Merge "Convert ServiceNetMap evals to hiera interpolation" into stable/queens
This commit is contained in:
Zuul
Gerrit Code Review
commit
44dba835f2
|
|
@ -233,7 +233,15 @@ outputs:
|
|||
ceph_docker_image_tag: {get_attr: [DockerImageUrlParts, value, image_tag]}
|
||||
containerized_deployment: true
|
||||
public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
|
||||
monitor_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
|
||||
monitor_address_block:
|
||||
get_param:
|
||||
- ServiceData
|
||||
- net_cidr_map
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
|
||||
cluster_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
|
||||
user_config: true
|
||||
ceph_stable: true
|
||||
|
|
|
|||
|
|
@ -72,7 +72,15 @@ outputs:
|
|||
- {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
|
||||
- radosgw_keystone: true
|
||||
radosgw_keystone_ssl: false
|
||||
radosgw_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephRgwNetwork]}]}
|
||||
radosgw_address_block:
|
||||
get_param:
|
||||
- ServiceData
|
||||
- net_cidr_map
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CephRgwNetwork]}
|
||||
radosgw_civetweb_port: {get_param: [EndpointMap, CephRgwInternal, port]}
|
||||
service_config_settings:
|
||||
keystone:
|
||||
|
|
|
|||
|
|
@ -89,7 +89,12 @@ outputs:
|
|||
map_merge:
|
||||
- get_attr: [MistralBase, role_data, config_settings]
|
||||
- mistral::api::api_workers: {get_param: MistralWorkers}
|
||||
mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
|
||||
mistral::api::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
|
||||
mistral::policy::policies: {get_param: MistralApiPolicies}
|
||||
tripleo.mistral_api.firewall_rules:
|
||||
'133 mistral':
|
||||
|
|
|
|||
|
|
@ -107,7 +107,11 @@ outputs:
|
|||
tripleo::stunnel::manage_service: false
|
||||
tripleo::stunnel::foreground: 'yes'
|
||||
tripleo::profile::pacemaker::database::redis_bundle::tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, RedisNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
|
||||
tripleo::profile::pacemaker::database::redis_bundle::tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
|
|||
|
|
@ -560,10 +560,7 @@ resources:
|
|||
service_names: {get_param: ServiceNames}
|
||||
sensu::subscriptions: {get_param: MonitoringSubscriptions}
|
||||
net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
|
||||
service_configs:
|
||||
map_replace:
|
||||
- {get_param: ServiceConfigSettings}
|
||||
- values: {get_attr: [NetIpMap, net_ip_map]}
|
||||
service_configs: {get_param: ServiceConfigSettings}
|
||||
{{role.name.lower()}}_extraconfig:
|
||||
map_merge:
|
||||
{%- if role.deprecated_param_extraconfig is defined %}
|
||||
|
|
|
|||
|
|
@ -102,13 +102,18 @@ outputs:
|
|||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]}
|
||||
aodh::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]}
|
||||
service_config_settings:
|
||||
get_attr: [AodhBase, role_data, service_config_settings]
|
||||
step_config: |
|
||||
|
|
|
|||
|
|
@ -80,16 +80,22 @@ outputs:
|
|||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]}
|
||||
apache::ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
|
||||
apache::default_vhost: false
|
||||
apache::trace_enable: 'Off'
|
||||
apache::server_signature: 'Off'
|
||||
apache::server_tokens: 'Prod'
|
||||
apache_remote_proxy_ips_network:
|
||||
str_replace:
|
||||
template: "NETWORK_subnet"
|
||||
template:
|
||||
"%{hiera('$NETWORK_subnet')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
|
||||
$NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
|
||||
apache::mod::prefork::maxclients: { get_param: ApacheMaxRequestWorkers }
|
||||
apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit }
|
||||
apache::mod::remoteip::proxy_ips:
|
||||
|
|
|
|||
|
|
@ -132,7 +132,12 @@ outputs:
|
|||
barbican::api::rabbit_port: {get_param: RabbitClientPort}
|
||||
barbican::api::rabbit_heartbeat_timeout_threshold: 60
|
||||
barbican::api::service_name: 'httpd'
|
||||
barbican::wsgi::apache::bind_host: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
|
||||
barbican::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
|
||||
barbican::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
||||
barbican::wsgi::apache::workers: {get_param: BarbicanWorkers}
|
||||
barbican::wsgi::apache::servername:
|
||||
|
|
|
|||
|
|
@ -110,22 +110,27 @@ outputs:
|
|||
ceph::params::packages:
|
||||
- ceph-base
|
||||
- ceph-mon
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
ceph::profile::params::cluster_network:
|
||||
str_replace:
|
||||
template: "NETWORK_subnet"
|
||||
template: "%{hiera('$NETWORK_subnet')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, CephClusterNetwork]}
|
||||
ceph::profile::params::public_network:
|
||||
str_replace:
|
||||
template: "NETWORK_subnet"
|
||||
template: "%{hiera('$NETWORK_subnet')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
|
||||
ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephMonNetwork]}
|
||||
ceph::profile::params::public_addr:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
|
||||
ceph::profile::params::client_keys:
|
||||
map_replace:
|
||||
- client.admin:
|
||||
|
|
|
|||
|
|
@ -70,7 +70,12 @@ outputs:
|
|||
- tripleo::profile::base::ceph::rgw::rgw_key: {get_param: CephRgwKey}
|
||||
tripleo::profile::base::ceph::rgw::keystone_admin_token: {get_param: AdminToken}
|
||||
tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
tripleo::profile::base::ceph::rgw::civetweb_bind_ip: {get_param: [ServiceNetMap, CephRgwNetwork]}
|
||||
tripleo::profile::base::ceph::rgw::civetweb_bind_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CephRgwNetwork]}
|
||||
tripleo::profile::base::ceph::rgw::civetweb_bind_port: {get_param: [EndpointMap, CephRgwInternal, port]}
|
||||
tripleo::profile::base::ceph::rgw::rgw_keystone_version: v3
|
||||
ceph::profile::params::rgw_keystone_admin_domain: default
|
||||
|
|
|
|||
|
|
@ -137,12 +137,18 @@ outputs:
|
|||
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
|
||||
cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
||||
cinder::api::service_name: 'httpd'
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
cinder::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
|
||||
cinder::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
|
||||
-
|
||||
cinder::wsgi::apache::servername:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
|
|||
|
|
@ -162,12 +162,17 @@ outputs:
|
|||
tripleo.cinder_volume.firewall_rules:
|
||||
'120 iscsi initiator':
|
||||
dport: 3260
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
|
||||
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
|
||||
service_config_settings:
|
||||
fluentd:
|
||||
tripleo_fluentd_groups_cinder_volume:
|
||||
|
|
|
|||
|
|
@ -110,7 +110,12 @@ outputs:
|
|||
congress::rabbit_password: {get_param: RabbitPassword}
|
||||
congress::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
|
||||
congress::rabbit_port: {get_param: RabbitClientPort}
|
||||
congress::server::bind_host: {get_param: [ServiceNetMap, CongressApiNetwork]}
|
||||
congress::server::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CongressApiNetwork]}
|
||||
|
||||
congress::keystone::authtoken::password: {get_param: CongressPassword}
|
||||
congress::keystone::authtoken::project_name: 'service'
|
||||
|
|
|
|||
|
|
@ -86,13 +86,18 @@ outputs:
|
|||
dport: 27018
|
||||
'103 mongod':
|
||||
dport: 27017
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
mongodb_bind_ip: {get_param: [ServiceNetMap, MongodbNetwork]}
|
||||
mongodb_bind_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]}
|
||||
# NOTE: This now takes an array, so we need to fetch the IP from hiera,
|
||||
# else Heat won't substitute the network name for the IP.
|
||||
mongodb::server::bind_ip:
|
||||
|
|
|
|||
|
|
@ -45,7 +45,12 @@ outputs:
|
|||
value:
|
||||
service_name: mysql_client
|
||||
config_settings:
|
||||
tripleo::profile::base::database::mysql::client::mysql_client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
tripleo::profile::base::database::mysql::client::mysql_client_bind_address:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS}
|
||||
tripleo::profile::base::database::mysql::client::ssl_ca: {get_param: InternalTLSCAFile}
|
||||
step_config: |
|
||||
|
|
|
|||
|
|
@ -102,13 +102,18 @@ outputs:
|
|||
- {get_param: [DefaultPasswords, mysql_root_password]}
|
||||
mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
|
||||
enable_galera: {get_param: EnableGalera}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
mysql_bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
tripleo::profile::base::database::mysql::bind_address:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
@ -116,7 +121,11 @@ outputs:
|
|||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
tripleo::profile::base::database::mysql::client_bind_address:
|
||||
{get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
tripleo::profile::base::database::mysql::generate_dropin_file_limit:
|
||||
{get_param: MysqlIncreaseFileLimit}
|
||||
- if:
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ outputs:
|
|||
redis::masterauth: {get_param: RedisPassword}
|
||||
redis::sentinel_auth_pass: {get_param: RedisPassword}
|
||||
redis_ipv6: {get_param: RedisIPv6}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
|
|
@ -74,7 +74,11 @@ outputs:
|
|||
- redis_ipv6
|
||||
- '::1'
|
||||
- '127.0.0.1'
|
||||
- {get_param: [ServiceNetMap, RedisNetwork]}
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
|
||||
redis::port: 6379
|
||||
redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}"
|
||||
redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}"
|
||||
|
|
@ -86,5 +90,9 @@ outputs:
|
|||
- redis_ipv6
|
||||
- '::1'
|
||||
- '127.0.0.1'
|
||||
- {get_param: [ServiceNetMap, RedisNetwork]}
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
|
||||
redis::ulimit: {get_param: RedisFDLimit}
|
||||
|
|
|
|||
|
|
@ -38,7 +38,11 @@ outputs:
|
|||
service_name: docker_registry
|
||||
config_settings:
|
||||
tripleo::profile::base::docker_registry::registry_host:
|
||||
{get_param: [ServiceNetMap, DockerRegistryNetwork]}
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, DockerRegistryNetwork]}
|
||||
tripleo::profile::base::docker_registry::registry_port:
|
||||
{get_param: [EndpointMap, DockerRegistryInternal, port]}
|
||||
tripleo.docker_registry.firewall_rules:
|
||||
|
|
|
|||
|
|
@ -159,14 +159,22 @@ outputs:
|
|||
if:
|
||||
- use_tls_proxy
|
||||
- tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, Ec2ApiNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
|
||||
tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
|
||||
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
|
||||
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_$NETWORK')}"
|
||||
|
|
|
|||
|
|
@ -60,12 +60,17 @@ outputs:
|
|||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
tripleo::profile::base::etcd::bind_ip: {get_param: [ServiceNetMap, EtcdNetwork]}
|
||||
tripleo::profile::base::etcd::bind_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
|
||||
tripleo::profile::base::etcd::client_port: '2379'
|
||||
tripleo::profile::base::etcd::peer_port: '2380'
|
||||
etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken}
|
||||
|
|
|
|||
|
|
@ -268,7 +268,11 @@ outputs:
|
|||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
tripleo::profile::base::glance::api::tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, GlanceApiNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
|
||||
tripleo::profile::base::glance::api::tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
@ -283,7 +287,11 @@ outputs:
|
|||
if:
|
||||
- use_tls_proxy
|
||||
- 'localhost'
|
||||
- {get_param: [ServiceNetMap, GlanceApiNetwork]}
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
|
||||
glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
|
||||
glance_log_file: {get_param: GlanceLogFile}
|
||||
glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneV3Internal, uri] }
|
||||
|
|
|
|||
|
|
@ -124,13 +124,18 @@ outputs:
|
|||
$NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
|
||||
tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend}
|
||||
tripleo::profile::base::gnocchi::api::incoming_storage_driver: {get_param: GnocchiIncomingStorageDriver}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
|
||||
gnocchi::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
|
||||
gnocchi::wsgi::apache::wsgi_process_display_name: 'gnocchi_wsgi'
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::gnocchi::api
|
||||
|
|
|
|||
|
|
@ -95,15 +95,25 @@ outputs:
|
|||
dport:
|
||||
- 8000
|
||||
- 13800
|
||||
heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
|
||||
heat::api_cfn::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
|
||||
heat::wsgi::apache_api_cfn::ssl: {get_param: EnableInternalTLS}
|
||||
heat::api_cfn::service_name: 'httpd'
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
heat::wsgi::apache_api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
|
||||
heat::wsgi::apache_api_cfn::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
|
||||
heat::wsgi::apache_api_cfn::servername:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
|
|||
|
|
@ -101,16 +101,26 @@ outputs:
|
|||
dport:
|
||||
- 8004
|
||||
- 13004
|
||||
heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
|
||||
heat::api::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]}
|
||||
heat::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
|
||||
heat::policy::policies: {get_param: HeatApiPolicies}
|
||||
heat::api::service_name: 'httpd'
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
heat::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
|
||||
heat::wsgi::apache_api::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]}
|
||||
heat::wsgi::apache_api::servername:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
|
|||
|
|
@ -115,7 +115,12 @@ outputs:
|
|||
horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
|
||||
horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
|
||||
horizon::vhost_extra_params: {get_param: HorizonVhostExtraParams}
|
||||
horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]}
|
||||
horizon::bind_address:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
|
||||
horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
horizon::password_validator: {get_param: [HorizonPasswordValidator]}
|
||||
horizon::password_validator_help: {get_param: [HorizonPasswordValidatorHelp]}
|
||||
|
|
|
|||
|
|
@ -90,19 +90,29 @@ outputs:
|
|||
ironic::api::authtoken::username: 'ironic'
|
||||
ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
ironic::api::host_ip: {get_param: [ServiceNetMap, IronicApiNetwork]}
|
||||
ironic::api::host_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
|
||||
ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
|
||||
# This is used to build links in responses
|
||||
ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
|
||||
ironic::api::service_name: 'httpd'
|
||||
ironic::policy::policies: {get_param: IronicApiPolicies}
|
||||
ironic::wsgi::apache::bind_host: {get_param: [ServiceNetMap, IronicApiNetwork]}
|
||||
ironic::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
|
||||
ironic::wsgi::apache::port: {get_param: [EndpointMap, IronicInternal, port]}
|
||||
ironic::wsgi::apache::servername:
|
||||
str_replace:
|
||||
|
|
|
|||
|
|
@ -200,7 +200,12 @@ outputs:
|
|||
ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers}
|
||||
ironic::conductor::enabled_hardware_types: {get_param: IronicEnabledHardwareTypes}
|
||||
# We need an endpoint containing a real IP, not a VIP here
|
||||
ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
ironic_conductor_http_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
ironic::conductor::http_url:
|
||||
list_join:
|
||||
- ''
|
||||
|
|
@ -209,14 +214,24 @@ outputs:
|
|||
- {get_param: IronicIPXEPort}
|
||||
ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled}
|
||||
ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
ironic::drivers::pxe::tftp_server: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
ironic::pxe::tftp_bind_host: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
ironic::drivers::pxe::tftp_server:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
ironic::pxe::tftp_bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
# NOTE(dtantsur): UEFI only works with iPXE currently for us
|
||||
ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
|
||||
ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
|
||||
|
|
@ -249,7 +264,12 @@ outputs:
|
|||
# glance and neutron endpoints, virtual console IP. We override
|
||||
# the TFTP server IP in ironic-conductor.yaml as it should not be
|
||||
# the VIP, but rather a real IP of the host.
|
||||
ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
ironic::my_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
ironic::pxe::common::http_port: {get_param: IronicIPXEPort}
|
||||
# Credentials to access other services
|
||||
ironic::cinder::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
|
|
|
|||
|
|
@ -113,8 +113,18 @@ outputs:
|
|||
monitoring_subscription: {get_param: MonitoringSubscriptionIronicInspector}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- ironic::inspector::listen_address: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
|
||||
ironic::inspector::dnsmasq_local_ip: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
|
||||
- ironic::inspector::listen_address:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
|
||||
ironic::inspector::dnsmasq_local_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
|
||||
ironic::inspector::dnsmasq_ip_range: {get_param: IronicInspectorIpRange}
|
||||
ironic::inspector::dnsmasq_interface: {get_param: IronicInspectorInterface}
|
||||
ironic::inspector::debug: {get_param: Debug}
|
||||
|
|
|
|||
|
|
@ -424,15 +424,25 @@ outputs:
|
|||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
# NOTE: this applies to all 2 bind IP settings below...
|
||||
keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
|
||||
keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
|
||||
keystone::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
|
||||
keystone::wsgi::apache::admin_bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
|
||||
keystone::cron::token_flush::ensure: {get_param: KeystoneCronTokenFlushEnsure}
|
||||
keystone::cron::token_flush::minute: {get_param: KeystoneCronTokenFlushMinute}
|
||||
keystone::cron::token_flush::hour: {get_param: KeystoneCronTokenFlushHour}
|
||||
|
|
|
|||
|
|
@ -96,13 +96,18 @@ outputs:
|
|||
dport:
|
||||
- 8786
|
||||
- 13786
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
manila::api::bind_host: {get_param: [ServiceNetMap, ManilaApiNetwork]}
|
||||
manila::api::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, ManilaApiNetwork]}
|
||||
manila::api::enable_proxy_headers_parsing: true
|
||||
manila::api::default_share_type: 'default'
|
||||
|
||||
|
|
@ -143,4 +148,4 @@ outputs:
|
|||
manila::keystone::auth::password: {get_param: ManilaPassword}
|
||||
manila::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
metadata_settings:
|
||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||
|
|
|
|||
|
|
@ -81,7 +81,12 @@ outputs:
|
|||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
memcached::listen_ip: {get_param: [ServiceNetMap, MemcachedNetwork]}
|
||||
memcached::listen_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]}
|
||||
memcached::max_memory: {get_param: MemcachedMaxMemory}
|
||||
# https://access.redhat.com/security/cve/cve-2018-1000115
|
||||
# Only accept TCP to avoid spoofed traffic amplification DoS on UDP.
|
||||
|
|
|
|||
|
|
@ -75,7 +75,12 @@ outputs:
|
|||
map_merge:
|
||||
- get_attr: [MistralBase, role_data, config_settings]
|
||||
- mistral::api::api_workers: {get_param: MistralWorkers}
|
||||
mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
|
||||
mistral::api::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
|
||||
mistral::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
||||
mistral::policy::policies: {get_param: MistralApiPolicies}
|
||||
tripleo.mistral_api.firewall_rules:
|
||||
|
|
@ -84,7 +89,12 @@ outputs:
|
|||
- 8989
|
||||
- 13989
|
||||
mistral::api::service_name: 'httpd'
|
||||
mistral::wsgi::apache::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
|
||||
mistral::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
|
||||
mistral::wsgi::apache::servername:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
|
|||
|
|
@ -175,13 +175,17 @@ outputs:
|
|||
- 13696
|
||||
neutron::server::router_distributed: {get_param: NeutronEnableDVR}
|
||||
neutron::server::enable_dvr: {get_param: NeutronEnableDVR}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
tripleo::profile::base::neutron::server::tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, NeutronApiNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
|
||||
tripleo::profile::base::neutron::server::tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
@ -196,7 +200,11 @@ outputs:
|
|||
if:
|
||||
- use_tls_proxy
|
||||
- 'localhost'
|
||||
- {get_param: [ServiceNetMap, NeutronApiNetwork]}
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
|
||||
tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA}
|
||||
-
|
||||
if:
|
||||
|
|
|
|||
|
|
@ -76,7 +76,12 @@ outputs:
|
|||
- neutron::agents::ml2::linuxbridge::physical_interface_mappings: {get_param: PhysicalInterfaceMapping}
|
||||
neutron::agents::ml2::linuxbridge::l2_population: {get_param: NeutronEnableL2Pop}
|
||||
neutron::agents::ml2::linuxbridge::tunnel_types: {get_param: NeutronTunnelTypes}
|
||||
neutron::agents::ml2::linuxbridge::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
neutron::agents::ml2::linuxbridge::local_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.BridgeInterfaceDriver'
|
||||
neutron::agents::dhcp::dhcp_driver: 'neutron.agent.linux.dhcp.Dnsmasq'
|
||||
-
|
||||
|
|
|
|||
|
|
@ -161,7 +161,12 @@ outputs:
|
|||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
neutron::agents::ml2::ovs::local_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
tripleo.neutron_ovs_agent.firewall_rules:
|
||||
'118 neutron vxlan networks':
|
||||
proto: 'udp'
|
||||
|
|
|
|||
|
|
@ -167,12 +167,17 @@ outputs:
|
|||
nova_wsgi_enabled: true
|
||||
nova::api::service_name: 'httpd'
|
||||
nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
nova::wsgi::apache_api::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
nova::wsgi::apache_api::servername:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
|
|||
|
|
@ -166,7 +166,12 @@ outputs:
|
|||
service_name: nova_base
|
||||
config_settings:
|
||||
map_merge:
|
||||
- nova::my_ip: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
- nova::my_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
nova::rabbit_password: {get_param: RabbitPassword}
|
||||
nova::rabbit_userid: {get_param: RabbitUserName}
|
||||
nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
|
||||
|
|
|
|||
|
|
@ -310,13 +310,18 @@ outputs:
|
|||
- true
|
||||
- false
|
||||
nova::compute::neutron::libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
nova::compute::vncserver_proxyclient_address: {get_param: [ServiceNetMap, NovaVncProxyNetwork]}
|
||||
nova::compute::vncserver_proxyclient_address:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaVncProxyNetwork]}
|
||||
nova::compute::vncproxy_host: {get_param: [EndpointMap, NovaPublic, host_nobrackets]}
|
||||
nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
|
||||
nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]}
|
||||
|
|
|
|||
|
|
@ -209,7 +209,12 @@ outputs:
|
|||
nova::compute::libvirt::qemu::configure_qemu: true
|
||||
nova::compute::libvirt::qemu::max_files: 32768
|
||||
nova::compute::libvirt::qemu::max_processes: 131072
|
||||
nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
|
||||
nova::compute::libvirt::vncserver_listen:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
|
||||
nova::migration::qemu::configure_qemu: true
|
||||
nova::migration::qemu::migration_port_min: 61152
|
||||
nova::migration::qemu::migration_port_max: 61215
|
||||
|
|
@ -229,7 +234,11 @@ outputs:
|
|||
tripleo::profile::base::nova::migration::client::libvirt_tls: true
|
||||
tripleo::profile::base::nova::libvirt::tls_password: {get_param: [LibvirtTLSPassword]}
|
||||
nova::migration::libvirt::listen_address:
|
||||
get_param: [ServiceNetMap, NovaLibvirtNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
|
||||
nova::migration::libvirt::live_migration_inbound_addr:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
|
|||
|
|
@ -66,7 +66,11 @@ outputs:
|
|||
if:
|
||||
- use_tls_proxy
|
||||
- 'localhost'
|
||||
- {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
||||
-
|
||||
if:
|
||||
- nova_workers_zero
|
||||
|
|
@ -76,7 +80,11 @@ outputs:
|
|||
if:
|
||||
- use_tls_proxy
|
||||
- tripleo::profile::base::nova::api::metadata_tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, NovaMetadataNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
||||
tripleo::profile::base::nova::api::metadata_tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
|
|||
|
|
@ -56,13 +56,23 @@ outputs:
|
|||
- "%{hiera('cold_migration_ssh_inbound_addr')}"
|
||||
- "%{hiera('live_migration_ssh_inbound_addr')}"
|
||||
live_migration_ssh_inbound_addr:
|
||||
get_param:
|
||||
- ServiceNetMap
|
||||
- str_replace:
|
||||
template: "ROLENAMEHostnameResolveNetwork"
|
||||
params:
|
||||
ROLENAME: {get_param: RoleName}
|
||||
cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK:
|
||||
get_param:
|
||||
- ServiceNetMap
|
||||
- str_replace:
|
||||
template: "ROLENAMEHostnameResolveNetwork"
|
||||
params:
|
||||
ROLENAME: {get_param: RoleName}
|
||||
cold_migration_ssh_inbound_addr:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
tripleo::profile::base::sshd::port:
|
||||
- 22
|
||||
- {get_param: MigrationSshPort}
|
||||
|
|
|
|||
|
|
@ -100,12 +100,17 @@ outputs:
|
|||
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
nova::wsgi::apache_placement::api_port: '8778'
|
||||
nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
nova::wsgi::apache_placement::bind_host: {get_param: [ServiceNetMap, NovaPlacementNetwork]}
|
||||
nova::wsgi::apache_placement::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaPlacementNetwork]}
|
||||
nova::wsgi::apache_placement::servername:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
|
|||
|
|
@ -115,12 +115,17 @@ outputs:
|
|||
nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
|
||||
nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]}
|
||||
nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
nova::vncproxy::host: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
nova::vncproxy::host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
tripleo.nova_vnc_proxy.firewall_rules:
|
||||
'137 nova_vnc_proxy':
|
||||
dport:
|
||||
|
|
|
|||
|
|
@ -136,7 +136,12 @@ outputs:
|
|||
opendaylight::username: {get_param: OpenDaylightUsername}
|
||||
opendaylight::password: {get_param: OpenDaylightPassword}
|
||||
opendaylight::extra_features: {get_param: OpenDaylightFeatures}
|
||||
opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
||||
opendaylight::odl_bind_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
||||
opendaylight::manage_repositories: {get_param: OpenDaylightManageRepositories}
|
||||
tripleo.opendaylight_api.firewall_rules:
|
||||
'137 opendaylight api':
|
||||
|
|
|
|||
|
|
@ -212,7 +212,12 @@ outputs:
|
|||
neutron::plugins::ovs::opendaylight::odl_username: {get_param: OpenDaylightUsername}
|
||||
neutron::plugins::ovs::opendaylight::odl_password: {get_param: OpenDaylightPassword}
|
||||
opendaylight_check_url: {get_param: OpenDaylightCheckURL}
|
||||
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
neutron::agents::ml2::ovs::local_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
tripleo.opendaylight_ovs.firewall_rules:
|
||||
'118 neutron vxlan networks':
|
||||
proto: 'udp'
|
||||
|
|
|
|||
|
|
@ -94,7 +94,12 @@ outputs:
|
|||
map_merge:
|
||||
- get_attr: [RoleParametersValue, value]
|
||||
- ovn::southbound::port: {get_param: OVNSouthboundServerPort}
|
||||
ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
ovn::controller::ovn_encap_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
ovn::controller::ovn_bridge: {get_param: OVNIntegrationBridge}
|
||||
nova::compute::force_config_drive: {if: [force_config_drive, true, false]}
|
||||
tripleo.ovn_controller.firewall_rules:
|
||||
|
|
|
|||
|
|
@ -47,7 +47,12 @@ outputs:
|
|||
config_settings:
|
||||
ovn::northbound::port: {get_param: OVNNorthboundServerPort}
|
||||
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
|
||||
ovn::northd::dbs_listen_ip: {get_param: [ServiceNetMap, OvnDbsNetwork]}
|
||||
ovn::northd::dbs_listen_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
|
||||
tripleo::haproxy::ovn_dbs_manage_lb: true
|
||||
tripleo.ovn_dbs.firewall_rules:
|
||||
'121 OVN DB server ports':
|
||||
|
|
|
|||
|
|
@ -63,14 +63,18 @@ outputs:
|
|||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
tripleo::profile::pacemaker::database::mysql::gmcast_listen_addr:
|
||||
get_param: [ServiceNetMap, MysqlNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
tripleo::profile::pacemaker::database::mysql::ca_file:
|
||||
get_param: InternalTLSCAFile
|
||||
step_config: |
|
||||
|
|
|
|||
|
|
@ -65,7 +65,11 @@ outputs:
|
|||
redis::notify_service: false
|
||||
redis::managed_by_cluster_manager: true
|
||||
tripleo::profile::pacemaker::database::redis::tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, RedisNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
|
||||
tripleo::profile::pacemaker::database::redis::tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
|
|||
|
|
@ -103,13 +103,18 @@ outputs:
|
|||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
panko::wsgi::apache::bind_host: {get_param: [ServiceNetMap, PankoApiNetwork]}
|
||||
panko::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
|
||||
service_config_settings:
|
||||
get_attr: [PankoBase, role_data, service_config_settings]
|
||||
step_config: |
|
||||
|
|
|
|||
|
|
@ -61,7 +61,12 @@ outputs:
|
|||
'109 qdr':
|
||||
dport:
|
||||
- {get_param: RabbitClientPort}
|
||||
qdr::listener_addr: {get_param: [ServiceNetMap, QdrNetwork]}
|
||||
qdr::listener_addr:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, QdrNetwork]}
|
||||
# cannot pass qdr::listener_port directly because it needs to be a string
|
||||
# we do the conversion in the puppet layer
|
||||
tripleo::profile::base::qdr::qdr_listener_port: {get_param: RabbitClientPort}
|
||||
|
|
|
|||
|
|
@ -129,20 +129,30 @@ outputs:
|
|||
passwords:
|
||||
- {get_param: RabbitCookie}
|
||||
- {get_param: [DefaultPasswords, rabbit_cookie]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
rabbitmq::interface: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
rabbitmq::interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues}
|
||||
rabbitmq::ssl: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_port: 5672
|
||||
rabbitmq::ssl_depth: 1
|
||||
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_interface: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
rabbitmq::ssl_interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
# TODO(jaosorior): Remove this once we set a proper default in
|
||||
# puppet-tripleo
|
||||
tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}
|
||||
|
|
|
|||
|
|
@ -80,12 +80,17 @@ outputs:
|
|||
- sahara::port: {get_param: [EndpointMap, SaharaInternal, port]}
|
||||
sahara::policy::policies: {get_param: SaharaApiPolicies}
|
||||
sahara::service::api::api_workers: {get_param: SaharaWorkers}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
sahara::host: {get_param: [ServiceNetMap, SaharaApiNetwork]}
|
||||
sahara::host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, SaharaApiNetwork]}
|
||||
tripleo.sahara_api.firewall_rules:
|
||||
'132 sahara':
|
||||
dport:
|
||||
|
|
|
|||
|
|
@ -207,14 +207,18 @@ outputs:
|
|||
- 'proxy-logging'
|
||||
- 'proxy-server'
|
||||
swift::proxy::account_autocreate: true
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
tripleo::profile::base::swift::proxy::tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, SwiftProxyNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
|
||||
tripleo::profile::base::swift::proxy::tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
@ -228,7 +232,11 @@ outputs:
|
|||
if:
|
||||
- use_tls_proxy
|
||||
- 'localhost'
|
||||
- {get_param: [ServiceNetMap, SwiftProxyNetwork]}
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::swift::proxy
|
||||
service_config_settings:
|
||||
|
|
|
|||
|
|
@ -130,7 +130,12 @@ outputs:
|
|||
- healthcheck
|
||||
- account-server
|
||||
swift::storage::disks::args: {get_param: SwiftRawDisks}
|
||||
swift::storage::all::storage_local_net_ip: {get_param: [ServiceNetMap, SwiftStorageNetwork]}
|
||||
swift::storage::all::storage_local_net_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, SwiftStorageNetwork]}
|
||||
swift::storage::all::account_server_workers: {get_param: SwiftAccountWorkers}
|
||||
swift::storage::all::container_server_workers: {get_param: SwiftContainerWorkers}
|
||||
swift::storage::all::object_server_workers: {get_param: SwiftObjectWorkers}
|
||||
|
|
|
|||
|
|
@ -111,7 +111,12 @@ outputs:
|
|||
tacker::rabbit_password: {get_param: RabbitPassword}
|
||||
tacker::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
|
||||
tacker::rabbit_port: {get_param: RabbitClientPort}
|
||||
tacker::server::bind_host: {get_param: [ServiceNetMap, TackerApiNetwork]}
|
||||
tacker::server::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, TackerApiNetwork]}
|
||||
|
||||
tacker::keystone::authtoken::project_name: 'service'
|
||||
tacker::keystone::authtoken::user_domain_name: 'Default'
|
||||
|
|
|
|||
|
|
@ -112,10 +112,25 @@ outputs:
|
|||
- {get_param: Debug }
|
||||
- {get_param: ZaqarDebug }
|
||||
zaqar::server::service_name: 'httpd'
|
||||
zaqar::transport::websocket::bind: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
||||
zaqar::transport::websocket::notification_bind: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
||||
zaqar::transport::websocket::bind:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
||||
zaqar::transport::websocket::notification_bind:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
||||
zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
||||
zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
||||
zaqar::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
||||
zaqar::message_pipeline: 'zaqar.notification.notifier'
|
||||
zaqar::max_messages_post_size: 1048576
|
||||
zaqar::unreliable: true
|
||||
|
|
|
|||
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
upgrade:
|
||||
- |
|
||||
Per-service config_settings should now use hiera interpolation to set
|
||||
the bind IP for services, e.g "%{hiera('internal_api')}" whereas prior
|
||||
to this release we replaced e.g internal_api for the IP address internally.
|
||||
The network name can still be derived from the ServiceNetMap - all the
|
||||
in-tree templates have been converted to the new format, but any out
|
||||
of tree templates may require similar adjustment.
|
||||
Loading…
Reference in New Issue