Simplify etcd, frr service template
Change-Id: Iaed4823d21fd6283a1608d7852e3c9153e1e8d71
This commit is contained in:
parent
acdddec6d5
commit
7924cf9451
|
@ -82,9 +82,10 @@ parameter_groups:
|
||||||
conditions:
|
conditions:
|
||||||
internal_tls_enabled:
|
internal_tls_enabled:
|
||||||
and:
|
and:
|
||||||
- {equals: [{get_param: EnableInternalTLS}, true]}
|
- {get_param: EnableInternalTLS}
|
||||||
- {equals: [{get_param: EnableEtcdInternalTLS}, true]}
|
- {get_param: EnableEtcdInternalTLS}
|
||||||
key_size_override_unset: {equals: [{get_param: EtcdCertificateKeySize}, '']}
|
key_size_override_set:
|
||||||
|
not: {equals: [{get_param: EtcdCertificateKeySize}, '']}
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
ContainersCommon:
|
ContainersCommon:
|
||||||
|
@ -103,8 +104,7 @@ outputs:
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionEtcd}
|
monitoring_subscription: {get_param: MonitoringSubscriptionEtcd}
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
-
|
- etcd::etcd_name:
|
||||||
etcd::etcd_name:
|
|
||||||
str_replace:
|
str_replace:
|
||||||
template:
|
template:
|
||||||
"%{hiera('fqdn_$NETWORK')}"
|
"%{hiera('fqdn_$NETWORK')}"
|
||||||
|
@ -122,18 +122,15 @@ outputs:
|
||||||
etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken}
|
etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken}
|
||||||
etcd::manage_package: false
|
etcd::manage_package: false
|
||||||
etcd::manage_service: false
|
etcd::manage_service: false
|
||||||
-
|
- if:
|
||||||
if:
|
|
||||||
- internal_tls_enabled
|
- internal_tls_enabled
|
||||||
-
|
- tripleo::profile::base::etcd::certificate_specs:
|
||||||
tripleo::profile::base::etcd::certificate_specs:
|
|
||||||
service_certificate: '/etc/pki/tls/certs/etcd.crt'
|
service_certificate: '/etc/pki/tls/certs/etcd.crt'
|
||||||
service_key: '/etc/pki/tls/private/etcd.key'
|
service_key: '/etc/pki/tls/private/etcd.key'
|
||||||
etcd::trusted_ca_file: {get_param: InternalTLSCAFile}
|
etcd::trusted_ca_file: {get_param: InternalTLSCAFile}
|
||||||
etcd::peer_trusted_ca_file: {get_param: InternalTLSCAFile}
|
etcd::peer_trusted_ca_file: {get_param: InternalTLSCAFile}
|
||||||
-
|
|
||||||
# Ensure etcd and cinder-volume aren't configured to use TLS
|
# Ensure etcd and cinder-volume aren't configured to use TLS
|
||||||
tripleo::profile::base::etcd::enable_internal_tls: false
|
- tripleo::profile::base::etcd::enable_internal_tls: false
|
||||||
tripleo::profile::base::cinder::volume::enable_internal_tls: false
|
tripleo::profile::base::cinder::volume::enable_internal_tls: false
|
||||||
# BEGIN DOCKER SETTINGS
|
# BEGIN DOCKER SETTINGS
|
||||||
puppet_config:
|
puppet_config:
|
||||||
|
@ -177,17 +174,13 @@ outputs:
|
||||||
volumes:
|
volumes:
|
||||||
list_concat:
|
list_concat:
|
||||||
- {get_attr: [ContainersCommon, volumes]}
|
- {get_attr: [ContainersCommon, volumes]}
|
||||||
-
|
- - /var/lib/etcd:/var/lib/etcd
|
||||||
- /var/lib/etcd:/var/lib/etcd
|
|
||||||
- /var/lib/kolla/config_files/etcd.json:/var/lib/kolla/config_files/config.json:ro
|
- /var/lib/kolla/config_files/etcd.json:/var/lib/kolla/config_files/config.json:ro
|
||||||
- /var/lib/config-data/puppet-generated/etcd/:/var/lib/kolla/config_files/src:ro
|
- /var/lib/config-data/puppet-generated/etcd/:/var/lib/kolla/config_files/src:ro
|
||||||
-
|
- if:
|
||||||
if:
|
|
||||||
- internal_tls_enabled
|
- internal_tls_enabled
|
||||||
-
|
- - /etc/pki/tls/certs/etcd.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/etcd.crt:ro
|
||||||
- /etc/pki/tls/certs/etcd.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/etcd.crt:ro
|
|
||||||
- /etc/pki/tls/private/etcd.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/etcd.key:ro
|
- /etc/pki/tls/private/etcd.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/etcd.key:ro
|
||||||
- null
|
|
||||||
environment:
|
environment:
|
||||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||||
container_puppet_tasks:
|
container_puppet_tasks:
|
||||||
|
@ -204,8 +197,7 @@ outputs:
|
||||||
deploy_steps_tasks:
|
deploy_steps_tasks:
|
||||||
if:
|
if:
|
||||||
- internal_tls_enabled
|
- internal_tls_enabled
|
||||||
-
|
- - name: Certificate generation
|
||||||
- name: Certificate generation
|
|
||||||
when: step|int == 1
|
when: step|int == 1
|
||||||
block:
|
block:
|
||||||
- include_role:
|
- include_role:
|
||||||
|
@ -247,11 +239,10 @@ outputs:
|
||||||
done
|
done
|
||||||
key_size:
|
key_size:
|
||||||
if:
|
if:
|
||||||
- key_size_override_unset
|
- key_size_override_set
|
||||||
- {get_param: CertificateKeySize}
|
|
||||||
- {get_param: EtcdCertificateKeySize}
|
- {get_param: EtcdCertificateKeySize}
|
||||||
|
- {get_param: CertificateKeySize}
|
||||||
ca: ipa
|
ca: ipa
|
||||||
- null
|
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
- name: create /var/lib/etcd
|
- name: create /var/lib/etcd
|
||||||
file:
|
file:
|
||||||
|
@ -261,19 +252,15 @@ outputs:
|
||||||
external_deploy_tasks:
|
external_deploy_tasks:
|
||||||
if:
|
if:
|
||||||
- internal_tls_enabled
|
- internal_tls_enabled
|
||||||
-
|
- - name: check if ipa server has required permissions
|
||||||
- name: check if ipa server has required permissions
|
|
||||||
when: step|int == 1
|
when: step|int == 1
|
||||||
import_role:
|
import_role:
|
||||||
name: tls_everywhere
|
name: tls_everywhere
|
||||||
tasks_from: ipa-server-check
|
tasks_from: ipa-server-check
|
||||||
- null
|
|
||||||
upgrade_tasks: []
|
upgrade_tasks: []
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
if:
|
if:
|
||||||
- internal_tls_enabled
|
- internal_tls_enabled
|
||||||
-
|
- - service: etcd
|
||||||
- service: etcd
|
|
||||||
network: {get_param: [ServiceNetMap, EtcdNetwork]}
|
network: {get_param: [ServiceNetMap, EtcdNetwork]}
|
||||||
type: node
|
type: node
|
||||||
- null
|
|
||||||
|
|
|
@ -124,21 +124,18 @@ outputs:
|
||||||
tripleo_logging_sources_frr:
|
tripleo_logging_sources_frr:
|
||||||
- {get_param: FrrLoggingSource}
|
- {get_param: FrrLoggingSource}
|
||||||
firewall_rules:
|
firewall_rules:
|
||||||
map_merge:
|
'156 bgp tcp':
|
||||||
- if:
|
if:
|
||||||
- {get_param: FrrBgpEnabled}
|
- {get_param: FrrBgpEnabled}
|
||||||
- '156 bgp tcp':
|
- proto: 'tcp'
|
||||||
proto: 'tcp'
|
dport: 179
|
||||||
dport: 179
|
'156 bfd udp':
|
||||||
- {}
|
if:
|
||||||
- if:
|
|
||||||
- {get_param: FrrBfdEnabled}
|
- {get_param: FrrBfdEnabled}
|
||||||
- '156 bfd udp':
|
- proto: 'udp'
|
||||||
proto: 'udp'
|
dport:
|
||||||
dport:
|
- 3784
|
||||||
- 3784
|
- 3785
|
||||||
- 3785
|
|
||||||
- {}
|
|
||||||
kolla_config:
|
kolla_config:
|
||||||
/var/lib/kolla/config_files/frr.json:
|
/var/lib/kolla/config_files/frr.json:
|
||||||
# Note: This is currently needed because watchfrr *always* demonizes
|
# Note: This is currently needed because watchfrr *always* demonizes
|
||||||
|
|
Loading…
Reference in New Issue