Convert ServiceNetMap evals to hiera interpolation

Since https://review.openstack.org/#/c/514707/ added the net_ip_map
to hieradata, we can look up the per-network bind IPs via hiera
interpolation instead of heat map_replace.

In some cases the ServiceNetMap lookup is used for other things,
but anywhere we make use of the "magic" translation via NetIpMap
is changed the same way.

This will enable more of the configuration data to be exposed per
role vs per node in a future patch (to simplify our ansible
workflow).

Co-authored-by: Bogdan Dobrelya <bdobreli@redhat.com>
Change-Id: Ie3da9fedbfce87e85f74d8780e7ad1ceadda79c8
This commit is contained in:
Steven Hardy 2017-12-08 14:09:17 +00:00 committed by Emilien Macchi
parent 448598d681
commit 3a7baa8fa6
59 changed files with 505 additions and 119 deletions

View File

@ -231,7 +231,15 @@ outputs:
ceph_docker_image_tag: {get_attr: [DockerImageUrlParts, value, image_tag]}
containerized_deployment: true
public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
monitor_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
monitor_address_block:
get_param:
- ServiceData
- net_cidr_map
- str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
cluster_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
user_config: true
ceph_stable: true

View File

@ -72,7 +72,15 @@ outputs:
- {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
- radosgw_keystone: true
radosgw_keystone_ssl: false
radosgw_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephRgwNetwork]}]}
radosgw_address_block:
get_param:
- ServiceData
- net_cidr_map
- str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CephRgwNetwork]}
radosgw_civetweb_port: {get_param: [EndpointMap, CephRgwInternal, port]}
service_config_settings:
keystone:

View File

@ -89,7 +89,12 @@ outputs:
map_merge:
- get_attr: [MistralBase, role_data, config_settings]
- mistral::api::api_workers: {get_param: MistralWorkers}
mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
mistral::api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
mistral::policy::policies: {get_param: MistralApiPolicies}
tripleo.mistral_api.firewall_rules:
'133 mistral':

View File

@ -96,7 +96,11 @@ outputs:
tripleo::stunnel::manage_service: false
tripleo::stunnel::foreground: 'yes'
tripleo::profile::pacemaker::database::redis_bundle::tls_proxy_bind_ip:
get_param: [ServiceNetMap, RedisNetwork]
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
tripleo::profile::pacemaker::database::redis_bundle::tls_proxy_fqdn:
str_replace:
template:

View File

@ -539,10 +539,7 @@ resources:
service_names: {get_param: ServiceNames}
sensu::subscriptions: {get_param: MonitoringSubscriptions}
net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
service_configs:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
service_configs: {get_param: ServiceConfigSettings}
{{role.name.lower()}}_extraconfig:
map_merge:
{%- if role.deprecated_param_extraconfig is defined %}

View File

@ -102,13 +102,18 @@ outputs:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]}
aodh::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]}
service_config_settings:
get_attr: [AodhBase, role_data, service_config_settings]
step_config: |

View File

@ -80,15 +80,21 @@ outputs:
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]}
apache::ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
apache::default_vhost: false
apache::server_signature: 'Off'
apache::server_tokens: 'Prod'
apache_remote_proxy_ips_network:
str_replace:
template: "NETWORK_subnet"
template:
"%{hiera('$NETWORK_subnet')}"
params:
NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
$NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
apache::mod::prefork::maxclients: { get_param: ApacheMaxRequestWorkers }
apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit }
apache::mod::remoteip::proxy_ips:

View File

@ -132,7 +132,12 @@ outputs:
barbican::api::rabbit_port: {get_param: RabbitClientPort}
barbican::api::rabbit_heartbeat_timeout_threshold: 60
barbican::api::service_name: 'httpd'
barbican::wsgi::apache::bind_host: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
barbican::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
barbican::wsgi::apache::ssl: {get_param: EnableInternalTLS}
barbican::wsgi::apache::workers: {get_param: BarbicanWorkers}
barbican::wsgi::apache::servername:

View File

@ -107,22 +107,27 @@ outputs:
ceph::params::packages:
- ceph-base
- ceph-mon
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
ceph::profile::params::cluster_network:
str_replace:
template: "NETWORK_subnet"
template: "%{hiera('$NETWORK_subnet')}"
params:
NETWORK: {get_param: [ServiceNetMap, CephClusterNetwork]}
ceph::profile::params::public_network:
str_replace:
template: "NETWORK_subnet"
template: "%{hiera('$NETWORK_subnet')}"
params:
NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephMonNetwork]}
ceph::profile::params::public_addr:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
ceph::profile::params::client_keys:
map_replace:
- client.admin:

View File

@ -70,7 +70,12 @@ outputs:
- tripleo::profile::base::ceph::rgw::rgw_key: {get_param: CephRgwKey}
tripleo::profile::base::ceph::rgw::keystone_admin_token: {get_param: AdminToken}
tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
tripleo::profile::base::ceph::rgw::civetweb_bind_ip: {get_param: [ServiceNetMap, CephRgwNetwork]}
tripleo::profile::base::ceph::rgw::civetweb_bind_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CephRgwNetwork]}
tripleo::profile::base::ceph::rgw::civetweb_bind_port: {get_param: [EndpointMap, CephRgwInternal, port]}
tripleo::profile::base::ceph::rgw::rgw_keystone_version: v3
ceph::profile::params::rgw_keystone_admin_domain: default

View File

@ -137,12 +137,18 @@ outputs:
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS}
cinder::api::service_name: 'httpd'
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
cinder::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
cinder::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
-
cinder::wsgi::apache::servername:
str_replace:
template:

View File

@ -155,12 +155,17 @@ outputs:
tripleo.cinder_volume.firewall_rules:
'120 iscsi initiator':
dport: 3260
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
service_config_settings:
fluentd:
tripleo_fluentd_groups_cinder_volume:

View File

@ -110,7 +110,12 @@ outputs:
congress::rabbit_password: {get_param: RabbitPassword}
congress::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
congress::rabbit_port: {get_param: RabbitClientPort}
congress::server::bind_host: {get_param: [ServiceNetMap, CongressApiNetwork]}
congress::server::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CongressApiNetwork]}
congress::keystone::authtoken::password: {get_param: CongressPassword}
congress::keystone::authtoken::project_name: 'service'

View File

@ -86,13 +86,18 @@ outputs:
dport: 27018
'103 mongod':
dport: 27017
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
mongodb_bind_ip: {get_param: [ServiceNetMap, MongodbNetwork]}
mongodb_bind_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]}
# NOTE: This now takes an array, so we need to fetch the IP from hiera,
# else Heat won't substitute the network name for the IP.
mongodb::server::bind_ip:

View File

@ -45,7 +45,12 @@ outputs:
value:
service_name: mysql_client
config_settings:
tripleo::profile::base::database::mysql::client::mysql_client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]}
tripleo::profile::base::database::mysql::client::mysql_client_bind_address:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS}
tripleo::profile::base::database::mysql::client::ssl_ca: {get_param: InternalTLSCAFile}
step_config: |

View File

@ -102,13 +102,18 @@ outputs:
- {get_param: [DefaultPasswords, mysql_root_password]}
mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
enable_galera: {get_param: EnableGalera}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]}
mysql_bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
tripleo::profile::base::database::mysql::bind_address:
str_replace:
template:
@ -116,7 +121,11 @@ outputs:
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
tripleo::profile::base::database::mysql::client_bind_address:
{get_param: [ServiceNetMap, MysqlNetwork]}
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
tripleo::profile::base::database::mysql::generate_dropin_file_limit:
{get_param: MysqlIncreaseFileLimit}
- if:

View File

@ -60,7 +60,7 @@ outputs:
redis::masterauth: {get_param: RedisPassword}
redis::sentinel_auth_pass: {get_param: RedisPassword}
redis_ipv6: {get_param: RedisIPv6}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
@ -74,7 +74,11 @@ outputs:
- redis_ipv6
- '::1'
- '127.0.0.1'
- {get_param: [ServiceNetMap, RedisNetwork]}
- str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
redis::port: 6379
redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}"
redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}"
@ -86,5 +90,9 @@ outputs:
- redis_ipv6
- '::1'
- '127.0.0.1'
- {get_param: [ServiceNetMap, RedisNetwork]}
- str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
redis::ulimit: {get_param: RedisFDLimit}

View File

@ -38,7 +38,11 @@ outputs:
service_name: docker_registry
config_settings:
tripleo::profile::base::docker_registry::registry_host:
{get_param: [ServiceNetMap, DockerRegistryNetwork]}
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, DockerRegistryNetwork]}
tripleo::profile::base::docker_registry::registry_port:
{get_param: [EndpointMap, DockerRegistryInternal, port]}
tripleo.docker_registry.firewall_rules:

View File

@ -159,14 +159,22 @@ outputs:
if:
- use_tls_proxy
- tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_bind_ip:
get_param: [ServiceNetMap, Ec2ApiNetwork]
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_fqdn:
str_replace:
template: "%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_bind_ip:
get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_fqdn:
str_replace:
template: "%{hiera('fqdn_$NETWORK')}"

View File

@ -60,12 +60,17 @@ outputs:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
tripleo::profile::base::etcd::bind_ip: {get_param: [ServiceNetMap, EtcdNetwork]}
tripleo::profile::base::etcd::bind_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
tripleo::profile::base::etcd::client_port: '2379'
tripleo::profile::base::etcd::peer_port: '2380'
etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken}

View File

@ -237,14 +237,18 @@ outputs:
glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]}
glance::api::os_region_name: {get_param: KeystoneRegion}
glance::api::image_member_quota: {get_param: GlanceImageMemberQuota}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
tripleo::profile::base::glance::api::tls_proxy_bind_ip:
get_param: [ServiceNetMap, GlanceApiNetwork]
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
tripleo::profile::base::glance::api::tls_proxy_fqdn:
str_replace:
template:
@ -259,7 +263,11 @@ outputs:
if:
- use_tls_proxy
- 'localhost'
- {get_param: [ServiceNetMap, GlanceApiNetwork]}
- str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
glance_log_file: {get_param: GlanceLogFile}
glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneV3Internal, uri] }

View File

@ -124,13 +124,18 @@ outputs:
$NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend}
tripleo::profile::base::gnocchi::api::incoming_storage_driver: {get_param: GnocchiIncomingStorageDriver}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
gnocchi::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
gnocchi::wsgi::apache::wsgi_process_display_name: 'gnocchi_wsgi'
step_config: |
include ::tripleo::profile::base::gnocchi::api

View File

@ -95,15 +95,25 @@ outputs:
dport:
- 8000
- 13800
heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
heat::api_cfn::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
heat::wsgi::apache_api_cfn::ssl: {get_param: EnableInternalTLS}
heat::api_cfn::service_name: 'httpd'
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
heat::wsgi::apache_api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
heat::wsgi::apache_api_cfn::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
heat::wsgi::apache_api_cfn::servername:
str_replace:
template:

View File

@ -101,16 +101,26 @@ outputs:
dport:
- 8004
- 13004
heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
heat::api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]}
heat::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
heat::policy::policies: {get_param: HeatApiPolicies}
heat::api::service_name: 'httpd'
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
heat::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
heat::wsgi::apache_api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]}
heat::wsgi::apache_api::servername:
str_replace:
template:

View File

@ -115,7 +115,12 @@ outputs:
horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
horizon::vhost_extra_params: {get_param: HorizonVhostExtraParams}
horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]}
horizon::bind_address:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
horizon::password_validator: {get_param: [HorizonPasswordValidator]}
horizon::password_validator_help: {get_param: [HorizonPasswordValidatorHelp]}

View File

@ -90,19 +90,29 @@ outputs:
ironic::api::authtoken::username: 'ironic'
ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
ironic::api::host_ip: {get_param: [ServiceNetMap, IronicApiNetwork]}
ironic::api::host_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
# This is used to build links in responses
ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
ironic::api::service_name: 'httpd'
ironic::policy::policies: {get_param: IronicApiPolicies}
ironic::wsgi::apache::bind_host: {get_param: [ServiceNetMap, IronicApiNetwork]}
ironic::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
ironic::wsgi::apache::port: {get_param: [EndpointMap, IronicInternal, port]}
ironic::wsgi::apache::servername:
str_replace:

View File

@ -207,7 +207,12 @@ outputs:
ironic::conductor::automated_clean: {get_param: IronicAutomatedClean}
ironic::conductor::enabled_hardware_types: {get_param: IronicEnabledHardwareTypes}
# We need an endpoint containing a real IP, not a VIP here
ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]}
ironic_conductor_http_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
ironic::conductor::http_url:
list_join:
- ''
@ -216,14 +221,24 @@ outputs:
- {get_param: IronicIPXEPort}
ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled}
ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
ironic::drivers::pxe::tftp_server: {get_param: [ServiceNetMap, IronicNetwork]}
ironic::pxe::tftp_bind_host: {get_param: [ServiceNetMap, IronicNetwork]}
ironic::drivers::pxe::tftp_server:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
ironic::pxe::tftp_bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
# NOTE(dtantsur): UEFI only works with iPXE currently for us
ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
@ -256,7 +271,12 @@ outputs:
# glance and neutron endpoints, virtual console IP. We override
# the TFTP server IP in ironic-conductor.yaml as it should not be
# the VIP, but rather a real IP of the host.
ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]}
ironic::my_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
ironic::pxe::common::http_port: {get_param: IronicIPXEPort}
# Credentials to access other services
ironic::cinder::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}

View File

@ -113,8 +113,18 @@ outputs:
monitoring_subscription: {get_param: MonitoringSubscriptionIronicInspector}
config_settings:
map_merge:
- ironic::inspector::listen_address: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
ironic::inspector::dnsmasq_local_ip: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
- ironic::inspector::listen_address:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
ironic::inspector::dnsmasq_local_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
ironic::inspector::dnsmasq_ip_range: {get_param: IronicInspectorIpRange}
ironic::inspector::dnsmasq_interface: {get_param: IronicInspectorInterface}
ironic::inspector::debug: {get_param: Debug}

View File

@ -424,15 +424,25 @@ outputs:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
# NOTE: this applies to all 2 bind IP settings below...
keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
keystone::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
keystone::wsgi::apache::admin_bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
keystone::cron::token_flush::ensure: {get_param: KeystoneCronTokenFlushEnsure}
keystone::cron::token_flush::minute: {get_param: KeystoneCronTokenFlushMinute}
keystone::cron::token_flush::hour: {get_param: KeystoneCronTokenFlushHour}

View File

@ -73,13 +73,18 @@ outputs:
dport:
- 8786
- 13786
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
manila::api::bind_host: {get_param: [ServiceNetMap, ManilaApiNetwork]}
manila::api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ManilaApiNetwork]}
manila::api::enable_proxy_headers_parsing: true
manila::api::default_share_type: 'default'
step_config: |

View File

@ -64,12 +64,17 @@ outputs:
service_name: memcached
monitoring_subscription: {get_param: MonitoringSubscriptionMemcached}
config_settings:
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
memcached::listen_ip: {get_param: [ServiceNetMap, MemcachedNetwork]}
memcached::listen_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]}
memcached::max_memory: {get_param: MemcachedMaxMemory}
memcached::verbosity:
list_join:

View File

@ -75,7 +75,12 @@ outputs:
map_merge:
- get_attr: [MistralBase, role_data, config_settings]
- mistral::api::api_workers: {get_param: MistralWorkers}
mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
mistral::api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
mistral::wsgi::apache::ssl: {get_param: EnableInternalTLS}
mistral::policy::policies: {get_param: MistralApiPolicies}
tripleo.mistral_api.firewall_rules:
@ -84,7 +89,12 @@ outputs:
- 8989
- 13989
mistral::api::service_name: 'httpd'
mistral::wsgi::apache::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
mistral::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
mistral::wsgi::apache::servername:
str_replace:
template:

View File

@ -180,13 +180,17 @@ outputs:
- 13696
neutron::server::router_distributed: {get_param: NeutronEnableDVR}
neutron::server::enable_dvr: {get_param: NeutronEnableDVR}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
tripleo::profile::base::neutron::server::tls_proxy_bind_ip:
get_param: [ServiceNetMap, NeutronApiNetwork]
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
tripleo::profile::base::neutron::server::tls_proxy_fqdn:
str_replace:
template:
@ -201,7 +205,11 @@ outputs:
if:
- use_tls_proxy
- 'localhost'
- {get_param: [ServiceNetMap, NeutronApiNetwork]}
- str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA}
-
if:

View File

@ -76,7 +76,12 @@ outputs:
- neutron::agents::ml2::linuxbridge::physical_interface_mappings: {get_param: PhysicalInterfaceMapping}
neutron::agents::ml2::linuxbridge::l2_population: {get_param: NeutronEnableL2Pop}
neutron::agents::ml2::linuxbridge::tunnel_types: {get_param: NeutronTunnelTypes}
neutron::agents::ml2::linuxbridge::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
neutron::agents::ml2::linuxbridge::local_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.BridgeInterfaceDriver'
neutron::agents::dhcp::dhcp_driver: 'neutron.agent.linux.dhcp.Dnsmasq'
-

View File

@ -138,13 +138,18 @@ outputs:
neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder}
neutron::agents::ml2::ovs::tunnel_types: {get_param: NeutronTunnelTypes}
neutron::agents::ml2::ovs::extensions: {get_param: NeutronAgentExtensions}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
neutron::agents::ml2::ovs::local_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
tripleo.neutron_ovs_agent.firewall_rules:
'118 neutron vxlan networks':
proto: 'udp'

View File

@ -142,12 +142,17 @@ outputs:
nova_wsgi_enabled: true
nova::api::service_name: 'httpd'
nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::wsgi::apache_api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::wsgi::apache_api::servername:
str_replace:
template:

View File

@ -161,7 +161,12 @@ outputs:
service_name: nova_base
config_settings:
map_merge:
- nova::my_ip: {get_param: [ServiceNetMap, NovaApiNetwork]}
- nova::my_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::rabbit_password: {get_param: RabbitPassword}
nova::rabbit_userid: {get_param: RabbitUserName}
nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL}

View File

@ -217,13 +217,18 @@ outputs:
# mode.
nova::migration::live_migration_tunnelled: {get_param: NovaEnableRbdBackend}
nova::compute::neutron::libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
nova::compute::vncserver_proxyclient_address: {get_param: [ServiceNetMap, NovaVncProxyNetwork]}
nova::compute::vncserver_proxyclient_address:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaVncProxyNetwork]}
nova::compute::vncproxy_host: {get_param: [EndpointMap, NovaPublic, host_nobrackets]}
nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]}

View File

@ -209,7 +209,12 @@ outputs:
nova::compute::libvirt::qemu::configure_qemu: true
nova::compute::libvirt::qemu::max_files: 32768
nova::compute::libvirt::qemu::max_processes: 131072
nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
nova::compute::libvirt::vncserver_listen:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
rbd_persistent_storage: {get_param: CinderEnableRbdBackend}
tripleo.nova_libvirt.firewall_rules:
'200 nova_libvirt':
@ -226,7 +231,11 @@ outputs:
tripleo::profile::base::nova::migration::client::libvirt_tls: true
tripleo::profile::base::nova::libvirt::tls_password: {get_param: [LibvirtTLSPassword]}
nova::migration::libvirt::listen_address:
get_param: [ServiceNetMap, NovaLibvirtNetwork]
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
nova::migration::libvirt::live_migration_inbound_addr:
str_replace:
template:

View File

@ -66,7 +66,11 @@ outputs:
if:
- use_tls_proxy
- 'localhost'
- {get_param: [ServiceNetMap, NovaMetadataNetwork]}
- str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
-
if:
- nova_workers_zero
@ -76,7 +80,11 @@ outputs:
if:
- use_tls_proxy
- tripleo::profile::base::nova::api::metadata_tls_proxy_bind_ip:
get_param: [ServiceNetMap, NovaMetadataNetwork]
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
tripleo::profile::base::nova::api::metadata_tls_proxy_fqdn:
str_replace:
template:

View File

@ -56,13 +56,23 @@ outputs:
- "%{hiera('cold_migration_ssh_inbound_addr')}"
- "%{hiera('live_migration_ssh_inbound_addr')}"
live_migration_ssh_inbound_addr:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK:
get_param:
- ServiceNetMap
- str_replace:
template: "ROLENAMEHostnameResolveNetwork"
params:
ROLENAME: {get_param: RoleName}
cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaApiNetwork]}
cold_migration_ssh_inbound_addr:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
tripleo::profile::base::sshd::port:
- 22
- {get_param: MigrationSshPort}

View File

@ -100,12 +100,17 @@ outputs:
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
nova::wsgi::apache_placement::api_port: '8778'
nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
nova::wsgi::apache_placement::bind_host: {get_param: [ServiceNetMap, NovaPlacementNetwork]}
nova::wsgi::apache_placement::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaPlacementNetwork]}
nova::wsgi::apache_placement::servername:
str_replace:
template:

View File

@ -115,12 +115,17 @@ outputs:
nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]}
nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
nova::vncproxy::host: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::vncproxy::host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
tripleo.nova_vnc_proxy.firewall_rules:
'137 nova_vnc_proxy':
dport:

View File

@ -95,7 +95,12 @@ outputs:
dport:
- 9876
- 13876
octavia::api::host: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
octavia::api::host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
step_config: |
include tripleo::profile::base::octavia::api
service_config_settings:

View File

@ -125,7 +125,12 @@ outputs:
opendaylight::username: {get_param: OpenDaylightUsername}
opendaylight::password: {get_param: OpenDaylightPassword}
opendaylight::extra_features: {get_param: OpenDaylightFeatures}
opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
opendaylight::odl_bind_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
opendaylight::manage_repositories: {get_param: OpenDaylightManageRepositories}
tripleo.opendaylight_api.firewall_rules:
'137 opendaylight api':

View File

@ -178,7 +178,12 @@ outputs:
neutron::plugins::ovs::opendaylight::odl_username: {get_param: OpenDaylightUsername}
neutron::plugins::ovs::opendaylight::odl_password: {get_param: OpenDaylightPassword}
opendaylight_check_url: {get_param: OpenDaylightCheckURL}
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
neutron::agents::ml2::ovs::local_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
tripleo.opendaylight_ovs.firewall_rules:
'118 neutron vxlan networks':
proto: 'udp'

View File

@ -99,7 +99,12 @@ outputs:
- get_attr: [RoleParametersValue, value]
- ovn::southbound::port: {get_param: OVNSouthboundServerPort}
ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType}
ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
ovn::controller::ovn_encap_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
ovn::controller::ovn_bridge: {get_param: OVNIntegrationBridge}
nova::compute::force_config_drive: {if: [force_config_drive, true, false]}
tripleo.ovn_controller.firewall_rules:

View File

@ -47,7 +47,12 @@ outputs:
config_settings:
ovn::northbound::port: {get_param: OVNNorthboundServerPort}
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
ovn::northd::dbs_listen_ip: {get_param: [ServiceNetMap, OvnDbsNetwork]}
ovn::northd::dbs_listen_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
tripleo::haproxy::ovn_dbs_manage_lb: true
tripleo.ovn_dbs.firewall_rules:
'121 OVN DB server ports':

View File

@ -63,14 +63,18 @@ outputs:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
tripleo::profile::pacemaker::database::mysql::gmcast_listen_addr:
get_param: [ServiceNetMap, MysqlNetwork]
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
tripleo::profile::pacemaker::database::mysql::ca_file:
get_param: InternalTLSCAFile
step_config: |

View File

@ -65,7 +65,11 @@ outputs:
redis::notify_service: false
redis::managed_by_cluster_manager: true
tripleo::profile::pacemaker::database::redis::tls_proxy_bind_ip:
get_param: [ServiceNetMap, RedisNetwork]
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
tripleo::profile::pacemaker::database::redis::tls_proxy_fqdn:
str_replace:
template:

View File

@ -103,13 +103,18 @@ outputs:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
panko::wsgi::apache::bind_host: {get_param: [ServiceNetMap, PankoApiNetwork]}
panko::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
service_config_settings:
get_attr: [PankoBase, role_data, service_config_settings]
step_config: |

View File

@ -61,7 +61,12 @@ outputs:
'109 qdr':
dport:
- {get_param: RabbitClientPort}
qdr::listener_addr: {get_param: [ServiceNetMap, QdrNetwork]}
qdr::listener_addr:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, QdrNetwork]}
# cannot pass qdr::listener_port directly because it needs to be a string
# we do the conversion in the puppet layer
tripleo::profile::base::qdr::qdr_listener_port: {get_param: RabbitClientPort}

View File

@ -120,20 +120,30 @@ outputs:
passwords:
- {get_param: RabbitCookie}
- {get_param: [DefaultPasswords, rabbit_cookie]}
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
rabbitmq::interface: {get_param: [ServiceNetMap, RabbitmqNetwork]}
rabbitmq::interface:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues}
rabbitmq::ssl: {get_param: EnableInternalTLS}
rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
rabbitmq::ssl_port: 5672
rabbitmq::ssl_depth: 1
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
rabbitmq::ssl_interface: {get_param: [ServiceNetMap, RabbitmqNetwork]}
rabbitmq::ssl_interface:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
# TODO(jaosorior): Remove this once we set a proper default in
# puppet-tripleo
tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}

View File

@ -80,12 +80,17 @@ outputs:
- sahara::port: {get_param: [EndpointMap, SaharaInternal, port]}
sahara::policy::policies: {get_param: SaharaApiPolicies}
sahara::service::api::api_workers: {get_param: SaharaWorkers}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
sahara::host: {get_param: [ServiceNetMap, SaharaApiNetwork]}
sahara::host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, SaharaApiNetwork]}
tripleo.sahara_api.firewall_rules:
'132 sahara':
dport:

View File

@ -207,14 +207,18 @@ outputs:
- 'proxy-logging'
- 'proxy-server'
swift::proxy::account_autocreate: true
# NOTE: bind IP is found in Heat replacing the network name with the
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
tripleo::profile::base::swift::proxy::tls_proxy_bind_ip:
get_param: [ServiceNetMap, SwiftProxyNetwork]
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
tripleo::profile::base::swift::proxy::tls_proxy_fqdn:
str_replace:
template:
@ -228,7 +232,11 @@ outputs:
if:
- use_tls_proxy
- 'localhost'
- {get_param: [ServiceNetMap, SwiftProxyNetwork]}
- str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
step_config: |
include ::tripleo::profile::base::swift::proxy
service_config_settings:

View File

@ -130,7 +130,12 @@ outputs:
- healthcheck
- account-server
swift::storage::disks::args: {get_param: SwiftRawDisks}
swift::storage::all::storage_local_net_ip: {get_param: [ServiceNetMap, SwiftStorageNetwork]}
swift::storage::all::storage_local_net_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, SwiftStorageNetwork]}
swift::storage::all::account_server_workers: {get_param: SwiftAccountWorkers}
swift::storage::all::container_server_workers: {get_param: SwiftContainerWorkers}
swift::storage::all::object_server_workers: {get_param: SwiftObjectWorkers}

View File

@ -111,7 +111,12 @@ outputs:
tacker::rabbit_password: {get_param: RabbitPassword}
tacker::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
tacker::rabbit_port: {get_param: RabbitClientPort}
tacker::server::bind_host: {get_param: [ServiceNetMap, TackerApiNetwork]}
tacker::server::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, TackerApiNetwork]}
tacker::keystone::authtoken::project_name: 'service'
tacker::keystone::authtoken::user_domain_name: 'Default'

View File

@ -112,10 +112,25 @@ outputs:
- {get_param: Debug }
- {get_param: ZaqarDebug }
zaqar::server::service_name: 'httpd'
zaqar::transport::websocket::bind: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
zaqar::transport::websocket::notification_bind: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
zaqar::transport::websocket::bind:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
zaqar::transport::websocket::notification_bind:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS}
zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
zaqar::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
zaqar::message_pipeline: 'zaqar.notification.notifier'
zaqar::max_messages_post_size: 1048576
zaqar::unreliable: true

View File

@ -0,0 +1,9 @@
---
upgrade:
- |
Per-service config_settings should now use hiera interpolation to set
the bind IP for services, e.g "%{hiera('internal_api')}" whereas prior
to this release we replaced e.g internal_api for the IP address internally.
The network name can still be derived from the ServiceNetMap - all the
in-tree templates have been converted to the new format, but any out
of tree templates may require similar adjustment.