Manage all Keystone resources with Ansible
Depends-On: I557d8f33c9c699aed14b3b6fc1d1c0407365cd08 Depends-On: Ia68f8852662fb4abbd194954a246afb740bf3f71 Change-Id: I96a3351fca26cd8bb122a86cb4c3a58d5f88573e
This commit is contained in:
parent
914ca3eb28
commit
7f40baabcd
|
@ -218,6 +218,10 @@ parameters:
|
||||||
default: []
|
default: []
|
||||||
description: List of VIP (virtual IP) hosts entries to be appended to /etc/hosts
|
description: List of VIP (virtual IP) hosts entries to be appended to /etc/hosts
|
||||||
type: comma_delimited_list
|
type: comma_delimited_list
|
||||||
|
KeystoneResourcesConfigs:
|
||||||
|
description: The keystone resources config.
|
||||||
|
type: json
|
||||||
|
default: {}
|
||||||
|
|
||||||
conditions:
|
conditions:
|
||||||
{% for role in enabled_roles %}
|
{% for role in enabled_roles %}
|
||||||
|
@ -389,6 +393,7 @@ outputs:
|
||||||
undercloud_hosts_entries: {get_param: UndercloudHostsEntries}
|
undercloud_hosts_entries: {get_param: UndercloudHostsEntries}
|
||||||
extra_hosts_entries: {get_param: ExtraHostsEntries}
|
extra_hosts_entries: {get_param: ExtraHostsEntries}
|
||||||
vip_hosts_entries: {get_param: VipHostsEntries}
|
vip_hosts_entries: {get_param: VipHostsEntries}
|
||||||
|
keystone_resources: {get_param: KeystoneResourcesConfigs}
|
||||||
common_deploy_steps_tasks: {get_file: deploy-steps-tasks.yaml}
|
common_deploy_steps_tasks: {get_file: deploy-steps-tasks.yaml}
|
||||||
deploy_steps_tasks_step_0: {get_file: deploy-steps-tasks-step-0.yaml}
|
deploy_steps_tasks_step_0: {get_file: deploy-steps-tasks-step-0.yaml}
|
||||||
common_deploy_steps_tasks_step_1: {get_file: deploy-steps-tasks-step-1.yaml}
|
common_deploy_steps_tasks_step_1: {get_file: deploy-steps-tasks-step-1.yaml}
|
||||||
|
|
|
@ -133,6 +133,16 @@ resources:
|
||||||
expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('global_config_settings')).where($ != null))
|
expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('global_config_settings')).where($ != null))
|
||||||
data: {role_data: {get_attr: [ServiceChain, role_data]}}
|
data: {role_data: {get_attr: [ServiceChain, role_data]}}
|
||||||
|
|
||||||
|
KeystoneResourcesConfigs:
|
||||||
|
type: OS::Heat::Value
|
||||||
|
properties:
|
||||||
|
type: json
|
||||||
|
value:
|
||||||
|
map_merge:
|
||||||
|
yaql:
|
||||||
|
expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('keystone_resources')).where($ != null))
|
||||||
|
data: {role_data: {get_attr: [ServiceChain, role_data]}}
|
||||||
|
|
||||||
ServiceConfigSettings:
|
ServiceConfigSettings:
|
||||||
type: OS::Heat::Value
|
type: OS::Heat::Value
|
||||||
properties:
|
properties:
|
||||||
|
@ -381,6 +391,7 @@ outputs:
|
||||||
upgrade_batch_tasks: {get_attr: [UpgradeBatchTasks, value]}
|
upgrade_batch_tasks: {get_attr: [UpgradeBatchTasks, value]}
|
||||||
service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]}
|
service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]}
|
||||||
ansible_group_vars: {get_attr: [AnsibleGroupVars, value]}
|
ansible_group_vars: {get_attr: [AnsibleGroupVars, value]}
|
||||||
|
keystone_resources: {get_attr: [KeystoneResourcesConfigs, value]}
|
||||||
|
|
||||||
# Keys to support docker/services
|
# Keys to support docker/services
|
||||||
puppet_config: {get_attr: [PuppetConfig, value]}
|
puppet_config: {get_attr: [PuppetConfig, value]}
|
||||||
|
|
|
@ -52,6 +52,14 @@ parameters:
|
||||||
e.g. { aodh-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
e.g. { aodh-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
||||||
default: {}
|
default: {}
|
||||||
type: json
|
type: json
|
||||||
|
KeystoneRegion:
|
||||||
|
type: string
|
||||||
|
default: 'regionOne'
|
||||||
|
description: Keystone region for endpoint
|
||||||
|
AodhPassword:
|
||||||
|
description: The password for the aodh services.
|
||||||
|
type: string
|
||||||
|
hidden: true
|
||||||
|
|
||||||
conditions:
|
conditions:
|
||||||
|
|
||||||
|
@ -96,6 +104,17 @@ outputs:
|
||||||
dport:
|
dport:
|
||||||
- 8042
|
- 8042
|
||||||
- 13042
|
- 13042
|
||||||
|
keystone_resources:
|
||||||
|
aodh:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, AodhPublic, uri]}
|
||||||
|
internal: {get_param: [EndpointMap, AodhInternal, uri]}
|
||||||
|
admin: {get_param: [EndpointMap, AodhAdmin, uri]}
|
||||||
|
users:
|
||||||
|
aodh:
|
||||||
|
password: {get_param: AodhPassword}
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'alarming'
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionAodhApi}
|
monitoring_subscription: {get_param: MonitoringSubscriptionAodhApi}
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
|
|
|
@ -111,13 +111,6 @@ outputs:
|
||||||
aodh::auth::auth_region: {get_param: KeystoneRegion}
|
aodh::auth::auth_region: {get_param: KeystoneRegion}
|
||||||
aodh::auth::auth_tenant_name: 'service'
|
aodh::auth::auth_tenant_name: 'service'
|
||||||
service_config_settings:
|
service_config_settings:
|
||||||
keystone:
|
|
||||||
aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]}
|
|
||||||
aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]}
|
|
||||||
aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]}
|
|
||||||
aodh::keystone::auth::password: {get_param: AodhPassword}
|
|
||||||
aodh::keystone::auth::region: {get_param: KeystoneRegion}
|
|
||||||
aodh::keystone::auth::tenant: 'service'
|
|
||||||
mysql:
|
mysql:
|
||||||
aodh::db::mysql::user: aodh
|
aodh::db::mysql::user: aodh
|
||||||
aodh::db::mysql::password: {get_param: AodhPassword}
|
aodh::db::mysql::password: {get_param: AodhPassword}
|
||||||
|
|
|
@ -192,6 +192,22 @@ outputs:
|
||||||
dport:
|
dport:
|
||||||
- 9311
|
- 9311
|
||||||
- 13311
|
- 13311
|
||||||
|
keystone_resources:
|
||||||
|
barbican:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, BarbicanPublic, uri]}
|
||||||
|
internal: {get_param: [EndpointMap, BarbicanInternal, uri]}
|
||||||
|
admin: {get_param: [EndpointMap, BarbicanAdmin, uri]}
|
||||||
|
users:
|
||||||
|
barbican:
|
||||||
|
password: {get_param: BarbicanPassword}
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'key-manager'
|
||||||
|
roles:
|
||||||
|
- key-manager:service-admin
|
||||||
|
- creator
|
||||||
|
- observer
|
||||||
|
- audit
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||||
|
@ -260,12 +276,6 @@ outputs:
|
||||||
- '%'
|
- '%'
|
||||||
- "%{hiera('mysql_bind_host')}"
|
- "%{hiera('mysql_bind_host')}"
|
||||||
keystone:
|
keystone:
|
||||||
barbican::keystone::auth::public_url: {get_param: [EndpointMap, BarbicanPublic, uri]}
|
|
||||||
barbican::keystone::auth::internal_url: {get_param: [EndpointMap, BarbicanInternal, uri]}
|
|
||||||
barbican::keystone::auth::admin_url: {get_param: [EndpointMap, BarbicanAdmin, uri]}
|
|
||||||
barbican::keystone::auth::password: {get_param: BarbicanPassword}
|
|
||||||
barbican::keystone::auth::region: {get_param: KeystoneRegion}
|
|
||||||
barbican::keystone::auth::tenant: 'service'
|
|
||||||
tripleo::profile::base::keystone::barbican_notification_topics: ['barbican_notifications']
|
tripleo::profile::base::keystone::barbican_notification_topics: ['barbican_notifications']
|
||||||
nova_compute:
|
nova_compute:
|
||||||
nova::compute::keymgr_backend: >
|
nova::compute::keymgr_backend: >
|
||||||
|
|
|
@ -52,6 +52,10 @@ parameters:
|
||||||
default: false
|
default: false
|
||||||
description: Whether to enable gnocchi usage.
|
description: Whether to enable gnocchi usage.
|
||||||
type: boolean
|
type: boolean
|
||||||
|
CeilometerPassword:
|
||||||
|
description: The password for the ceilometer service account.
|
||||||
|
type: string
|
||||||
|
hidden: true
|
||||||
|
|
||||||
conditions:
|
conditions:
|
||||||
ceilometer_enable_gnocchi: {equals: [{get_param: CeilometerEnableGnocchi}, True]}
|
ceilometer_enable_gnocchi: {equals: [{get_param: CeilometerEnableGnocchi}, True]}
|
||||||
|
@ -77,6 +81,13 @@ outputs:
|
||||||
value:
|
value:
|
||||||
service_name: ceilometer_agent_central
|
service_name: ceilometer_agent_central
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCentral}
|
monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCentral}
|
||||||
|
keystone_resources:
|
||||||
|
ceilometer:
|
||||||
|
users:
|
||||||
|
ceilometer:
|
||||||
|
password: {get_param: CeilometerPassword}
|
||||||
|
roles:
|
||||||
|
- admin
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
- get_attr: [CeilometerServiceBase, role_data, config_settings]
|
- get_attr: [CeilometerServiceBase, role_data, config_settings]
|
||||||
|
|
|
@ -179,11 +179,5 @@ outputs:
|
||||||
- {}
|
- {}
|
||||||
service_config_settings:
|
service_config_settings:
|
||||||
keystone:
|
keystone:
|
||||||
ceilometer_auth_enabled: true
|
|
||||||
# NOTE(aschultz): no endpoints since ceilometer api removal
|
|
||||||
ceilometer::keystone::auth::configure_endpoint: false
|
|
||||||
ceilometer::keystone::auth::password: {get_param: CeilometerPassword}
|
|
||||||
ceilometer::keystone::auth::region: {get_param: KeystoneRegion}
|
|
||||||
ceilometer::keystone::auth::tenant: 'service'
|
|
||||||
# Enable default notification queue
|
# Enable default notification queue
|
||||||
tripleo::profile::base::keystone::ceilometer_notification_topics: ["notifications"]
|
tripleo::profile::base::keystone::ceilometer_notification_topics: ["notifications"]
|
||||||
|
|
|
@ -85,6 +85,22 @@ outputs:
|
||||||
- dashboard_enabled
|
- dashboard_enabled
|
||||||
- - '9100'
|
- - '9100'
|
||||||
- []
|
- []
|
||||||
|
keystone_resources:
|
||||||
|
swift:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, CephRgwPublic, uri]}
|
||||||
|
internal: {get_param: [EndpointMap, CephRgwInternal, uri]}
|
||||||
|
admin: {get_param: [EndpointMap, CephRgwAdmin, uri]}
|
||||||
|
users:
|
||||||
|
swift:
|
||||||
|
password: {get_param: SwiftPassword}
|
||||||
|
roles:
|
||||||
|
- admin
|
||||||
|
- member
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'object-store'
|
||||||
|
roles:
|
||||||
|
- member
|
||||||
upgrade_tasks: []
|
upgrade_tasks: []
|
||||||
puppet_config:
|
puppet_config:
|
||||||
config_image: ''
|
config_image: ''
|
||||||
|
@ -107,13 +123,3 @@ outputs:
|
||||||
content: "{{ceph_ansible_group_vars_rgws|to_nice_yaml}}"
|
content: "{{ceph_ansible_group_vars_rgws|to_nice_yaml}}"
|
||||||
external_update_tasks: {get_attr: [CephBase, role_data, external_update_tasks]}
|
external_update_tasks: {get_attr: [CephBase, role_data, external_update_tasks]}
|
||||||
external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]}
|
external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]}
|
||||||
service_config_settings:
|
|
||||||
keystone:
|
|
||||||
ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]}
|
|
||||||
ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
|
|
||||||
ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
|
|
||||||
ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
|
|
||||||
ceph::rgw::keystone::auth::roles: [ 'admin', 'member' ]
|
|
||||||
ceph::rgw::keystone::auth::tenant: service
|
|
||||||
ceph::rgw::keystone::auth::user: swift
|
|
||||||
ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
|
|
||||||
|
|
|
@ -78,6 +78,9 @@ parameters:
|
||||||
type: string
|
type: string
|
||||||
default: 'messagingv2'
|
default: 'messagingv2'
|
||||||
description: Driver or drivers to handle sending notifications.
|
description: Driver or drivers to handle sending notifications.
|
||||||
|
RootStackName:
|
||||||
|
description: The name of the stack/plan.
|
||||||
|
type: string
|
||||||
|
|
||||||
conditions:
|
conditions:
|
||||||
|
|
||||||
|
@ -123,11 +126,46 @@ outputs:
|
||||||
dport:
|
dport:
|
||||||
- 8776
|
- 8776
|
||||||
- 13776
|
- 13776
|
||||||
|
keystone_resources:
|
||||||
|
cinder:
|
||||||
|
users:
|
||||||
|
cinder:
|
||||||
|
password: {get_param: CinderPassword}
|
||||||
|
roles:
|
||||||
|
- admin
|
||||||
|
- service
|
||||||
|
cinderv2:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, CinderV2Public, uri]}
|
||||||
|
internal: {get_param: [EndpointMap, CinderV2Internal, uri]}
|
||||||
|
admin: {get_param: [EndpointMap, CinderV2Admin, uri]}
|
||||||
|
users:
|
||||||
|
cinderv2:
|
||||||
|
password: {get_param: CinderPassword}
|
||||||
|
roles:
|
||||||
|
- admin
|
||||||
|
- service
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'volumev2'
|
||||||
|
cinderv3:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, CinderV3Public, uri]}
|
||||||
|
internal: {get_param: [EndpointMap, CinderV3Internal, uri]}
|
||||||
|
admin: {get_param: [EndpointMap, CinderV3Admin, uri]}
|
||||||
|
users:
|
||||||
|
cinderv3:
|
||||||
|
password: {get_param: CinderPassword}
|
||||||
|
roles:
|
||||||
|
- admin
|
||||||
|
- service
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'volumev3'
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionCinderApi}
|
monitoring_subscription: {get_param: MonitoringSubscriptionCinderApi}
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
- get_attr: [CinderBase, role_data, config_settings]
|
- get_attr: [CinderBase, role_data, config_settings]
|
||||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||||
|
- keystone_resources_managed: false
|
||||||
- cinder::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
- cinder::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||||
cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||||
cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||||
|
@ -185,17 +223,6 @@ outputs:
|
||||||
- rsyslog:
|
- rsyslog:
|
||||||
tripleo_logging_sources_cinder_api:
|
tripleo_logging_sources_cinder_api:
|
||||||
- {get_param: CinderApiLoggingSource}
|
- {get_param: CinderApiLoggingSource}
|
||||||
keystone:
|
|
||||||
cinder::keystone::auth::tenant: 'service'
|
|
||||||
cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
|
|
||||||
cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
|
|
||||||
cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
|
|
||||||
cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]}
|
|
||||||
cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]}
|
|
||||||
cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]}
|
|
||||||
cinder::keystone::auth::password: {get_param: CinderPassword}
|
|
||||||
cinder::keystone::auth::region: {get_param: KeystoneRegion}
|
|
||||||
cinder::keystone::auth::roles: ['admin', 'service']
|
|
||||||
mysql:
|
mysql:
|
||||||
cinder::db::mysql::password: {get_param: CinderPassword}
|
cinder::db::mysql::password: {get_param: CinderPassword}
|
||||||
cinder::db::mysql::user: cinder
|
cinder::db::mysql::user: cinder
|
||||||
|
@ -413,3 +440,20 @@ outputs:
|
||||||
when:
|
when:
|
||||||
- step|int == 8
|
- step|int == 8
|
||||||
- is_bootstrap_node|bool
|
- is_bootstrap_node|bool
|
||||||
|
external_deploy_tasks:
|
||||||
|
- name: Manage Cinder Volume Type
|
||||||
|
become: true
|
||||||
|
vars:
|
||||||
|
default_volume_type: {get_param: CinderDefaultVolumeType}
|
||||||
|
environment:
|
||||||
|
OS_CLOUD: {get_param: RootStackName}
|
||||||
|
when:
|
||||||
|
- step|int == 5
|
||||||
|
- not ansible_check_mode|bool
|
||||||
|
shell: |
|
||||||
|
if ! openstack volume type show "{{ default_volume_type }}"; then
|
||||||
|
openstack volume type create --public "{{ default_volume_type }}"
|
||||||
|
fi
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
|
changed_when: false
|
||||||
|
|
|
@ -84,6 +84,17 @@ outputs:
|
||||||
dport:
|
dport:
|
||||||
- 9001
|
- 9001
|
||||||
- 13001
|
- 13001
|
||||||
|
keystone_resources:
|
||||||
|
designate:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, DesignatePublic, uri_no_suffix]}
|
||||||
|
internal: {get_param: [EndpointMap, DesignateInternal, uri_no_suffix]}
|
||||||
|
admin: {get_param: [EndpointMap, DesignateAdmin, uri_no_suffix]}
|
||||||
|
users:
|
||||||
|
designate:
|
||||||
|
password: {get_param: DesignatePassword}
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'dns'
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionDesignateApi}
|
monitoring_subscription: {get_param: MonitoringSubscriptionDesignateApi}
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
|
@ -105,13 +116,6 @@ outputs:
|
||||||
- {}
|
- {}
|
||||||
- designate::api::workers: {get_param: DesignateWorkers}
|
- designate::api::workers: {get_param: DesignateWorkers}
|
||||||
service_config_settings:
|
service_config_settings:
|
||||||
keystone:
|
|
||||||
designate::keystone::auth::tenant: 'service'
|
|
||||||
designate::keystone::auth::public_url: {get_param: [EndpointMap, DesignatePublic, uri_no_suffix]}
|
|
||||||
designate::keystone::auth::internal_url: { get_param: [ EndpointMap, DesignateInternal, uri_no_suffix ] }
|
|
||||||
designate::keystone::auth::admin_url: { get_param: [ EndpointMap, DesignateAdmin, uri_no_suffix ] }
|
|
||||||
designate::keystone::auth::password: {get_param: DesignatePassword}
|
|
||||||
designate::keystone::auth::region: {get_param: KeystoneRegion}
|
|
||||||
neutron_api:
|
neutron_api:
|
||||||
neutron::designate::password: {get_param: NeutronPassword}
|
neutron::designate::password: {get_param: NeutronPassword}
|
||||||
neutron::designate::url: {get_param: [EndpointMap, DesignateInternal, uri]}
|
neutron::designate::url: {get_param: [EndpointMap, DesignateInternal, uri]}
|
||||||
|
|
|
@ -299,6 +299,17 @@ outputs:
|
||||||
dport:
|
dport:
|
||||||
- 9292
|
- 9292
|
||||||
- 13292
|
- 13292
|
||||||
|
keystone_resources:
|
||||||
|
glance:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, GlancePublic, uri]}
|
||||||
|
internal: {get_param: [EndpointMap, GlanceInternal, uri]}
|
||||||
|
admin: {get_param: [EndpointMap, GlanceAdmin, uri]}
|
||||||
|
users:
|
||||||
|
glance:
|
||||||
|
password: {get_param: GlancePassword}
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'image'
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi}
|
monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi}
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
|
@ -438,13 +449,6 @@ outputs:
|
||||||
- {}
|
- {}
|
||||||
- glance::api::sync_db: false
|
- glance::api::sync_db: false
|
||||||
service_config_settings:
|
service_config_settings:
|
||||||
keystone:
|
|
||||||
glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
|
|
||||||
glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
|
|
||||||
glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
|
|
||||||
glance::keystone::auth::password: {get_param: GlancePassword }
|
|
||||||
glance::keystone::auth::region: {get_param: KeystoneRegion}
|
|
||||||
glance::keystone::auth::tenant: 'service'
|
|
||||||
mysql:
|
mysql:
|
||||||
glance::db::mysql::password: {get_param: GlancePassword}
|
glance::db::mysql::password: {get_param: GlancePassword}
|
||||||
glance::db::mysql::user: glance
|
glance::db::mysql::user: glance
|
||||||
|
|
|
@ -142,6 +142,17 @@ outputs:
|
||||||
dport:
|
dport:
|
||||||
- 8041
|
- 8041
|
||||||
- 13041
|
- 13041
|
||||||
|
keystone_resources:
|
||||||
|
gnocchi:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, GnocchiPublic, uri]}
|
||||||
|
internal: {get_param: [EndpointMap, GnocchiInternal, uri]}
|
||||||
|
admin: {get_param: [EndpointMap, GnocchiAdmin, uri]}
|
||||||
|
users:
|
||||||
|
gnocchi:
|
||||||
|
password: {get_param: GnocchiPassword}
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'metric'
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi}
|
monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi}
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
|
@ -197,13 +208,6 @@ outputs:
|
||||||
- rsyslog:
|
- rsyslog:
|
||||||
tripleo_logging_sources_gnocchi_api:
|
tripleo_logging_sources_gnocchi_api:
|
||||||
- {get_param: GnocchiApiLoggingSource}
|
- {get_param: GnocchiApiLoggingSource}
|
||||||
keystone:
|
|
||||||
gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
|
|
||||||
gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
|
|
||||||
gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
|
|
||||||
gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
|
|
||||||
gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
|
|
||||||
gnocchi::keystone::auth::tenant: 'service'
|
|
||||||
mysql:
|
mysql:
|
||||||
gnocchi::db::mysql::password: {get_param: GnocchiPassword}
|
gnocchi::db::mysql::password: {get_param: GnocchiPassword}
|
||||||
gnocchi::db::mysql::user: gnocchi
|
gnocchi::db::mysql::user: gnocchi
|
||||||
|
|
|
@ -105,6 +105,17 @@ outputs:
|
||||||
dport:
|
dport:
|
||||||
- 8000
|
- 8000
|
||||||
- 13800
|
- 13800
|
||||||
|
keystone_resources:
|
||||||
|
heat-cfn:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, HeatCfnPublic, uri]}
|
||||||
|
internal: {get_param: [EndpointMap, HeatCfnInternal, uri]}
|
||||||
|
admin: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
|
||||||
|
users:
|
||||||
|
heat-cfn:
|
||||||
|
password: {get_param: HeatPassword}
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'cloudformation'
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCnf}
|
monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCnf}
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
|
@ -145,15 +156,6 @@ outputs:
|
||||||
rsyslog:
|
rsyslog:
|
||||||
tripleo_logging_sources_heat_api_cfn:
|
tripleo_logging_sources_heat_api_cfn:
|
||||||
- {get_param: HeatApiCfnLoggingSource}
|
- {get_param: HeatApiCfnLoggingSource}
|
||||||
keystone:
|
|
||||||
map_merge:
|
|
||||||
- get_attr: [HeatBase, role_data, service_config_settings, keystone]
|
|
||||||
- heat::keystone::auth_cfn::tenant: 'service'
|
|
||||||
heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]}
|
|
||||||
heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]}
|
|
||||||
heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
|
|
||||||
heat::keystone::auth_cfn::password: {get_param: HeatPassword}
|
|
||||||
heat::keystone::auth_cfn::region: {get_param: KeystoneRegion}
|
|
||||||
# BEGIN DOCKER SETTINGS
|
# BEGIN DOCKER SETTINGS
|
||||||
puppet_config:
|
puppet_config:
|
||||||
config_volume: heat_api_cfn
|
config_volume: heat_api_cfn
|
||||||
|
|
|
@ -74,6 +74,10 @@ parameters:
|
||||||
e.g. { heat-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
e.g. { heat-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
||||||
default: {}
|
default: {}
|
||||||
type: json
|
type: json
|
||||||
|
HeatStackDomainAdminPassword:
|
||||||
|
description: Password for heat_stack_domain_admin user.
|
||||||
|
type: string
|
||||||
|
hidden: true
|
||||||
|
|
||||||
conditions:
|
conditions:
|
||||||
|
|
||||||
|
@ -119,6 +123,26 @@ outputs:
|
||||||
dport:
|
dport:
|
||||||
- 8004
|
- 8004
|
||||||
- 13004
|
- 13004
|
||||||
|
keystone_resources:
|
||||||
|
heat:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, HeatPublic, uri]}
|
||||||
|
internal: {get_param: [EndpointMap, HeatInternal, uri]}
|
||||||
|
admin: {get_param: [EndpointMap, HeatAdmin, uri]}
|
||||||
|
users:
|
||||||
|
heat:
|
||||||
|
password: {get_param: HeatPassword}
|
||||||
|
heat_stack_domain_admin:
|
||||||
|
password: {get_param: HeatStackDomainAdminPassword}
|
||||||
|
roles:
|
||||||
|
- admin
|
||||||
|
domain: heat_stack
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'orchestration'
|
||||||
|
roles:
|
||||||
|
- heat_stack_user
|
||||||
|
domains:
|
||||||
|
- heat_stack
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionHeatApi}
|
monitoring_subscription: {get_param: MonitoringSubscriptionHeatApi}
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
|
@ -161,15 +185,6 @@ outputs:
|
||||||
rsyslog:
|
rsyslog:
|
||||||
tripleo_logging_sources_heat_api:
|
tripleo_logging_sources_heat_api:
|
||||||
- {get_param: HeatApiLoggingSource}
|
- {get_param: HeatApiLoggingSource}
|
||||||
keystone:
|
|
||||||
map_merge:
|
|
||||||
- get_attr: [HeatBase, role_data, service_config_settings, keystone]
|
|
||||||
- heat::keystone::auth::tenant: 'service'
|
|
||||||
heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]}
|
|
||||||
heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]}
|
|
||||||
heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
|
|
||||||
heat::keystone::auth::password: {get_param: HeatPassword}
|
|
||||||
heat::keystone::auth::region: {get_param: KeystoneRegion}
|
|
||||||
# BEGIN DOCKER SETTINGS
|
# BEGIN DOCKER SETTINGS
|
||||||
puppet_config:
|
puppet_config:
|
||||||
config_volume: heat_api
|
config_volume: heat_api
|
||||||
|
|
|
@ -186,8 +186,3 @@ outputs:
|
||||||
heat::cron::purge_deleted::age_type: {get_param: HeatCronPurgeDeletedAgeType}
|
heat::cron::purge_deleted::age_type: {get_param: HeatCronPurgeDeletedAgeType}
|
||||||
heat::cron::purge_deleted::destination: {get_param: HeatCronPurgeDeletedDestination}
|
heat::cron::purge_deleted::destination: {get_param: HeatCronPurgeDeletedDestination}
|
||||||
heat::max_json_body_size: {get_param: HeatMaxJsonBodySize}
|
heat::max_json_body_size: {get_param: HeatMaxJsonBodySize}
|
||||||
service_config_settings:
|
|
||||||
keystone:
|
|
||||||
tripleo::profile::base::keystone::heat_admin_domain: 'heat_stack'
|
|
||||||
tripleo::profile::base::keystone::heat_admin_user: 'heat_stack_domain_admin'
|
|
||||||
tripleo::profile::base::keystone::heat_admin_email: 'heat_stack_domain_admin@localhost'
|
|
||||||
|
|
|
@ -216,10 +216,6 @@ outputs:
|
||||||
heat::db::mysql::allowed_hosts:
|
heat::db::mysql::allowed_hosts:
|
||||||
- '%'
|
- '%'
|
||||||
- "%{hiera('mysql_bind_host')}"
|
- "%{hiera('mysql_bind_host')}"
|
||||||
keystone:
|
|
||||||
map_merge:
|
|
||||||
- get_attr: [HeatBase, role_data, service_config_settings, keystone]
|
|
||||||
- tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword}
|
|
||||||
# BEGIN DOCKER SETTINGS
|
# BEGIN DOCKER SETTINGS
|
||||||
puppet_config:
|
puppet_config:
|
||||||
config_volume: heat
|
config_volume: heat
|
||||||
|
|
|
@ -203,9 +203,8 @@ outputs:
|
||||||
- debug_unset
|
- debug_unset
|
||||||
- horizon::django_debug: { get_param: HorizonDebug }
|
- horizon::django_debug: { get_param: HorizonDebug }
|
||||||
- horizon::django_debug: { get_param: Debug }
|
- horizon::django_debug: { get_param: Debug }
|
||||||
service_config_settings:
|
ansible_group_vars:
|
||||||
keystone:
|
keystone_enable_member: true
|
||||||
keystone_enable_member: true
|
|
||||||
# BEGIN DOCKER SETTINGS
|
# BEGIN DOCKER SETTINGS
|
||||||
puppet_config:
|
puppet_config:
|
||||||
config_volume: horizon
|
config_volume: horizon
|
||||||
|
|
|
@ -105,6 +105,17 @@ outputs:
|
||||||
dport:
|
dport:
|
||||||
- 6385
|
- 6385
|
||||||
- 13385
|
- 13385
|
||||||
|
keystone_resources:
|
||||||
|
ironic:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
|
||||||
|
internal: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
|
||||||
|
admin: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
|
||||||
|
users:
|
||||||
|
ironic:
|
||||||
|
password: {get_param: IronicPassword}
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'baremetal'
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionIronicApi}
|
monitoring_subscription: {get_param: MonitoringSubscriptionIronicApi}
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
|
@ -159,14 +170,6 @@ outputs:
|
||||||
ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
|
ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
|
||||||
- apache::default_vhost: false
|
- apache::default_vhost: false
|
||||||
service_config_settings:
|
service_config_settings:
|
||||||
keystone:
|
|
||||||
ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
|
|
||||||
ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
|
|
||||||
ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
|
|
||||||
ironic::keystone::auth::auth_name: 'ironic'
|
|
||||||
ironic::keystone::auth::password: {get_param: IronicPassword }
|
|
||||||
ironic::keystone::auth::tenant: 'service'
|
|
||||||
ironic::keystone::auth::region: {get_param: KeystoneRegion}
|
|
||||||
mysql:
|
mysql:
|
||||||
ironic::db::mysql::password: {get_param: IronicPassword}
|
ironic::db::mysql::password: {get_param: IronicPassword}
|
||||||
ironic::db::mysql::user: ironic
|
ironic::db::mysql::user: ironic
|
||||||
|
|
|
@ -212,6 +212,17 @@ outputs:
|
||||||
proto: 'udp'
|
proto: 'udp'
|
||||||
chain: 'OUTPUT'
|
chain: 'OUTPUT'
|
||||||
dport: 547
|
dport: 547
|
||||||
|
keystone_resources:
|
||||||
|
ironic-inspector:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, IronicInspectorPublic, uri]}
|
||||||
|
internal: {get_param: [EndpointMap, IronicInspectorInternal, uri]}
|
||||||
|
admin: {get_param: [EndpointMap, IronicInspectorAdmin, uri]}
|
||||||
|
users:
|
||||||
|
ironic-inspector:
|
||||||
|
password: {get_param: IronicPassword}
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'baremetal-introspection'
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionIronicInspector}
|
monitoring_subscription: {get_param: MonitoringSubscriptionIronicInspector}
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
|
@ -314,13 +325,6 @@ outputs:
|
||||||
- ironic::inspector::tftp_root: /var/lib/ironic/tftpboot
|
- ironic::inspector::tftp_root: /var/lib/ironic/tftpboot
|
||||||
- ironic::inspector::http_root: /var/lib/ironic/httpboot
|
- ironic::inspector::http_root: /var/lib/ironic/httpboot
|
||||||
service_config_settings:
|
service_config_settings:
|
||||||
keystone:
|
|
||||||
ironic::keystone::auth_inspector::tenant: 'service'
|
|
||||||
ironic::keystone::auth_inspector::public_url: {get_param: [EndpointMap, IronicInspectorPublic, uri]}
|
|
||||||
ironic::keystone::auth_inspector::internal_url: {get_param: [EndpointMap, IronicInspectorInternal, uri]}
|
|
||||||
ironic::keystone::auth_inspector::admin_url: {get_param: [EndpointMap, IronicInspectorAdmin, uri]}
|
|
||||||
ironic::keystone::auth_inspector::password: {get_param: IronicPassword}
|
|
||||||
ironic::keystone::auth_inspector::region: {get_param: KeystoneRegion}
|
|
||||||
mysql:
|
mysql:
|
||||||
ironic::inspector::db::mysql::password: {get_param: IronicPassword}
|
ironic::inspector::db::mysql::password: {get_param: IronicPassword}
|
||||||
ironic::inspector::db::mysql::user: ironic-inspector
|
ironic::inspector::db::mysql::user: ironic-inspector
|
||||||
|
|
|
@ -349,6 +349,7 @@ outputs:
|
||||||
- {}
|
- {}
|
||||||
- keystone::cors::allowed_origin: {get_param: KeystoneCorsAllowedOrigin}
|
- keystone::cors::allowed_origin: {get_param: KeystoneCorsAllowedOrigin}
|
||||||
- keystone_enable_member: {get_param: KeystoneEnableMember}
|
- keystone_enable_member: {get_param: KeystoneEnableMember}
|
||||||
|
- keystone_resources_managed: false
|
||||||
- keystone::database_connection:
|
- keystone::database_connection:
|
||||||
make_url:
|
make_url:
|
||||||
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
|
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
|
||||||
|
@ -712,6 +713,40 @@ outputs:
|
||||||
username: admin
|
username: admin
|
||||||
identity_api_version: '3'
|
identity_api_version: '3'
|
||||||
region_name: {get_param: KeystoneRegion}
|
region_name: {get_param: KeystoneRegion}
|
||||||
|
- name: Manage Keystone resources
|
||||||
|
become: true
|
||||||
|
when:
|
||||||
|
- step|int == 4
|
||||||
|
- not ansible_check_mode|bool
|
||||||
|
block:
|
||||||
|
- name: Manage Keystone resources for OpenStack services
|
||||||
|
include_role:
|
||||||
|
name: tripleo-keystone-resources
|
||||||
|
vars:
|
||||||
|
tripleo_keystone_resources_catalog_config: "{{ keystone_resources }}"
|
||||||
|
tripleo_keystone_resources_service_project: 'service'
|
||||||
|
tripleo_keystone_resources_cloud_name: {get_param: RootStackName}
|
||||||
|
tripleo_keystone_resources_region: {get_param: KeystoneRegion}
|
||||||
|
tripleo_keystone_resources_admin_endpoint: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||||
|
tripleo_keystone_resources_public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||||
|
tripleo_keystone_resources_internal_endpoint: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||||
|
tripleo_keystone_resources_admin_password: {get_param: AdminPassword}
|
||||||
|
tripleo_keystone_resources_member_role_enabled: {get_param: KeystoneEnableMember}
|
||||||
|
- name: is Keystone LDAP enabled
|
||||||
|
set_fact:
|
||||||
|
keystone_ldap_domain_enabled: {get_param: KeystoneLDAPDomainEnable}
|
||||||
|
- name: Set fact for tripleo_keystone_ldap_domains
|
||||||
|
set_fact:
|
||||||
|
tripleo_keystone_ldap_domains: {get_param: KeystoneLDAPBackendConfigs}
|
||||||
|
when: keystone_ldap_domain_enabled|bool
|
||||||
|
- name: Manage Keystone domains from LDAP config
|
||||||
|
when: keystone_ldap_domain_enabled|bool
|
||||||
|
include_role:
|
||||||
|
name: tripleo-keystone-resources
|
||||||
|
tasks_from: domains
|
||||||
|
vars:
|
||||||
|
tripleo_keystone_resources_catalog_config: "{{ keystone_resources }}"
|
||||||
|
batched_tripleo_keystone_resources_domains: "{{ tripleo_keystone_ldap_domains | list }}"
|
||||||
deploy_steps_tasks:
|
deploy_steps_tasks:
|
||||||
- name: validate keystone service state
|
- name: validate keystone service state
|
||||||
when:
|
when:
|
||||||
|
@ -732,7 +767,7 @@ outputs:
|
||||||
# Keystone endpoint creation occurs only on single node
|
# Keystone endpoint creation occurs only on single node
|
||||||
step_3:
|
step_3:
|
||||||
config_volume: 'keystone_init_tasks'
|
config_volume: 'keystone_init_tasks'
|
||||||
puppet_tags: 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain,keystone_puppet_config'
|
puppet_tags: 'keystone_config'
|
||||||
step_config: 'include ::tripleo::profile::base::keystone'
|
step_config: 'include ::tripleo::profile::base::keystone'
|
||||||
config_image: *keystone_config_image
|
config_image: *keystone_config_image
|
||||||
host_prep_tasks: {get_attr: [KeystoneLogging, host_prep_tasks]}
|
host_prep_tasks: {get_attr: [KeystoneLogging, host_prep_tasks]}
|
||||||
|
|
|
@ -99,6 +99,27 @@ outputs:
|
||||||
dport:
|
dport:
|
||||||
- 8786
|
- 8786
|
||||||
- 13786
|
- 13786
|
||||||
|
keystone_resources:
|
||||||
|
manila:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, ManilaV1Public, uri]}
|
||||||
|
internal: {get_param: [EndpointMap, ManilaV1Internal, uri]}
|
||||||
|
admin: {get_param: [EndpointMap, ManilaV1Admin, uri]}
|
||||||
|
users:
|
||||||
|
manila:
|
||||||
|
password: {get_param: ManilaPassword}
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'share'
|
||||||
|
manilav2:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, ManilaPublic, uri]}
|
||||||
|
internal: {get_param: [EndpointMap, ManilaInternal, uri]}
|
||||||
|
admin: {get_param: [EndpointMap, ManilaAdmin, uri]}
|
||||||
|
users:
|
||||||
|
manilav2:
|
||||||
|
password: {get_param: ManilaPassword}
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'sharev2'
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionManilaApi}
|
monitoring_subscription: {get_param: MonitoringSubscriptionManilaApi}
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
|
@ -142,19 +163,7 @@ outputs:
|
||||||
- manila_workers_zero
|
- manila_workers_zero
|
||||||
- {}
|
- {}
|
||||||
- manila::wsgi::apache::workers: {get_param: ManilaWorkers}
|
- manila::wsgi::apache::workers: {get_param: ManilaWorkers}
|
||||||
service_config_settings:
|
service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]}
|
||||||
map_merge:
|
|
||||||
- get_attr: [ManilaBase, role_data, service_config_settings]
|
|
||||||
- keystone:
|
|
||||||
manila::keystone::auth::tenant: 'service'
|
|
||||||
manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]}
|
|
||||||
manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]}
|
|
||||||
manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]}
|
|
||||||
manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]}
|
|
||||||
manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]}
|
|
||||||
manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]}
|
|
||||||
manila::keystone::auth::password: {get_param: ManilaPassword}
|
|
||||||
manila::keystone::auth::region: {get_param: KeystoneRegion}
|
|
||||||
# BEGIN DOCKER SETTINGS #
|
# BEGIN DOCKER SETTINGS #
|
||||||
puppet_config:
|
puppet_config:
|
||||||
config_volume: manila
|
config_volume: manila
|
||||||
|
|
|
@ -60,6 +60,14 @@ parameters:
|
||||||
default: ''
|
default: ''
|
||||||
description: Indicate whether this resource may be shared with the domain received in the request
|
description: Indicate whether this resource may be shared with the domain received in the request
|
||||||
"origin" header.
|
"origin" header.
|
||||||
|
MistralPassword:
|
||||||
|
description: The password for the Mistral service and db account, used by the Mistral services.
|
||||||
|
type: string
|
||||||
|
hidden: true
|
||||||
|
KeystoneRegion:
|
||||||
|
type: string
|
||||||
|
default: 'regionOne'
|
||||||
|
description: Keystone region for endpoint
|
||||||
|
|
||||||
conditions:
|
conditions:
|
||||||
mistral_workers_zero: {equals : [{get_param: MistralWorkers}, 0]}
|
mistral_workers_zero: {equals : [{get_param: MistralWorkers}, 0]}
|
||||||
|
@ -93,6 +101,17 @@ outputs:
|
||||||
dport:
|
dport:
|
||||||
- 8989
|
- 8989
|
||||||
- 13989
|
- 13989
|
||||||
|
keystone_resources:
|
||||||
|
mistral:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, MistralPublic, uri]}
|
||||||
|
internal: {get_param: [EndpointMap, MistralInternal, uri]}
|
||||||
|
admin: {get_param: [EndpointMap, MistralAdmin, uri]}
|
||||||
|
users:
|
||||||
|
mistral:
|
||||||
|
password: {get_param: MistralPassword}
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'workflowv2'
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
- get_attr: [MistralBase, role_data, config_settings]
|
- get_attr: [MistralBase, role_data, config_settings]
|
||||||
|
|
|
@ -50,10 +50,6 @@ parameters:
|
||||||
description: The password for the Mistral service and db account, used by the Mistral services.
|
description: The password for the Mistral service and db account, used by the Mistral services.
|
||||||
type: string
|
type: string
|
||||||
hidden: true
|
hidden: true
|
||||||
KeystoneRegion:
|
|
||||||
type: string
|
|
||||||
default: 'regionOne'
|
|
||||||
description: Keystone region for endpoint
|
|
||||||
NotificationDriver:
|
NotificationDriver:
|
||||||
type: string
|
type: string
|
||||||
default: 'messagingv2'
|
default: 'messagingv2'
|
||||||
|
@ -109,13 +105,6 @@ outputs:
|
||||||
- - {get_param: [EndpointMap, KeystoneV3Internal, uri]}
|
- - {get_param: [EndpointMap, KeystoneV3Internal, uri]}
|
||||||
- '/ec2tokens'
|
- '/ec2tokens'
|
||||||
service_config_settings:
|
service_config_settings:
|
||||||
keystone:
|
|
||||||
mistral::keystone::auth::tenant: 'service'
|
|
||||||
mistral::keystone::auth::public_url: {get_param: [EndpointMap, MistralPublic, uri]}
|
|
||||||
mistral::keystone::auth::internal_url: {get_param: [EndpointMap, MistralInternal, uri]}
|
|
||||||
mistral::keystone::auth::admin_url: {get_param: [EndpointMap, MistralAdmin, uri]}
|
|
||||||
mistral::keystone::auth::password: {get_param: MistralPassword}
|
|
||||||
mistral::keystone::auth::region: {get_param: KeystoneRegion}
|
|
||||||
mysql:
|
mysql:
|
||||||
mistral::db::mysql::user: mistral
|
mistral::db::mysql::user: mistral
|
||||||
mistral::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
mistral::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
||||||
|
|
|
@ -229,6 +229,17 @@ outputs:
|
||||||
dport:
|
dport:
|
||||||
- 9696
|
- 9696
|
||||||
- 13696
|
- 13696
|
||||||
|
keystone_resources:
|
||||||
|
neutron:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, NeutronPublic, uri]}
|
||||||
|
internal: {get_param: [EndpointMap, NeutronInternal, uri]}
|
||||||
|
admin: {get_param: [EndpointMap, NeutronAdmin, uri]}
|
||||||
|
users:
|
||||||
|
neutron:
|
||||||
|
password: {get_param: NeutronPassword}
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'network'
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer}
|
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer}
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
|
@ -373,13 +384,6 @@ outputs:
|
||||||
rsyslog:
|
rsyslog:
|
||||||
tripleo_logging_sources_neutron_api:
|
tripleo_logging_sources_neutron_api:
|
||||||
- {get_param: NeutronApiLoggingSource}
|
- {get_param: NeutronApiLoggingSource}
|
||||||
keystone:
|
|
||||||
neutron::keystone::auth::tenant: 'service'
|
|
||||||
neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
|
|
||||||
neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
|
|
||||||
neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
|
|
||||||
neutron::keystone::auth::password: {get_param: NeutronPassword}
|
|
||||||
neutron::keystone::auth::region: {get_param: KeystoneRegion}
|
|
||||||
mysql:
|
mysql:
|
||||||
neutron::db::mysql::password: {get_param: NeutronPassword}
|
neutron::db::mysql::password: {get_param: NeutronPassword}
|
||||||
neutron::db::mysql::user: neutron
|
neutron::db::mysql::user: neutron
|
||||||
|
|
|
@ -151,6 +151,20 @@ outputs:
|
||||||
dport:
|
dport:
|
||||||
- 8774
|
- 8774
|
||||||
- 13774
|
- 13774
|
||||||
|
keystone_resources:
|
||||||
|
nova:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, NovaPublic, uri]}
|
||||||
|
internal: {get_param: [EndpointMap, NovaInternal, uri]}
|
||||||
|
admin: {get_param: [EndpointMap, NovaAdmin, uri]}
|
||||||
|
users:
|
||||||
|
nova:
|
||||||
|
roles:
|
||||||
|
- admin
|
||||||
|
- service
|
||||||
|
password: {get_param: NovaPassword}
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'compute'
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionNovaApi}
|
monitoring_subscription: {get_param: MonitoringSubscriptionNovaApi}
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
|
@ -225,14 +239,6 @@ outputs:
|
||||||
nova::db::mysql_api::allowed_hosts:
|
nova::db::mysql_api::allowed_hosts:
|
||||||
- '%'
|
- '%'
|
||||||
- "%{hiera('mysql_bind_host')}"
|
- "%{hiera('mysql_bind_host')}"
|
||||||
keystone:
|
|
||||||
nova::keystone::auth::tenant: 'service'
|
|
||||||
nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
|
|
||||||
nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
|
|
||||||
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
|
|
||||||
nova::keystone::auth::password: {get_param: NovaPassword}
|
|
||||||
nova::keystone::auth::region: {get_param: KeystoneRegion}
|
|
||||||
nova::keystone::auth::roles: ['admin', 'service']
|
|
||||||
# BEGIN DOCKER SETTINGS
|
# BEGIN DOCKER SETTINGS
|
||||||
puppet_config:
|
puppet_config:
|
||||||
config_volume: nova
|
config_volume: nova
|
||||||
|
|
|
@ -172,13 +172,6 @@ outputs:
|
||||||
rsyslog:
|
rsyslog:
|
||||||
tripleo_logging_sources_nova_metadata:
|
tripleo_logging_sources_nova_metadata:
|
||||||
- {get_param: NovaMetadataLoggingSource}
|
- {get_param: NovaMetadataLoggingSource}
|
||||||
keystone:
|
|
||||||
nova::keystone::auth::tenant: 'service'
|
|
||||||
nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
|
|
||||||
nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
|
|
||||||
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
|
|
||||||
nova::keystone::auth::password: {get_param: NovaPassword}
|
|
||||||
nova::keystone::auth::region: {get_param: KeystoneRegion}
|
|
||||||
mysql:
|
mysql:
|
||||||
map_merge:
|
map_merge:
|
||||||
- {get_attr: [NovaBase, role_data, service_config_settings, mysql]}
|
- {get_attr: [NovaBase, role_data, service_config_settings, mysql]}
|
||||||
|
|
|
@ -98,6 +98,22 @@ outputs:
|
||||||
'119 novajoin':
|
'119 novajoin':
|
||||||
dport:
|
dport:
|
||||||
- 9090
|
- 9090
|
||||||
|
keystone_resources:
|
||||||
|
novajoin:
|
||||||
|
endpoints:
|
||||||
|
public: &novajoin_endpoint
|
||||||
|
str_replace:
|
||||||
|
template:
|
||||||
|
"http://%{hiera('novajoin_network')}:9090/v1/"
|
||||||
|
params:
|
||||||
|
novajoin_network: {get_param: [ServiceNetMap, NovajoinNetwork]}
|
||||||
|
internal: *novajoin_endpoint
|
||||||
|
admin: *novajoin_endpoint
|
||||||
|
users:
|
||||||
|
novajoin:
|
||||||
|
password: {get_param: NovajoinPassword}
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'compute-vendordata-plugin'
|
||||||
config_settings:
|
config_settings:
|
||||||
tripleo::profile::base::novajoin::oslomsg_rpc_password: {get_param: RpcPassword}
|
tripleo::profile::base::novajoin::oslomsg_rpc_password: {get_param: RpcPassword}
|
||||||
tripleo::profile::base::novajoin::oslomsg_rpc_port: {get_param: RabbitClientPort}
|
tripleo::profile::base::novajoin::oslomsg_rpc_port: {get_param: RabbitClientPort}
|
||||||
|
@ -124,19 +140,6 @@ outputs:
|
||||||
nova::metadata::novajoin::authtoken::project_name: 'service'
|
nova::metadata::novajoin::authtoken::project_name: 'service'
|
||||||
nova::metadata::novajoin::policy::policies: {get_param: NovajoinPolicies}
|
nova::metadata::novajoin::policy::policies: {get_param: NovajoinPolicies}
|
||||||
service_config_settings:
|
service_config_settings:
|
||||||
keystone:
|
|
||||||
nova::metadata::novajoin::auth::tenant: 'service'
|
|
||||||
nova::metadata::novajoin::auth::password: {get_param: NovajoinPassword}
|
|
||||||
nova::metadata::novajoin::auth::region: {get_param: KeystoneRegion}
|
|
||||||
nova::metadata::novajoin::auth::configure_endpoint: true
|
|
||||||
nova::metadata::novajoin::auth::public_url: &novajoin_endpoint
|
|
||||||
str_replace:
|
|
||||||
template:
|
|
||||||
"http://%{hiera('novajoin_network')}:9090/v1/"
|
|
||||||
params:
|
|
||||||
novajoin_network: {get_param: [ServiceNetMap, NovajoinNetwork]}
|
|
||||||
nova::metadata::novajoin::auth::internal_url: *novajoin_endpoint
|
|
||||||
nova::metadata::novajoin::auth::admin_url: *novajoin_endpoint
|
|
||||||
nova_metadata: &nova_vendordata
|
nova_metadata: &nova_vendordata
|
||||||
novajoin_address: *novajoin_address
|
novajoin_address: *novajoin_address
|
||||||
nova::vendordata::vendordata_jsonfile_path: '/etc/novajoin/cloud-config-novajoin.json'
|
nova::vendordata::vendordata_jsonfile_path: '/etc/novajoin/cloud-config-novajoin.json'
|
||||||
|
|
|
@ -130,6 +130,17 @@ outputs:
|
||||||
dport:
|
dport:
|
||||||
- 9876
|
- 9876
|
||||||
- 13876
|
- 13876
|
||||||
|
keystone_resources:
|
||||||
|
octavia:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, OctaviaPublic, uri]}
|
||||||
|
internal: {get_param: [EndpointMap, OctaviaInternal, uri]}
|
||||||
|
admin: {get_param: [EndpointMap, OctaviaAdmin, uri]}
|
||||||
|
users:
|
||||||
|
octavia:
|
||||||
|
password: {get_param: OctaviaPassword}
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'load-balancer'
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaApi}
|
monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaApi}
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
|
@ -185,13 +196,6 @@ outputs:
|
||||||
rsyslog:
|
rsyslog:
|
||||||
tripleo_logging_sources_octavia_api:
|
tripleo_logging_sources_octavia_api:
|
||||||
- {get_param: OctaviaApiLoggingSource}
|
- {get_param: OctaviaApiLoggingSource}
|
||||||
keystone:
|
|
||||||
octavia::keystone::auth::tenant: {get_param: OctaviaProjectName}
|
|
||||||
octavia::keystone::auth::public_url: {get_param: [EndpointMap, OctaviaPublic, uri]}
|
|
||||||
octavia::keystone::auth::internal_url: { get_param: [ EndpointMap, OctaviaInternal, uri ] }
|
|
||||||
octavia::keystone::auth::admin_url: { get_param: [ EndpointMap, OctaviaAdmin, uri ] }
|
|
||||||
octavia::keystone::auth::password: {get_param: OctaviaPassword}
|
|
||||||
octavia::keystone::auth::region: {get_param: KeystoneRegion}
|
|
||||||
mysql:
|
mysql:
|
||||||
octavia::db::mysql::password: {get_param: OctaviaPassword}
|
octavia::db::mysql::password: {get_param: OctaviaPassword}
|
||||||
octavia::db::mysql::user: {get_param: OctaviaUserName}
|
octavia::db::mysql::user: {get_param: OctaviaUserName}
|
||||||
|
|
|
@ -115,6 +115,17 @@ outputs:
|
||||||
dport:
|
dport:
|
||||||
- 8778
|
- 8778
|
||||||
- 13778
|
- 13778
|
||||||
|
keystone_resources:
|
||||||
|
placement:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, PlacementPublic, uri]}
|
||||||
|
internal: {get_param: [EndpointMap, PlacementInternal, uri]}
|
||||||
|
admin: {get_param: [EndpointMap, PlacementAdmin, uri]}
|
||||||
|
users:
|
||||||
|
placement:
|
||||||
|
password: {get_param: PlacementPassword}
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'placement'
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
- get_attr: [PlacementLogging, config_settings]
|
- get_attr: [PlacementLogging, config_settings]
|
||||||
|
@ -173,13 +184,6 @@ outputs:
|
||||||
- rsyslog:
|
- rsyslog:
|
||||||
tripleo_logging_sources_placement:
|
tripleo_logging_sources_placement:
|
||||||
- {get_param: PlacementLoggingSource}
|
- {get_param: PlacementLoggingSource}
|
||||||
keystone:
|
|
||||||
placement::keystone::auth::tenant: 'service'
|
|
||||||
placement::keystone::auth::public_url: {get_param: [EndpointMap, PlacementPublic, uri]}
|
|
||||||
placement::keystone::auth::internal_url: {get_param: [EndpointMap, PlacementInternal, uri]}
|
|
||||||
placement::keystone::auth::admin_url: {get_param: [EndpointMap, PlacementAdmin, uri]}
|
|
||||||
placement::keystone::auth::password: {get_param: PlacementPassword}
|
|
||||||
placement::keystone::auth::region: {get_param: KeystoneRegion}
|
|
||||||
mysql:
|
mysql:
|
||||||
placement::db::mysql::password: {get_param: PlacementPassword}
|
placement::db::mysql::password: {get_param: PlacementPassword}
|
||||||
placement::db::mysql::user: placement
|
placement::db::mysql::user: placement
|
||||||
|
|
|
@ -91,6 +91,17 @@ outputs:
|
||||||
dport:
|
dport:
|
||||||
- 8386
|
- 8386
|
||||||
- 13386
|
- 13386
|
||||||
|
keystone_resources:
|
||||||
|
sahara:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, SaharaPublic, uri]}
|
||||||
|
internal: {get_param: [EndpointMap, SaharaInternal, uri]}
|
||||||
|
admin: {get_param: [EndpointMap, SaharaAdmin, uri]}
|
||||||
|
users:
|
||||||
|
sahara:
|
||||||
|
password: {get_param: SaharaPassword}
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'data-processing'
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionSaharaApi}
|
monitoring_subscription: {get_param: MonitoringSubscriptionSaharaApi}
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
|
@ -114,13 +125,6 @@ outputs:
|
||||||
rsyslog:
|
rsyslog:
|
||||||
tripleo_logging_sources_sahara_api:
|
tripleo_logging_sources_sahara_api:
|
||||||
- {get_param: SaharaApiLoggingSource}
|
- {get_param: SaharaApiLoggingSource}
|
||||||
keystone:
|
|
||||||
sahara::keystone::auth::tenant: 'service'
|
|
||||||
sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]}
|
|
||||||
sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]}
|
|
||||||
sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]}
|
|
||||||
sahara::keystone::auth::password: {get_param: SaharaPassword }
|
|
||||||
sahara::keystone::auth::region: {get_param: KeystoneRegion}
|
|
||||||
mysql:
|
mysql:
|
||||||
sahara::db::mysql::password: {get_param: SaharaPassword}
|
sahara::db::mysql::password: {get_param: SaharaPassword}
|
||||||
sahara::db::mysql::user: sahara
|
sahara::db::mysql::user: sahara
|
||||||
|
|
|
@ -92,32 +92,29 @@ outputs:
|
||||||
|
|
||||||
step_config:
|
step_config:
|
||||||
|
|
||||||
service_config_settings:
|
keystone_resources:
|
||||||
keystone:
|
swift:
|
||||||
swift::keystone::auth::public_url:
|
endpoints:
|
||||||
if:
|
public:
|
||||||
- deprecated_external_public_url
|
if:
|
||||||
- {get_param: ExternalPublicUrl}
|
- deprecated_external_public_url
|
||||||
- {get_param: ExternalSwiftPublicUrl}
|
- {get_param: ExternalPublicUrl}
|
||||||
swift::keystone::auth::internal_url:
|
- {get_param: ExternalSwiftPublicUrl}
|
||||||
if:
|
internal:
|
||||||
- deprecated_external_internal_url
|
if:
|
||||||
- {get_param: ExternalInternalUrl}
|
- deprecated_external_internal_url
|
||||||
- {get_param: ExternalSwiftInternalUrl}
|
- {get_param: ExternalInternalUrl}
|
||||||
swift::keystone::auth::admin_url:
|
- {get_param: ExternalSwiftInternalUrl}
|
||||||
if:
|
admin:
|
||||||
- deprecated_external_admin_url
|
if:
|
||||||
- {get_param: ExternalAdminUrl}
|
- deprecated_external_admin_url
|
||||||
- {get_param: ExternalSwiftAdminUrl}
|
- {get_param: ExternalAdminUrl}
|
||||||
swift::keystone::auth::public_url_s3: ''
|
- {get_param: ExternalSwiftAdminUrl}
|
||||||
swift::keystone::auth::internal_url_s3: ''
|
users:
|
||||||
swift::keystone::auth::admin_url_s3: ''
|
swift:
|
||||||
swift::keystone::auth::password: {get_param: SwiftPassword}
|
password: {get_param: SwiftPassword}
|
||||||
swift::keystone::auth::region: {get_param: KeystoneRegion}
|
region: {get_param: KeystoneRegion}
|
||||||
swift::keystone::auth::tenant: {get_param: ExternalSwiftUserTenant}
|
service: 'object-store'
|
||||||
swift::keystone::auth::configure_s3_endpoint: false
|
roles:
|
||||||
swift::keystone::auth::operator_roles:
|
|
||||||
- admin
|
|
||||||
- swiftoperator
|
- swiftoperator
|
||||||
- ResellerAdmin
|
- ResellerAdmin
|
||||||
|
|
||||||
|
|
|
@ -131,6 +131,20 @@ outputs:
|
||||||
dport:
|
dport:
|
||||||
- 8080
|
- 8080
|
||||||
- 13808
|
- 13808
|
||||||
|
keystone_resources:
|
||||||
|
swift:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, SwiftPublic, uri]}
|
||||||
|
internal: {get_param: [EndpointMap, SwiftInternal, uri]}
|
||||||
|
admin: {get_param: [EndpointMap, SwiftAdmin, uri]}
|
||||||
|
users:
|
||||||
|
swift:
|
||||||
|
password: {get_param: SwiftPassword}
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'object-store'
|
||||||
|
roles:
|
||||||
|
- swiftoperator
|
||||||
|
- ResellerAdmin
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionSwiftProxy}
|
monitoring_subscription: {get_param: MonitoringSubscriptionSwiftProxy}
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
|
@ -253,22 +267,6 @@ outputs:
|
||||||
"%{hiera('$NETWORK')}"
|
"%{hiera('$NETWORK')}"
|
||||||
params:
|
params:
|
||||||
$NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
|
$NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
|
||||||
service_config_settings:
|
|
||||||
keystone:
|
|
||||||
swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
|
|
||||||
swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
|
|
||||||
swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
|
|
||||||
swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
|
|
||||||
swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
|
|
||||||
swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
|
|
||||||
swift::keystone::auth::password: {get_param: SwiftPassword}
|
|
||||||
swift::keystone::auth::region: {get_param: KeystoneRegion}
|
|
||||||
swift::keystone::auth::tenant: 'service'
|
|
||||||
swift::keystone::auth::configure_s3_endpoint: false
|
|
||||||
swift::keystone::auth::operator_roles:
|
|
||||||
- admin
|
|
||||||
- swiftoperator
|
|
||||||
- ResellerAdmin
|
|
||||||
# BEGIN DOCKER SETTINGS
|
# BEGIN DOCKER SETTINGS
|
||||||
puppet_config:
|
puppet_config:
|
||||||
config_volume: swift
|
config_volume: swift
|
||||||
|
|
|
@ -80,6 +80,10 @@ parameters:
|
||||||
type: json
|
type: json
|
||||||
description: Mapping of service endpoint -> protocol. Typically set
|
description: Mapping of service endpoint -> protocol. Typically set
|
||||||
via parameter_defaults in the resource registry.
|
via parameter_defaults in the resource registry.
|
||||||
|
KeystoneRegion:
|
||||||
|
type: string
|
||||||
|
default: 'regionOne'
|
||||||
|
description: Keystone region for endpoint
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
role_data:
|
role_data:
|
||||||
|
@ -100,7 +104,27 @@ outputs:
|
||||||
service_config_settings:
|
service_config_settings:
|
||||||
rabbitmq:
|
rabbitmq:
|
||||||
vrts_rabbitmq_passwd: {get_param: VrtsRabbitPassword}
|
vrts_rabbitmq_passwd: {get_param: VrtsRabbitPassword}
|
||||||
keystone:
|
|
||||||
vrts_keystone_passwd: {get_param: VrtsKeystonePassword}
|
|
||||||
mysql:
|
mysql:
|
||||||
vrts_mysql_passwd: {get_param: VrtsMysqlPassword}
|
vrts_mysql_passwd: {get_param: VrtsMysqlPassword}
|
||||||
|
keystone_resources:
|
||||||
|
hyperscale:
|
||||||
|
# Replicating what was done with Puppet manifest:
|
||||||
|
# https://github.com/vtas-hyperscale-ci/puppet-veritas_hyperscale/blob/7c7868adb027c5bcfdcb6fc9d86610470759ae28/manifests/hs_keystone.pp#L17
|
||||||
|
# Moving forward, we should have the Veritas part of EndpointMap so the service
|
||||||
|
# can live outside of the Keystone node.
|
||||||
|
endpoints:
|
||||||
|
public: &veritas_endpoint
|
||||||
|
make_url:
|
||||||
|
scheme: {get_param: [EndpointMap, KeystoneAdmin, protocol]}
|
||||||
|
host: {get_param: [EndpointMap, KeystoneAdmin, host]}
|
||||||
|
port: 8753
|
||||||
|
path: /v1/%(tenant_id)s
|
||||||
|
internal: *veritas_endpoint
|
||||||
|
admin: *veritas_endpoint
|
||||||
|
users:
|
||||||
|
hyperscale:
|
||||||
|
password: {get_param: VrtsKeystonePassword}
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'infrastructure'
|
||||||
|
roles:
|
||||||
|
- infra_admin
|
||||||
|
|
|
@ -123,6 +123,27 @@ outputs:
|
||||||
- 8888
|
- 8888
|
||||||
- 3000 #SSL for websocket
|
- 3000 #SSL for websocket
|
||||||
- 13888 #SSL for api
|
- 13888 #SSL for api
|
||||||
|
keystone_resources:
|
||||||
|
zaqar:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, ZaqarPublic, uri]}
|
||||||
|
internal: {get_param: [EndpointMap, ZaqarInternal, uri]}
|
||||||
|
admin: {get_param: [EndpointMap, ZaqarAdmin, uri]}
|
||||||
|
users:
|
||||||
|
zaqar:
|
||||||
|
password: {get_param: ZaqarPassword}
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'messaging'
|
||||||
|
zaqar-websocket:
|
||||||
|
endpoints:
|
||||||
|
public: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]}
|
||||||
|
internal: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
|
||||||
|
admin: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]}
|
||||||
|
users:
|
||||||
|
zaqar-websocket:
|
||||||
|
password: {get_param: ZaqarPassword}
|
||||||
|
region: {get_param: KeystoneRegion}
|
||||||
|
service: 'messaging-websocket'
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||||
|
@ -221,18 +242,6 @@ outputs:
|
||||||
service_config_settings:
|
service_config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
- keystone:
|
- keystone:
|
||||||
zaqar::keystone::auth::password: {get_param: ZaqarPassword}
|
|
||||||
zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]}
|
|
||||||
zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]}
|
|
||||||
zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]}
|
|
||||||
zaqar::keystone::auth::region: {get_param: KeystoneRegion}
|
|
||||||
zaqar::keystone::auth::tenant: 'service'
|
|
||||||
zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword}
|
|
||||||
zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]}
|
|
||||||
zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]}
|
|
||||||
zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
|
|
||||||
zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion}
|
|
||||||
zaqar::keystone::auth_websocket::tenant: 'service'
|
|
||||||
zaqar::keystone::trust::password: {get_param: ZaqarPassword}
|
zaqar::keystone::trust::password: {get_param: ZaqarPassword}
|
||||||
zaqar::keystone::trust::user_domain_name: 'Default'
|
zaqar::keystone::trust::user_domain_name: 'Default'
|
||||||
-
|
-
|
||||||
|
|
|
@ -1130,6 +1130,11 @@ resources:
|
||||||
- add_vips_to_etc_hosts
|
- add_vips_to_etc_hosts
|
||||||
- {get_attr: [VipHosts, value]}
|
- {get_attr: [VipHosts, value]}
|
||||||
- ''
|
- ''
|
||||||
|
KeystoneResourcesConfigs:
|
||||||
|
map_merge:
|
||||||
|
{% for role in roles %}
|
||||||
|
- get_attr: [{{role.name}}ServiceChainRoleData, value, keystone_resources]
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
ManagedEndpoints:
|
ManagedEndpoints:
|
||||||
|
|
Loading…
Reference in New Issue