Convert ServiceNetMap evals to hiera interpolation
Since https://review.openstack.org/#/c/514707/ added the net_ip_map
to hieradata, we can look up the per-network bind IPs via hiera
interpolation instead of heat map_replace.
In some cases the ServiceNetMap lookup is used for other things,
but anywhere we make use of the "magic" translation via NetIpMap
is changed the same way.
This will enable more of the configuration data to be exposed per
role vs per node in a future patch (to simplify our ansible
workflow).
Co-authored-by: Bogdan Dobrelya <bdobreli@redhat.com>
Change-Id: Ie3da9fedbfce87e85f74d8780e7ad1ceadda79c8
(cherry picked from commit 3a7baa8fa6
)
This commit is contained in:
parent
2f464c74ae
commit
7edda0e2b1
|
@ -233,7 +233,15 @@ outputs:
|
|||
ceph_docker_image_tag: {get_attr: [DockerImageUrlParts, value, image_tag]}
|
||||
containerized_deployment: true
|
||||
public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
|
||||
monitor_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
|
||||
monitor_address_block:
|
||||
get_param:
|
||||
- ServiceData
|
||||
- net_cidr_map
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
|
||||
cluster_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
|
||||
user_config: true
|
||||
ceph_stable: true
|
||||
|
|
|
@ -72,7 +72,15 @@ outputs:
|
|||
- {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
|
||||
- radosgw_keystone: true
|
||||
radosgw_keystone_ssl: false
|
||||
radosgw_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephRgwNetwork]}]}
|
||||
radosgw_address_block:
|
||||
get_param:
|
||||
- ServiceData
|
||||
- net_cidr_map
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CephRgwNetwork]}
|
||||
radosgw_civetweb_port: {get_param: [EndpointMap, CephRgwInternal, port]}
|
||||
service_config_settings:
|
||||
keystone:
|
||||
|
|
|
@ -89,7 +89,12 @@ outputs:
|
|||
map_merge:
|
||||
- get_attr: [MistralBase, role_data, config_settings]
|
||||
- mistral::api::api_workers: {get_param: MistralWorkers}
|
||||
mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
|
||||
mistral::api::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
|
||||
mistral::policy::policies: {get_param: MistralApiPolicies}
|
||||
tripleo.mistral_api.firewall_rules:
|
||||
'133 mistral':
|
||||
|
|
|
@ -107,7 +107,11 @@ outputs:
|
|||
tripleo::stunnel::manage_service: false
|
||||
tripleo::stunnel::foreground: 'yes'
|
||||
tripleo::profile::pacemaker::database::redis_bundle::tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, RedisNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
|
||||
tripleo::profile::pacemaker::database::redis_bundle::tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
|
@ -560,10 +560,7 @@ resources:
|
|||
service_names: {get_param: ServiceNames}
|
||||
sensu::subscriptions: {get_param: MonitoringSubscriptions}
|
||||
net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
|
||||
service_configs:
|
||||
map_replace:
|
||||
- {get_param: ServiceConfigSettings}
|
||||
- values: {get_attr: [NetIpMap, net_ip_map]}
|
||||
service_configs: {get_param: ServiceConfigSettings}
|
||||
{{role.name.lower()}}_extraconfig:
|
||||
map_merge:
|
||||
{%- if role.deprecated_param_extraconfig is defined %}
|
||||
|
|
|
@ -102,13 +102,18 @@ outputs:
|
|||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]}
|
||||
aodh::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]}
|
||||
service_config_settings:
|
||||
get_attr: [AodhBase, role_data, service_config_settings]
|
||||
step_config: |
|
||||
|
|
|
@ -80,16 +80,22 @@ outputs:
|
|||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]}
|
||||
apache::ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
|
||||
apache::default_vhost: false
|
||||
apache::trace_enable: 'Off'
|
||||
apache::server_signature: 'Off'
|
||||
apache::server_tokens: 'Prod'
|
||||
apache_remote_proxy_ips_network:
|
||||
str_replace:
|
||||
template: "NETWORK_subnet"
|
||||
template:
|
||||
"%{hiera('$NETWORK_subnet')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
|
||||
$NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
|
||||
apache::mod::prefork::maxclients: { get_param: ApacheMaxRequestWorkers }
|
||||
apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit }
|
||||
apache::mod::remoteip::proxy_ips:
|
||||
|
|
|
@ -132,7 +132,12 @@ outputs:
|
|||
barbican::api::rabbit_port: {get_param: RabbitClientPort}
|
||||
barbican::api::rabbit_heartbeat_timeout_threshold: 60
|
||||
barbican::api::service_name: 'httpd'
|
||||
barbican::wsgi::apache::bind_host: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
|
||||
barbican::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
|
||||
barbican::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
||||
barbican::wsgi::apache::workers: {get_param: BarbicanWorkers}
|
||||
barbican::wsgi::apache::servername:
|
||||
|
|
|
@ -110,22 +110,27 @@ outputs:
|
|||
ceph::params::packages:
|
||||
- ceph-base
|
||||
- ceph-mon
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
ceph::profile::params::cluster_network:
|
||||
str_replace:
|
||||
template: "NETWORK_subnet"
|
||||
template: "%{hiera('$NETWORK_subnet')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, CephClusterNetwork]}
|
||||
ceph::profile::params::public_network:
|
||||
str_replace:
|
||||
template: "NETWORK_subnet"
|
||||
template: "%{hiera('$NETWORK_subnet')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
|
||||
ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephMonNetwork]}
|
||||
ceph::profile::params::public_addr:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
|
||||
ceph::profile::params::client_keys:
|
||||
map_replace:
|
||||
- client.admin:
|
||||
|
|
|
@ -70,7 +70,12 @@ outputs:
|
|||
- tripleo::profile::base::ceph::rgw::rgw_key: {get_param: CephRgwKey}
|
||||
tripleo::profile::base::ceph::rgw::keystone_admin_token: {get_param: AdminToken}
|
||||
tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
tripleo::profile::base::ceph::rgw::civetweb_bind_ip: {get_param: [ServiceNetMap, CephRgwNetwork]}
|
||||
tripleo::profile::base::ceph::rgw::civetweb_bind_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CephRgwNetwork]}
|
||||
tripleo::profile::base::ceph::rgw::civetweb_bind_port: {get_param: [EndpointMap, CephRgwInternal, port]}
|
||||
tripleo::profile::base::ceph::rgw::rgw_keystone_version: v3
|
||||
ceph::profile::params::rgw_keystone_admin_domain: default
|
||||
|
|
|
@ -137,12 +137,18 @@ outputs:
|
|||
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
|
||||
cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
||||
cinder::api::service_name: 'httpd'
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
cinder::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
|
||||
cinder::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
|
||||
-
|
||||
cinder::wsgi::apache::servername:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
|
@ -162,12 +162,17 @@ outputs:
|
|||
tripleo.cinder_volume.firewall_rules:
|
||||
'120 iscsi initiator':
|
||||
dport: 3260
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
|
||||
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
|
||||
service_config_settings:
|
||||
fluentd:
|
||||
tripleo_fluentd_groups_cinder_volume:
|
||||
|
|
|
@ -110,7 +110,12 @@ outputs:
|
|||
congress::rabbit_password: {get_param: RabbitPassword}
|
||||
congress::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
|
||||
congress::rabbit_port: {get_param: RabbitClientPort}
|
||||
congress::server::bind_host: {get_param: [ServiceNetMap, CongressApiNetwork]}
|
||||
congress::server::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CongressApiNetwork]}
|
||||
|
||||
congress::keystone::authtoken::password: {get_param: CongressPassword}
|
||||
congress::keystone::authtoken::project_name: 'service'
|
||||
|
|
|
@ -86,13 +86,18 @@ outputs:
|
|||
dport: 27018
|
||||
'103 mongod':
|
||||
dport: 27017
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
mongodb_bind_ip: {get_param: [ServiceNetMap, MongodbNetwork]}
|
||||
mongodb_bind_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]}
|
||||
# NOTE: This now takes an array, so we need to fetch the IP from hiera,
|
||||
# else Heat won't substitute the network name for the IP.
|
||||
mongodb::server::bind_ip:
|
||||
|
|
|
@ -45,7 +45,12 @@ outputs:
|
|||
value:
|
||||
service_name: mysql_client
|
||||
config_settings:
|
||||
tripleo::profile::base::database::mysql::client::mysql_client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
tripleo::profile::base::database::mysql::client::mysql_client_bind_address:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS}
|
||||
tripleo::profile::base::database::mysql::client::ssl_ca: {get_param: InternalTLSCAFile}
|
||||
step_config: |
|
||||
|
|
|
@ -102,13 +102,18 @@ outputs:
|
|||
- {get_param: [DefaultPasswords, mysql_root_password]}
|
||||
mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
|
||||
enable_galera: {get_param: EnableGalera}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
mysql_bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
tripleo::profile::base::database::mysql::bind_address:
|
||||
str_replace:
|
||||
template:
|
||||
|
@ -116,7 +121,11 @@ outputs:
|
|||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
tripleo::profile::base::database::mysql::client_bind_address:
|
||||
{get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
tripleo::profile::base::database::mysql::generate_dropin_file_limit:
|
||||
{get_param: MysqlIncreaseFileLimit}
|
||||
- if:
|
||||
|
|
|
@ -60,7 +60,7 @@ outputs:
|
|||
redis::masterauth: {get_param: RedisPassword}
|
||||
redis::sentinel_auth_pass: {get_param: RedisPassword}
|
||||
redis_ipv6: {get_param: RedisIPv6}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
|
@ -74,7 +74,11 @@ outputs:
|
|||
- redis_ipv6
|
||||
- '::1'
|
||||
- '127.0.0.1'
|
||||
- {get_param: [ServiceNetMap, RedisNetwork]}
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
|
||||
redis::port: 6379
|
||||
redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}"
|
||||
redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}"
|
||||
|
@ -86,5 +90,9 @@ outputs:
|
|||
- redis_ipv6
|
||||
- '::1'
|
||||
- '127.0.0.1'
|
||||
- {get_param: [ServiceNetMap, RedisNetwork]}
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
|
||||
redis::ulimit: {get_param: RedisFDLimit}
|
||||
|
|
|
@ -38,7 +38,11 @@ outputs:
|
|||
service_name: docker_registry
|
||||
config_settings:
|
||||
tripleo::profile::base::docker_registry::registry_host:
|
||||
{get_param: [ServiceNetMap, DockerRegistryNetwork]}
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, DockerRegistryNetwork]}
|
||||
tripleo::profile::base::docker_registry::registry_port:
|
||||
{get_param: [EndpointMap, DockerRegistryInternal, port]}
|
||||
tripleo.docker_registry.firewall_rules:
|
||||
|
|
|
@ -159,14 +159,22 @@ outputs:
|
|||
if:
|
||||
- use_tls_proxy
|
||||
- tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, Ec2ApiNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
|
||||
tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
|
||||
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
|
||||
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_$NETWORK')}"
|
||||
|
|
|
@ -60,12 +60,17 @@ outputs:
|
|||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
tripleo::profile::base::etcd::bind_ip: {get_param: [ServiceNetMap, EtcdNetwork]}
|
||||
tripleo::profile::base::etcd::bind_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
|
||||
tripleo::profile::base::etcd::client_port: '2379'
|
||||
tripleo::profile::base::etcd::peer_port: '2380'
|
||||
etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken}
|
||||
|
|
|
@ -268,7 +268,11 @@ outputs:
|
|||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
tripleo::profile::base::glance::api::tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, GlanceApiNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
|
||||
tripleo::profile::base::glance::api::tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template:
|
||||
|
@ -283,7 +287,11 @@ outputs:
|
|||
if:
|
||||
- use_tls_proxy
|
||||
- 'localhost'
|
||||
- {get_param: [ServiceNetMap, GlanceApiNetwork]}
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
|
||||
glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
|
||||
glance_log_file: {get_param: GlanceLogFile}
|
||||
glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneV3Internal, uri] }
|
||||
|
|
|
@ -124,13 +124,18 @@ outputs:
|
|||
$NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
|
||||
tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend}
|
||||
tripleo::profile::base::gnocchi::api::incoming_storage_driver: {get_param: GnocchiIncomingStorageDriver}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
|
||||
gnocchi::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
|
||||
gnocchi::wsgi::apache::wsgi_process_display_name: 'gnocchi_wsgi'
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::gnocchi::api
|
||||
|
|
|
@ -95,15 +95,25 @@ outputs:
|
|||
dport:
|
||||
- 8000
|
||||
- 13800
|
||||
heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
|
||||
heat::api_cfn::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
|
||||
heat::wsgi::apache_api_cfn::ssl: {get_param: EnableInternalTLS}
|
||||
heat::api_cfn::service_name: 'httpd'
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
heat::wsgi::apache_api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
|
||||
heat::wsgi::apache_api_cfn::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
|
||||
heat::wsgi::apache_api_cfn::servername:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
|
@ -101,16 +101,26 @@ outputs:
|
|||
dport:
|
||||
- 8004
|
||||
- 13004
|
||||
heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
|
||||
heat::api::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]}
|
||||
heat::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
|
||||
heat::policy::policies: {get_param: HeatApiPolicies}
|
||||
heat::api::service_name: 'httpd'
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
heat::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
|
||||
heat::wsgi::apache_api::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]}
|
||||
heat::wsgi::apache_api::servername:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
|
@ -115,7 +115,12 @@ outputs:
|
|||
horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
|
||||
horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
|
||||
horizon::vhost_extra_params: {get_param: HorizonVhostExtraParams}
|
||||
horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]}
|
||||
horizon::bind_address:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
|
||||
horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
horizon::password_validator: {get_param: [HorizonPasswordValidator]}
|
||||
horizon::password_validator_help: {get_param: [HorizonPasswordValidatorHelp]}
|
||||
|
|
|
@ -90,19 +90,29 @@ outputs:
|
|||
ironic::api::authtoken::username: 'ironic'
|
||||
ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
ironic::api::host_ip: {get_param: [ServiceNetMap, IronicApiNetwork]}
|
||||
ironic::api::host_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
|
||||
ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
|
||||
# This is used to build links in responses
|
||||
ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
|
||||
ironic::api::service_name: 'httpd'
|
||||
ironic::policy::policies: {get_param: IronicApiPolicies}
|
||||
ironic::wsgi::apache::bind_host: {get_param: [ServiceNetMap, IronicApiNetwork]}
|
||||
ironic::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
|
||||
ironic::wsgi::apache::port: {get_param: [EndpointMap, IronicInternal, port]}
|
||||
ironic::wsgi::apache::servername:
|
||||
str_replace:
|
||||
|
|
|
@ -200,7 +200,12 @@ outputs:
|
|||
ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers}
|
||||
ironic::conductor::enabled_hardware_types: {get_param: IronicEnabledHardwareTypes}
|
||||
# We need an endpoint containing a real IP, not a VIP here
|
||||
ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
ironic_conductor_http_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
ironic::conductor::http_url:
|
||||
list_join:
|
||||
- ''
|
||||
|
@ -209,14 +214,24 @@ outputs:
|
|||
- {get_param: IronicIPXEPort}
|
||||
ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled}
|
||||
ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
ironic::drivers::pxe::tftp_server: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
ironic::pxe::tftp_bind_host: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
ironic::drivers::pxe::tftp_server:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
ironic::pxe::tftp_bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
# NOTE(dtantsur): UEFI only works with iPXE currently for us
|
||||
ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
|
||||
ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
|
||||
|
@ -249,7 +264,12 @@ outputs:
|
|||
# glance and neutron endpoints, virtual console IP. We override
|
||||
# the TFTP server IP in ironic-conductor.yaml as it should not be
|
||||
# the VIP, but rather a real IP of the host.
|
||||
ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
ironic::my_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
ironic::pxe::common::http_port: {get_param: IronicIPXEPort}
|
||||
# Credentials to access other services
|
||||
ironic::cinder::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
|
|
|
@ -113,8 +113,18 @@ outputs:
|
|||
monitoring_subscription: {get_param: MonitoringSubscriptionIronicInspector}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- ironic::inspector::listen_address: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
|
||||
ironic::inspector::dnsmasq_local_ip: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
|
||||
- ironic::inspector::listen_address:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
|
||||
ironic::inspector::dnsmasq_local_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
|
||||
ironic::inspector::dnsmasq_ip_range: {get_param: IronicInspectorIpRange}
|
||||
ironic::inspector::dnsmasq_interface: {get_param: IronicInspectorInterface}
|
||||
ironic::inspector::debug: {get_param: Debug}
|
||||
|
|
|
@ -424,15 +424,25 @@ outputs:
|
|||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
# NOTE: this applies to all 2 bind IP settings below...
|
||||
keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
|
||||
keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
|
||||
keystone::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
|
||||
keystone::wsgi::apache::admin_bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
|
||||
keystone::cron::token_flush::ensure: {get_param: KeystoneCronTokenFlushEnsure}
|
||||
keystone::cron::token_flush::minute: {get_param: KeystoneCronTokenFlushMinute}
|
||||
keystone::cron::token_flush::hour: {get_param: KeystoneCronTokenFlushHour}
|
||||
|
|
|
@ -96,13 +96,18 @@ outputs:
|
|||
dport:
|
||||
- 8786
|
||||
- 13786
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
manila::api::bind_host: {get_param: [ServiceNetMap, ManilaApiNetwork]}
|
||||
manila::api::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, ManilaApiNetwork]}
|
||||
manila::api::enable_proxy_headers_parsing: true
|
||||
manila::api::default_share_type: 'default'
|
||||
|
||||
|
@ -143,4 +148,4 @@ outputs:
|
|||
manila::keystone::auth::password: {get_param: ManilaPassword}
|
||||
manila::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
metadata_settings:
|
||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||
|
|
|
@ -81,7 +81,12 @@ outputs:
|
|||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
memcached::listen_ip: {get_param: [ServiceNetMap, MemcachedNetwork]}
|
||||
memcached::listen_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]}
|
||||
memcached::max_memory: {get_param: MemcachedMaxMemory}
|
||||
# https://access.redhat.com/security/cve/cve-2018-1000115
|
||||
# Only accept TCP to avoid spoofed traffic amplification DoS on UDP.
|
||||
|
|
|
@ -75,7 +75,12 @@ outputs:
|
|||
map_merge:
|
||||
- get_attr: [MistralBase, role_data, config_settings]
|
||||
- mistral::api::api_workers: {get_param: MistralWorkers}
|
||||
mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
|
||||
mistral::api::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
|
||||
mistral::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
||||
mistral::policy::policies: {get_param: MistralApiPolicies}
|
||||
tripleo.mistral_api.firewall_rules:
|
||||
|
@ -84,7 +89,12 @@ outputs:
|
|||
- 8989
|
||||
- 13989
|
||||
mistral::api::service_name: 'httpd'
|
||||
mistral::wsgi::apache::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
|
||||
mistral::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
|
||||
mistral::wsgi::apache::servername:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
|
@ -175,13 +175,17 @@ outputs:
|
|||
- 13696
|
||||
neutron::server::router_distributed: {get_param: NeutronEnableDVR}
|
||||
neutron::server::enable_dvr: {get_param: NeutronEnableDVR}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
tripleo::profile::base::neutron::server::tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, NeutronApiNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
|
||||
tripleo::profile::base::neutron::server::tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template:
|
||||
|
@ -196,7 +200,11 @@ outputs:
|
|||
if:
|
||||
- use_tls_proxy
|
||||
- 'localhost'
|
||||
- {get_param: [ServiceNetMap, NeutronApiNetwork]}
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
|
||||
tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA}
|
||||
-
|
||||
if:
|
||||
|
|
|
@ -76,7 +76,12 @@ outputs:
|
|||
- neutron::agents::ml2::linuxbridge::physical_interface_mappings: {get_param: PhysicalInterfaceMapping}
|
||||
neutron::agents::ml2::linuxbridge::l2_population: {get_param: NeutronEnableL2Pop}
|
||||
neutron::agents::ml2::linuxbridge::tunnel_types: {get_param: NeutronTunnelTypes}
|
||||
neutron::agents::ml2::linuxbridge::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
neutron::agents::ml2::linuxbridge::local_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.BridgeInterfaceDriver'
|
||||
neutron::agents::dhcp::dhcp_driver: 'neutron.agent.linux.dhcp.Dnsmasq'
|
||||
-
|
||||
|
|
|
@ -161,7 +161,12 @@ outputs:
|
|||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
neutron::agents::ml2::ovs::local_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
tripleo.neutron_ovs_agent.firewall_rules:
|
||||
'118 neutron vxlan networks':
|
||||
proto: 'udp'
|
||||
|
|
|
@ -167,12 +167,17 @@ outputs:
|
|||
nova_wsgi_enabled: true
|
||||
nova::api::service_name: 'httpd'
|
||||
nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
nova::wsgi::apache_api::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
nova::wsgi::apache_api::servername:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
|
@ -166,7 +166,12 @@ outputs:
|
|||
service_name: nova_base
|
||||
config_settings:
|
||||
map_merge:
|
||||
- nova::my_ip: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
- nova::my_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
nova::rabbit_password: {get_param: RabbitPassword}
|
||||
nova::rabbit_userid: {get_param: RabbitUserName}
|
||||
nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
|
||||
|
|
|
@ -296,13 +296,18 @@ outputs:
|
|||
- true
|
||||
- false
|
||||
nova::compute::neutron::libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
nova::compute::vncserver_proxyclient_address: {get_param: [ServiceNetMap, NovaVncProxyNetwork]}
|
||||
nova::compute::vncserver_proxyclient_address:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaVncProxyNetwork]}
|
||||
nova::compute::vncproxy_host: {get_param: [EndpointMap, NovaPublic, host_nobrackets]}
|
||||
nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
|
||||
nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]}
|
||||
|
|
|
@ -209,7 +209,12 @@ outputs:
|
|||
nova::compute::libvirt::qemu::configure_qemu: true
|
||||
nova::compute::libvirt::qemu::max_files: 32768
|
||||
nova::compute::libvirt::qemu::max_processes: 131072
|
||||
nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
|
||||
nova::compute::libvirt::vncserver_listen:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
|
||||
nova::migration::qemu::configure_qemu: true
|
||||
nova::migration::qemu::migration_port_min: 61152
|
||||
nova::migration::qemu::migration_port_max: 61215
|
||||
|
@ -229,7 +234,11 @@ outputs:
|
|||
tripleo::profile::base::nova::migration::client::libvirt_tls: true
|
||||
tripleo::profile::base::nova::libvirt::tls_password: {get_param: [LibvirtTLSPassword]}
|
||||
nova::migration::libvirt::listen_address:
|
||||
get_param: [ServiceNetMap, NovaLibvirtNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
|
||||
nova::migration::libvirt::live_migration_inbound_addr:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
|
@ -66,7 +66,11 @@ outputs:
|
|||
if:
|
||||
- use_tls_proxy
|
||||
- 'localhost'
|
||||
- {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
||||
-
|
||||
if:
|
||||
- nova_workers_zero
|
||||
|
@ -76,7 +80,11 @@ outputs:
|
|||
if:
|
||||
- use_tls_proxy
|
||||
- tripleo::profile::base::nova::api::metadata_tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, NovaMetadataNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
||||
tripleo::profile::base::nova::api::metadata_tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
|
@ -56,13 +56,23 @@ outputs:
|
|||
- "%{hiera('cold_migration_ssh_inbound_addr')}"
|
||||
- "%{hiera('live_migration_ssh_inbound_addr')}"
|
||||
live_migration_ssh_inbound_addr:
|
||||
get_param:
|
||||
- ServiceNetMap
|
||||
- str_replace:
|
||||
template: "ROLENAMEHostnameResolveNetwork"
|
||||
params:
|
||||
ROLENAME: {get_param: RoleName}
|
||||
cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK:
|
||||
get_param:
|
||||
- ServiceNetMap
|
||||
- str_replace:
|
||||
template: "ROLENAMEHostnameResolveNetwork"
|
||||
params:
|
||||
ROLENAME: {get_param: RoleName}
|
||||
cold_migration_ssh_inbound_addr:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
tripleo::profile::base::sshd::port:
|
||||
- 22
|
||||
- {get_param: MigrationSshPort}
|
||||
|
|
|
@ -100,12 +100,17 @@ outputs:
|
|||
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
nova::wsgi::apache_placement::api_port: '8778'
|
||||
nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
nova::wsgi::apache_placement::bind_host: {get_param: [ServiceNetMap, NovaPlacementNetwork]}
|
||||
nova::wsgi::apache_placement::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaPlacementNetwork]}
|
||||
nova::wsgi::apache_placement::servername:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
|
@ -115,12 +115,17 @@ outputs:
|
|||
nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
|
||||
nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]}
|
||||
nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
nova::vncproxy::host: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
nova::vncproxy::host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
tripleo.nova_vnc_proxy.firewall_rules:
|
||||
'137 nova_vnc_proxy':
|
||||
dport:
|
||||
|
|
|
@ -136,7 +136,12 @@ outputs:
|
|||
opendaylight::username: {get_param: OpenDaylightUsername}
|
||||
opendaylight::password: {get_param: OpenDaylightPassword}
|
||||
opendaylight::extra_features: {get_param: OpenDaylightFeatures}
|
||||
opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
||||
opendaylight::odl_bind_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
||||
opendaylight::manage_repositories: {get_param: OpenDaylightManageRepositories}
|
||||
tripleo.opendaylight_api.firewall_rules:
|
||||
'137 opendaylight api':
|
||||
|
|
|
@ -212,7 +212,12 @@ outputs:
|
|||
neutron::plugins::ovs::opendaylight::odl_username: {get_param: OpenDaylightUsername}
|
||||
neutron::plugins::ovs::opendaylight::odl_password: {get_param: OpenDaylightPassword}
|
||||
opendaylight_check_url: {get_param: OpenDaylightCheckURL}
|
||||
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
neutron::agents::ml2::ovs::local_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
tripleo.opendaylight_ovs.firewall_rules:
|
||||
'118 neutron vxlan networks':
|
||||
proto: 'udp'
|
||||
|
|
|
@ -94,7 +94,12 @@ outputs:
|
|||
map_merge:
|
||||
- get_attr: [RoleParametersValue, value]
|
||||
- ovn::southbound::port: {get_param: OVNSouthboundServerPort}
|
||||
ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
ovn::controller::ovn_encap_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
ovn::controller::ovn_bridge: {get_param: OVNIntegrationBridge}
|
||||
nova::compute::force_config_drive: {if: [force_config_drive, true, false]}
|
||||
tripleo.ovn_controller.firewall_rules:
|
||||
|
|
|
@ -47,7 +47,12 @@ outputs:
|
|||
config_settings:
|
||||
ovn::northbound::port: {get_param: OVNNorthboundServerPort}
|
||||
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
|
||||
ovn::northd::dbs_listen_ip: {get_param: [ServiceNetMap, OvnDbsNetwork]}
|
||||
ovn::northd::dbs_listen_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
|
||||
tripleo::haproxy::ovn_dbs_manage_lb: true
|
||||
tripleo.ovn_dbs.firewall_rules:
|
||||
'121 OVN DB server ports':
|
||||
|
|
|
@ -63,14 +63,18 @@ outputs:
|
|||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
tripleo::profile::pacemaker::database::mysql::gmcast_listen_addr:
|
||||
get_param: [ServiceNetMap, MysqlNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
tripleo::profile::pacemaker::database::mysql::ca_file:
|
||||
get_param: InternalTLSCAFile
|
||||
step_config: |
|
||||
|
|
|
@ -65,7 +65,11 @@ outputs:
|
|||
redis::notify_service: false
|
||||
redis::managed_by_cluster_manager: true
|
||||
tripleo::profile::pacemaker::database::redis::tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, RedisNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
|
||||
tripleo::profile::pacemaker::database::redis::tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
|
@ -103,13 +103,18 @@ outputs:
|
|||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
panko::wsgi::apache::bind_host: {get_param: [ServiceNetMap, PankoApiNetwork]}
|
||||
panko::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
|
||||
service_config_settings:
|
||||
get_attr: [PankoBase, role_data, service_config_settings]
|
||||
step_config: |
|
||||
|
|
|
@ -61,7 +61,12 @@ outputs:
|
|||
'109 qdr':
|
||||
dport:
|
||||
- {get_param: RabbitClientPort}
|
||||
qdr::listener_addr: {get_param: [ServiceNetMap, QdrNetwork]}
|
||||
qdr::listener_addr:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, QdrNetwork]}
|
||||
# cannot pass qdr::listener_port directly because it needs to be a string
|
||||
# we do the conversion in the puppet layer
|
||||
tripleo::profile::base::qdr::qdr_listener_port: {get_param: RabbitClientPort}
|
||||
|
|
|
@ -129,20 +129,30 @@ outputs:
|
|||
passwords:
|
||||
- {get_param: RabbitCookie}
|
||||
- {get_param: [DefaultPasswords, rabbit_cookie]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
rabbitmq::interface: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
rabbitmq::interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues}
|
||||
rabbitmq::ssl: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_port: 5672
|
||||
rabbitmq::ssl_depth: 1
|
||||
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_interface: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
rabbitmq::ssl_interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
# TODO(jaosorior): Remove this once we set a proper default in
|
||||
# puppet-tripleo
|
||||
tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}
|
||||
|
|
|
@ -80,12 +80,17 @@ outputs:
|
|||
- sahara::port: {get_param: [EndpointMap, SaharaInternal, port]}
|
||||
sahara::policy::policies: {get_param: SaharaApiPolicies}
|
||||
sahara::service::api::api_workers: {get_param: SaharaWorkers}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
sahara::host: {get_param: [ServiceNetMap, SaharaApiNetwork]}
|
||||
sahara::host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, SaharaApiNetwork]}
|
||||
tripleo.sahara_api.firewall_rules:
|
||||
'132 sahara':
|
||||
dport:
|
||||
|
|
|
@ -207,14 +207,18 @@ outputs:
|
|||
- 'proxy-logging'
|
||||
- 'proxy-server'
|
||||
swift::proxy::account_autocreate: true
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
tripleo::profile::base::swift::proxy::tls_proxy_bind_ip:
|
||||
get_param: [ServiceNetMap, SwiftProxyNetwork]
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
|
||||
tripleo::profile::base::swift::proxy::tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template:
|
||||
|
@ -228,7 +232,11 @@ outputs:
|
|||
if:
|
||||
- use_tls_proxy
|
||||
- 'localhost'
|
||||
- {get_param: [ServiceNetMap, SwiftProxyNetwork]}
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::swift::proxy
|
||||
service_config_settings:
|
||||
|
|
|
@ -130,7 +130,12 @@ outputs:
|
|||
- healthcheck
|
||||
- account-server
|
||||
swift::storage::disks::args: {get_param: SwiftRawDisks}
|
||||
swift::storage::all::storage_local_net_ip: {get_param: [ServiceNetMap, SwiftStorageNetwork]}
|
||||
swift::storage::all::storage_local_net_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, SwiftStorageNetwork]}
|
||||
swift::storage::all::account_server_workers: {get_param: SwiftAccountWorkers}
|
||||
swift::storage::all::container_server_workers: {get_param: SwiftContainerWorkers}
|
||||
swift::storage::all::object_server_workers: {get_param: SwiftObjectWorkers}
|
||||
|
|
|
@ -111,7 +111,12 @@ outputs:
|
|||
tacker::rabbit_password: {get_param: RabbitPassword}
|
||||
tacker::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
|
||||
tacker::rabbit_port: {get_param: RabbitClientPort}
|
||||
tacker::server::bind_host: {get_param: [ServiceNetMap, TackerApiNetwork]}
|
||||
tacker::server::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, TackerApiNetwork]}
|
||||
|
||||
tacker::keystone::authtoken::project_name: 'service'
|
||||
tacker::keystone::authtoken::user_domain_name: 'Default'
|
||||
|
|
|
@ -112,10 +112,25 @@ outputs:
|
|||
- {get_param: Debug }
|
||||
- {get_param: ZaqarDebug }
|
||||
zaqar::server::service_name: 'httpd'
|
||||
zaqar::transport::websocket::bind: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
||||
zaqar::transport::websocket::notification_bind: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
||||
zaqar::transport::websocket::bind:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
||||
zaqar::transport::websocket::notification_bind:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
||||
zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
||||
zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
||||
zaqar::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
|
||||
zaqar::message_pipeline: 'zaqar.notification.notifier'
|
||||
zaqar::max_messages_post_size: 1048576
|
||||
zaqar::unreliable: true
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
upgrade:
|
||||
- |
|
||||
Per-service config_settings should now use hiera interpolation to set
|
||||
the bind IP for services, e.g "%{hiera('internal_api')}" whereas prior
|
||||
to this release we replaced e.g internal_api for the IP address internally.
|
||||
The network name can still be derived from the ServiceNetMap - all the
|
||||
in-tree templates have been converted to the new format, but any out
|
||||
of tree templates may require similar adjustment.
|
Loading…
Reference in New Issue