Browse Source

Add Barbican to the overcloud

Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Depends-On: If2804b469eb3ee08f3f194c7dd3290d23a245a7a
Depends-On: I091ecfbcb2e38fe77203244ac7a597aedcb558fb
Change-Id: Iacc504fc4fa2d06893917024ce2340d3fb80b626
changes/58/352458/22
Ade Lee 6 years ago committed by Juan Antonio Osorio Robles
parent
commit
5f2f5422d7
  1. 4
      environments/services/barbican.yaml
  2. 3
      environments/tls-endpoints-public-dns.yaml
  3. 3
      environments/tls-endpoints-public-ip.yaml
  4. 9
      network/endpoints/endpoint_data.yaml
  5. 246
      network/endpoints/endpoint_map.yaml
  6. 1
      network/service_net_map.j2.yaml
  7. 1
      overcloud-resource-registry-puppet.j2.yaml
  8. 3
      overcloud.j2.yaml
  9. 127
      puppet/services/barbican-api.yaml
  10. 1
      roles_data.yaml

4
environments/services/barbican.yaml

@ -0,0 +1,4 @@
# A Heat environment file which can be used to enable
# Barbican with the default secret store backend.
resource_registry:
OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml

3
environments/tls-endpoints-public-dns.yaml

@ -5,6 +5,9 @@ parameter_defaults:
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}

3
environments/tls-endpoints-public-ip.yaml

@ -5,6 +5,9 @@ parameter_defaults:
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'}
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'}

9
network/endpoints/endpoint_data.yaml

@ -10,6 +10,15 @@ Aodh:
net_param: AodhApi
port: 8042
Barbican:
Internal:
net_param: BarbicanApi
Public:
net_param: Public
Admin:
net_param: BarbicanApi
port: 9311
Ceilometer:
Internal:
net_param: CeilometerApi

246
network/endpoints/endpoint_map.yaml

@ -22,6 +22,9 @@ parameters:
AodhAdmin: {protocol: http, port: '8042', host: IP_ADDRESS}
AodhInternal: {protocol: http, port: '8042', host: IP_ADDRESS}
AodhPublic: {protocol: http, port: '8042', host: IP_ADDRESS}
BarbicanAdmin: {protocol: http, port: '9311', host: IP_ADDRESS}
BarbicanInternal: {protocol: http, port: '9311', host: IP_ADDRESS}
BarbicanPublic: {protocol: http, port: '9311', host: IP_ADDRESS}
CeilometerAdmin: {protocol: http, port: '8777', host: IP_ADDRESS}
CeilometerInternal: {protocol: http, port: '8777', host: IP_ADDRESS}
CeilometerPublic: {protocol: http, port: '8777', host: IP_ADDRESS}
@ -323,6 +326,249 @@ outputs:
template: NETWORK_uri
- ':'
- get_param: [EndpointMap, AodhPublic, port]
BarbicanAdmin:
host:
str_replace:
template:
get_param: [EndpointMap, BarbicanAdmin, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, BarbicanApiNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- str_replace:
params:
NETWORK:
get_param: [ServiceNetMap, BarbicanApiNetwork]
template: NETWORK_uri
host_nobrackets:
str_replace:
template:
get_param: [EndpointMap, BarbicanAdmin, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, BarbicanApiNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- get_param: [ServiceNetMap, BarbicanApiNetwork]
port:
get_param: [EndpointMap, BarbicanAdmin, port]
protocol:
get_param: [EndpointMap, BarbicanAdmin, protocol]
uri:
list_join:
- ''
- - get_param: [EndpointMap, BarbicanAdmin, protocol]
- ://
- str_replace:
template:
get_param: [EndpointMap, BarbicanAdmin, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, BarbicanApiNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- str_replace:
params:
NETWORK:
get_param: [ServiceNetMap, BarbicanApiNetwork]
template: NETWORK_uri
- ':'
- get_param: [EndpointMap, BarbicanAdmin, port]
uri_no_suffix:
list_join:
- ''
- - get_param: [EndpointMap, BarbicanAdmin, protocol]
- ://
- str_replace:
template:
get_param: [EndpointMap, BarbicanAdmin, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, BarbicanApiNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- str_replace:
params:
NETWORK:
get_param: [ServiceNetMap, BarbicanApiNetwork]
template: NETWORK_uri
- ':'
- get_param: [EndpointMap, BarbicanAdmin, port]
BarbicanInternal:
host:
str_replace:
template:
get_param: [EndpointMap, BarbicanInternal, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, BarbicanApiNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- str_replace:
params:
NETWORK:
get_param: [ServiceNetMap, BarbicanApiNetwork]
template: NETWORK_uri
host_nobrackets:
str_replace:
template:
get_param: [EndpointMap, BarbicanInternal, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, BarbicanApiNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- get_param: [ServiceNetMap, BarbicanApiNetwork]
port:
get_param: [EndpointMap, BarbicanInternal, port]
protocol:
get_param: [EndpointMap, BarbicanInternal, protocol]
uri:
list_join:
- ''
- - get_param: [EndpointMap, BarbicanInternal, protocol]
- ://
- str_replace:
template:
get_param: [EndpointMap, BarbicanInternal, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, BarbicanApiNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- str_replace:
params:
NETWORK:
get_param: [ServiceNetMap, BarbicanApiNetwork]
template: NETWORK_uri
- ':'
- get_param: [EndpointMap, BarbicanInternal, port]
uri_no_suffix:
list_join:
- ''
- - get_param: [EndpointMap, BarbicanInternal, protocol]
- ://
- str_replace:
template:
get_param: [EndpointMap, BarbicanInternal, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, BarbicanApiNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- str_replace:
params:
NETWORK:
get_param: [ServiceNetMap, BarbicanApiNetwork]
template: NETWORK_uri
- ':'
- get_param: [EndpointMap, BarbicanInternal, port]
BarbicanPublic:
host:
str_replace:
template:
get_param: [EndpointMap, BarbicanPublic, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, PublicNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- str_replace:
params:
NETWORK:
get_param: [ServiceNetMap, PublicNetwork]
template: NETWORK_uri
host_nobrackets:
str_replace:
template:
get_param: [EndpointMap, BarbicanPublic, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, PublicNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- get_param: [ServiceNetMap, PublicNetwork]
port:
get_param: [EndpointMap, BarbicanPublic, port]
protocol:
get_param: [EndpointMap, BarbicanPublic, protocol]
uri:
list_join:
- ''
- - get_param: [EndpointMap, BarbicanPublic, protocol]
- ://
- str_replace:
template:
get_param: [EndpointMap, BarbicanPublic, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, PublicNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- str_replace:
params:
NETWORK:
get_param: [ServiceNetMap, PublicNetwork]
template: NETWORK_uri
- ':'
- get_param: [EndpointMap, BarbicanPublic, port]
uri_no_suffix:
list_join:
- ''
- - get_param: [EndpointMap, BarbicanPublic, protocol]
- ://
- str_replace:
template:
get_param: [EndpointMap, BarbicanPublic, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, PublicNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- str_replace:
params:
NETWORK:
get_param: [ServiceNetMap, PublicNetwork]
template: NETWORK_uri
- ':'
- get_param: [EndpointMap, BarbicanPublic, port]
CeilometerAdmin:
host:
str_replace:

1
network/service_net_map.j2.yaml

@ -25,6 +25,7 @@ parameters:
NeutronTenantNetwork: tenant
CeilometerApiNetwork: internal_api
AodhApiNetwork: internal_api
BarbicanApiNetwork: internal_api
GnocchiApiNetwork: internal_api
MongodbNetwork: internal_api
CinderApiNetwork: internal_api

1
overcloud-resource-registry-puppet.j2.yaml

@ -188,6 +188,7 @@ resource_registry:
OS::Tripleo::Services::ManilaBackendCephFs: OS::Heat::None
OS::TripleO::Services::ComputeNeutronL3Agent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronMetadataAgent: OS::Heat::None
OS::TripleO::Services::BarbicanApi: OS::Heat::None
OS::TripleO::Services::AodhApi: puppet/services/aodh-api.yaml
OS::TripleO::Services::AodhEvaluator: puppet/services/aodh-evaluator.yaml
OS::TripleO::Services::AodhNotifier: puppet/services/aodh-notifier.yaml

3
overcloud.j2.yaml

@ -562,6 +562,9 @@ outputs:
AodhInternalVip:
description: VIP for Aodh API internal endpoint
value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, AodhApiNetwork]}]}
BarbicanInternalVip:
description: VIP for Barbican API internal endpoint
value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, BarbicanApiNetwork]}]}
CeilometerInternalVip:
description: VIP for Ceilometer API internal endpoint
value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CeilometerApiNetwork]}]}

127
puppet/services/barbican-api.yaml

@ -0,0 +1,127 @@
heat_template_version: 2016-04-08
description: >
OpenStack Barbican API service configured with Puppet
parameters:
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
BarbicanPassword:
description: The password for the barbican service account.
type: string
hidden: true
BarbicanWorkers:
description: Set the number of workers for barbican::wsgi::apache
default: '"%{::processorcount}"'
type: string
Debug:
default: ''
description: Set to True to enable debugging on all services.
type: string
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
RabbitClientPort:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
RabbitClientUseSSL:
default: false
description: >
Rabbit client subscriber parameter to specify
an SSL connection to the RabbitMQ host.
type: string
RabbitPassword:
description: The password for RabbitMQ
type: string
hidden: true
RabbitUserName:
default: guest
description: The username for RabbitMQ
type: string
resources:
ApacheServiceBase:
type: ./apache.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Barbican API role.
value:
service_name: barbican_api
config_settings:
map_merge:
- get_attr: [ApacheServiceBase, role_data, config_settings]
- barbican::keystone::authtoken::password: {get_param: BarbicanPassword}
barbican::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
barbican::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
barbican::keystone::authtoken::project_name: 'service'
barbican::api::host_href: {get_param: [EndpointMap, BarbicanPublic, uri]}
barbican::api::db_auto_create: false
barbican::api::enabled_certificate_plugins: ['simple_certificate']
barbican::api::logging::debug: {get_param: Debug}
barbican::api::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
barbican::api::rabbit_userid: {get_param: RabbitUserName}
barbican::api::rabbit_password: {get_param: RabbitPassword}
barbican::api::rabbit_port: {get_param: RabbitClientPort}
barbican::api::rabbit_heartbeat_timeout_threshold: 60
barbican::api::service_name: 'httpd'
barbican::wsgi::apache::bind_host: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
barbican::wsgi::apache::ssl: false
barbican::wsgi::apache::workers: {get_param: BarbicanWorkers}
barbican::wsgi::apache::servername:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
params:
$NETWORK: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
barbican::db::database_connection:
list_join:
- ''
- - {get_param: [EndpointMap, MysqlInternal, protocol]}
- '://barbican:'
- {get_param: BarbicanPassword}
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/barbican'
tripleo.barbican_api.firewall_rules:
'117 barbican':
dport:
- 9311
- 13311
step_config: |
include ::tripleo::profile::base::barbican::api
service_config_settings:
mysql:
barbican::db::mysql::password: {get_param: BarbicanPassword}
barbican::db::mysql::user: barbican
barbican::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
barbican::db::mysql::dbname: barbican
barbican::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
keystone:
barbican::keystone::auth::public_url: {get_param: [EndpointMap, BarbicanPublic, uri]}
barbican::keystone::auth::internal_url: {get_param: [EndpointMap, BarbicanInternal, uri]}
barbican::keystone::auth::admin_url: {get_param: [EndpointMap, BarbicanAdmin, uri]}
barbican::keystone::auth::password: {get_param: BarbicanPassword}
barbican::keystone::auth::region: {get_param: KeystoneRegion}
barbican::keystone::auth::tenant: 'service'

1
roles_data.yaml

@ -95,6 +95,7 @@
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::VipHosts
- OS::TripleO::Services::BarbicanApi
- name: Compute
CountDefault: 1

Loading…
Cancel
Save