From 43476e235ce11359a5327f9dfca671b8ffeb5ab9 Mon Sep 17 00:00:00 2001 From: Dan Prince Date: Wed, 24 Aug 2016 14:02:13 -0400 Subject: [PATCH] Move glance/heat hiera settings to services This patch removes the remaining bind IP, and password settings for Heat and Glance into the composable services. Change-Id: I17abcb2a08a1972cbcf8163f6608ac22ddfc15f7 Related-bug: #1604414 --- overcloud.yaml | 1 - puppet/controller.yaml | 18 ------------------ puppet/services/glance-api.yaml | 8 +++++++- puppet/services/glance-registry.yaml | 7 +++++++ puppet/services/heat-api-cfn.yaml | 7 +++++++ puppet/services/heat-api-cloudwatch.yaml | 7 +++++++ puppet/services/heat-api.yaml | 7 +++++++ puppet/services/heat-engine.yaml | 14 +++++++++++++- 8 files changed, 48 insertions(+), 21 deletions(-) diff --git a/overcloud.yaml b/overcloud.yaml index b37426f8f8..d055e10a1f 100644 --- a/overcloud.yaml +++ b/overcloud.yaml @@ -403,7 +403,6 @@ resources: properties: CloudDomain: {get_param: CloudDomain} controllerExtraConfig: {get_param: controllerExtraConfig} - HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey} HorizonSecret: {get_resource: HorizonSecret} PcsdPassword: {get_resource: PcsdPassword} RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 1b2706eaed..d703090605 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -87,10 +87,6 @@ parameters: type: string constraints: - custom_constraint: nova.flavor - HeatAuthEncryptionKey: - description: Auth encryption key for heat-engine - type: string - hidden: true HorizonSecret: description: Secret key for Django type: string @@ -405,7 +401,6 @@ resources: server: {get_resource: Controller} input_values: bootstack_nodeid: {get_attr: [Controller, name]} - heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} horizon_secret: {get_param: HorizonSecret} debug: {get_param: Debug} keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } @@ -440,10 +435,7 @@ resources: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} - glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} - glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]} - heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} manila_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]} @@ -559,16 +551,6 @@ resources: swift::storage::all::storage_local_net_ip: {get_input: swift_management_network} swift::swift_hash_path_suffix: {get_input: swift_hash_suffix} - # Glance - glance::api::bind_host: {get_input: glance_api_network} - glance::registry::bind_host: {get_input: glance_registry_network} - - # Heat - heat::api::bind_host: {get_input: heat_api_network} - heat::api_cloudwatch::bind_host: {get_input: heat_api_network} - heat::api_cfn::bind_host: {get_input: heat_api_network} - heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key} - # Keystone keystone::admin_bind_host: {get_input: keystone_admin_api_network} keystone::public_bind_host: {get_input: keystone_public_api_network} diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 4954119ffa..d2376af3ec 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -131,6 +131,12 @@ outputs: glance::api::keystone_tenant: 'service' glance::api::pipeline: 'keystone' glance::api::show_image_direct_url: true - + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]} step_config: | include ::tripleo::profile::base::glance::api diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml index d8861f7085..06ef93797b 100644 --- a/puppet/services/glance-registry.yaml +++ b/puppet/services/glance-registry.yaml @@ -66,5 +66,12 @@ outputs: '112 glance_registry': dport: - 9191 + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + glance::registry::bind_host: {get_param: [ServiceNetMap, GlanceRegistryNetwork]} step_config: | include ::tripleo::profile::base::glance::registry diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 4f8900aa36..a15ea32d2a 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -59,5 +59,12 @@ outputs: dport: - 8000 - 13800 + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]} step_config: | include ::tripleo::profile::base::heat::api_cfn diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index 7a09aad09b..6d645ee7bc 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -45,5 +45,12 @@ outputs: dport: - 8003 - 13003 + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + heat::api_cloudwatch::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]} step_config: | include ::tripleo::profile::base::heat::api_cloudwatch diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index 3a5d2a1386..ec3b0e3765 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -59,5 +59,12 @@ outputs: dport: - 8004 - 13004 + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]} step_config: | include ::tripleo::profile::base::heat::api diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index fba80c5d58..b230ec1d92 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > Openstack Heat Engine service configured with Puppet @@ -35,6 +35,11 @@ parameters: description: Password for heat_stack_domain_admin user. type: string hidden: true + HeatAuthEncryptionKey: + description: Auth encryption key for heat-engine + type: string + hidden: true + default: '' resources: HeatBase: @@ -76,5 +81,12 @@ outputs: heat::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + heat::engine::auth_encryption_key: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: HeatAuthEncryptionKey} + - {get_param: [DefaultPasswords, heat_auth_encryption_key]} step_config: | include ::tripleo::profile::base::heat::engine