,7 +130,12 @@ outputs: - healthcheck - account-server swift::storage::disks::args: {get_param: SwiftRawDisks} - swift::storage::all::storage_local_net_ip: {get_param: [ServiceNetMap, SwiftStorageNetwork]} + swift::storage::all::storage_local_net_ip: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, SwiftStorageNetwork]} swift::storage::all::account_server_workers: {get_param: SwiftAccountWorkers} swift::storage::all::container_server_workers: {get_param: SwiftContainerWorkers} swift::storage::all::object_server_workers: {get_param: SwiftObjectWorkers} diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml index fe6127958c..574c156472 100644 --- a/puppet/services/tacker.yaml +++ b/puppet/services/tacker.yaml @@ -111,7 +111,12 @@ outputs: tacker::rabbit_password: {get_param: RabbitPassword} tacker::rabbit_use_ssl: {get_param: RabbitClientUseSSL} tacker::rabbit_port: {get_param: RabbitClientPort} - tacker::server::bind_host: {get_param: [ServiceNetMap, TackerApiNetwork]} + tacker::server::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, TackerApiNetwork]} tacker::keystone::authtoken::project_name: 'service' tacker::keystone::authtoken::user_domain_name: 'Default' diff --git a/puppet/services/zaqar-api.yaml b/puppet/services/zaqar-api.yaml index a9f51b92ee..d33bec3406 100644 --- a/puppet/services/zaqar-api.yaml +++ b/puppet/services/zaqar-api.yaml @@ -112,10 +112,25 @@ outputs: - {get_param: Debug } - {get_param: ZaqarDebug } zaqar::server::service_name: 'httpd' - zaqar::transport::websocket::bind: {get_param: [ServiceNetMap, ZaqarApiNetwork]} - zaqar::transport::websocket::notification_bind: {get_param: [ServiceNetMap, ZaqarApiNetwork]} + zaqar::transport::websocket::bind: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]} + zaqar::transport::websocket::notification_bind: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]} zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS} - zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]} + zaqar::wsgi::apache::bind_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]} zaqar::message_pipeline: 'zaqar.notification.notifier' zaqar::max_messages_post_size: 1048576 zaqar::unreliable: true diff --git a/releasenotes/notes/hiera_net_ip_map-ff866b443a28bdc4.yaml b/releasenotes/notes/hiera_net_ip_map-ff866b443a28bdc4.yaml new file mode 100644 index 0000000000..b9e50a1d0a --- /dev/null +++ b/releasenotes/notes/hiera_net_ip_map-ff866b443a28bdc4.yaml @@ -0,0 +1,9 @@ +--- +upgrade: + - | + Per-service config_settings should now use hiera interpolation to set + the bind IP for services, e.g "%{hiera('internal_api')}" whereas prior + to this release we replaced e.g internal_api for the IP address internally. + The network name can still be derived from the ServiceNetMap - all the + in-tree templates have been converted to the new format, but any out + of tree templates may require similar adjustment.