Move glance/heat hiera settings to services

This patch removes the remaining bind IP, and password
settings for Heat and Glance into the composable services.

Change-Id: I17abcb2a08a1972cbcf8163f6608ac22ddfc15f7
Related-bug: #1604414
This commit is contained in:
Dan Prince 2016-08-24 14:02:13 -04:00
parent 319c42475c
commit 43476e235c
8 changed files with 48 additions and 21 deletions

View File

@ -403,7 +403,6 @@ resources:
properties: properties:
CloudDomain: {get_param: CloudDomain} CloudDomain: {get_param: CloudDomain}
controllerExtraConfig: {get_param: controllerExtraConfig} controllerExtraConfig: {get_param: controllerExtraConfig}
HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey}
HorizonSecret: {get_resource: HorizonSecret} HorizonSecret: {get_resource: HorizonSecret}
PcsdPassword: {get_resource: PcsdPassword} PcsdPassword: {get_resource: PcsdPassword}
RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]} RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}

View File

@ -87,10 +87,6 @@ parameters:
type: string type: string
constraints: constraints:
- custom_constraint: nova.flavor - custom_constraint: nova.flavor
HeatAuthEncryptionKey:
description: Auth encryption key for heat-engine
type: string
hidden: true
HorizonSecret: HorizonSecret:
description: Secret key for Django description: Secret key for Django
type: string type: string
@ -405,7 +401,6 @@ resources:
server: {get_resource: Controller} server: {get_resource: Controller}
input_values: input_values:
bootstack_nodeid: {get_attr: [Controller, name]} bootstack_nodeid: {get_attr: [Controller, name]}
heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
horizon_secret: {get_param: HorizonSecret} horizon_secret: {get_param: HorizonSecret}
debug: {get_param: Debug} debug: {get_param: Debug}
keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
@ -440,10 +435,7 @@ resources:
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]} glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
manila_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]} manila_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]}
@ -559,16 +551,6 @@ resources:
swift::storage::all::storage_local_net_ip: {get_input: swift_management_network} swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
swift::swift_hash_path_suffix: {get_input: swift_hash_suffix} swift::swift_hash_path_suffix: {get_input: swift_hash_suffix}
# Glance
glance::api::bind_host: {get_input: glance_api_network}
glance::registry::bind_host: {get_input: glance_registry_network}
# Heat
heat::api::bind_host: {get_input: heat_api_network}
heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
heat::api_cfn::bind_host: {get_input: heat_api_network}
heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
# Keystone # Keystone
keystone::admin_bind_host: {get_input: keystone_admin_api_network} keystone::admin_bind_host: {get_input: keystone_admin_api_network}
keystone::public_bind_host: {get_input: keystone_public_api_network} keystone::public_bind_host: {get_input: keystone_public_api_network}

View File

@ -131,6 +131,12 @@ outputs:
glance::api::keystone_tenant: 'service' glance::api::keystone_tenant: 'service'
glance::api::pipeline: 'keystone' glance::api::pipeline: 'keystone'
glance::api::show_image_direct_url: true glance::api::show_image_direct_url: true
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]}
step_config: | step_config: |
include ::tripleo::profile::base::glance::api include ::tripleo::profile::base::glance::api

View File

@ -66,5 +66,12 @@ outputs:
'112 glance_registry': '112 glance_registry':
dport: dport:
- 9191 - 9191
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
glance::registry::bind_host: {get_param: [ServiceNetMap, GlanceRegistryNetwork]}
step_config: | step_config: |
include ::tripleo::profile::base::glance::registry include ::tripleo::profile::base::glance::registry

View File

@ -59,5 +59,12 @@ outputs:
dport: dport:
- 8000 - 8000
- 13800 - 13800
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
step_config: | step_config: |
include ::tripleo::profile::base::heat::api_cfn include ::tripleo::profile::base::heat::api_cfn

View File

@ -45,5 +45,12 @@ outputs:
dport: dport:
- 8003 - 8003
- 13003 - 13003
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
heat::api_cloudwatch::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
step_config: | step_config: |
include ::tripleo::profile::base::heat::api_cloudwatch include ::tripleo::profile::base::heat::api_cloudwatch

View File

@ -59,5 +59,12 @@ outputs:
dport: dport:
- 8004 - 8004
- 13004 - 13004
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
step_config: | step_config: |
include ::tripleo::profile::base::heat::api include ::tripleo::profile::base::heat::api

View File

@ -1,4 +1,4 @@
heat_template_version: 2016-04-08 heat_template_version: 2016-10-14
description: > description: >
Openstack Heat Engine service configured with Puppet Openstack Heat Engine service configured with Puppet
@ -35,6 +35,11 @@ parameters:
description: Password for heat_stack_domain_admin user. description: Password for heat_stack_domain_admin user.
type: string type: string
hidden: true hidden: true
HeatAuthEncryptionKey:
description: Auth encryption key for heat-engine
type: string
hidden: true
default: ''
resources: resources:
HeatBase: HeatBase:
@ -76,5 +81,12 @@ outputs:
heat::db::mysql::allowed_hosts: heat::db::mysql::allowed_hosts:
- '%' - '%'
- "%{hiera('mysql_bind_host')}" - "%{hiera('mysql_bind_host')}"
heat::engine::auth_encryption_key:
yaql:
expression: $.data.passwords.where($ != '').first()
data:
passwords:
- {get_param: HeatAuthEncryptionKey}
- {get_param: [DefaultPasswords, heat_auth_encryption_key]}
step_config: | step_config: |
include ::tripleo::profile::base::heat::engine include ::tripleo::profile::base::heat::engine