Manage all Keystone resources with Ansible
Depends-On: I557d8f33c9c699aed14b3b6fc1d1c0407365cd08 Depends-On: Ia68f8852662fb4abbd194954a246afb740bf3f71 Change-Id: I96a3351fca26cd8bb122a86cb4c3a58d5f88573e
This commit is contained in:
parent
914ca3eb28
commit
7f40baabcd
|
@ -218,6 +218,10 @@ parameters:
|
|||
default: []
|
||||
description: List of VIP (virtual IP) hosts entries to be appended to /etc/hosts
|
||||
type: comma_delimited_list
|
||||
KeystoneResourcesConfigs:
|
||||
description: The keystone resources config.
|
||||
type: json
|
||||
default: {}
|
||||
|
||||
conditions:
|
||||
{% for role in enabled_roles %}
|
||||
|
@ -389,6 +393,7 @@ outputs:
|
|||
undercloud_hosts_entries: {get_param: UndercloudHostsEntries}
|
||||
extra_hosts_entries: {get_param: ExtraHostsEntries}
|
||||
vip_hosts_entries: {get_param: VipHostsEntries}
|
||||
keystone_resources: {get_param: KeystoneResourcesConfigs}
|
||||
common_deploy_steps_tasks: {get_file: deploy-steps-tasks.yaml}
|
||||
deploy_steps_tasks_step_0: {get_file: deploy-steps-tasks-step-0.yaml}
|
||||
common_deploy_steps_tasks_step_1: {get_file: deploy-steps-tasks-step-1.yaml}
|
||||
|
|
|
@ -133,6 +133,16 @@ resources:
|
|||
expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('global_config_settings')).where($ != null))
|
||||
data: {role_data: {get_attr: [ServiceChain, role_data]}}
|
||||
|
||||
KeystoneResourcesConfigs:
|
||||
type: OS::Heat::Value
|
||||
properties:
|
||||
type: json
|
||||
value:
|
||||
map_merge:
|
||||
yaql:
|
||||
expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('keystone_resources')).where($ != null))
|
||||
data: {role_data: {get_attr: [ServiceChain, role_data]}}
|
||||
|
||||
ServiceConfigSettings:
|
||||
type: OS::Heat::Value
|
||||
properties:
|
||||
|
@ -381,6 +391,7 @@ outputs:
|
|||
upgrade_batch_tasks: {get_attr: [UpgradeBatchTasks, value]}
|
||||
service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]}
|
||||
ansible_group_vars: {get_attr: [AnsibleGroupVars, value]}
|
||||
keystone_resources: {get_attr: [KeystoneResourcesConfigs, value]}
|
||||
|
||||
# Keys to support docker/services
|
||||
puppet_config: {get_attr: [PuppetConfig, value]}
|
||||
|
|
|
@ -52,6 +52,14 @@ parameters:
|
|||
e.g. { aodh-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
||||
default: {}
|
||||
type: json
|
||||
KeystoneRegion:
|
||||
type: string
|
||||
default: 'regionOne'
|
||||
description: Keystone region for endpoint
|
||||
AodhPassword:
|
||||
description: The password for the aodh services.
|
||||
type: string
|
||||
hidden: true
|
||||
|
||||
conditions:
|
||||
|
||||
|
@ -96,6 +104,17 @@ outputs:
|
|||
dport:
|
||||
- 8042
|
||||
- 13042
|
||||
keystone_resources:
|
||||
aodh:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, AodhPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, AodhInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, AodhAdmin, uri]}
|
||||
users:
|
||||
aodh:
|
||||
password: {get_param: AodhPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'alarming'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionAodhApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
|
|
@ -111,13 +111,6 @@ outputs:
|
|||
aodh::auth::auth_region: {get_param: KeystoneRegion}
|
||||
aodh::auth::auth_tenant_name: 'service'
|
||||
service_config_settings:
|
||||
keystone:
|
||||
aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]}
|
||||
aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]}
|
||||
aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]}
|
||||
aodh::keystone::auth::password: {get_param: AodhPassword}
|
||||
aodh::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
aodh::keystone::auth::tenant: 'service'
|
||||
mysql:
|
||||
aodh::db::mysql::user: aodh
|
||||
aodh::db::mysql::password: {get_param: AodhPassword}
|
||||
|
|
|
@ -192,6 +192,22 @@ outputs:
|
|||
dport:
|
||||
- 9311
|
||||
- 13311
|
||||
keystone_resources:
|
||||
barbican:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, BarbicanPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, BarbicanInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, BarbicanAdmin, uri]}
|
||||
users:
|
||||
barbican:
|
||||
password: {get_param: BarbicanPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'key-manager'
|
||||
roles:
|
||||
- key-manager:service-admin
|
||||
- creator
|
||||
- observer
|
||||
- audit
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||
|
@ -260,12 +276,6 @@ outputs:
|
|||
- '%'
|
||||
- "%{hiera('mysql_bind_host')}"
|
||||
keystone:
|
||||
barbican::keystone::auth::public_url: {get_param: [EndpointMap, BarbicanPublic, uri]}
|
||||
barbican::keystone::auth::internal_url: {get_param: [EndpointMap, BarbicanInternal, uri]}
|
||||
barbican::keystone::auth::admin_url: {get_param: [EndpointMap, BarbicanAdmin, uri]}
|
||||
barbican::keystone::auth::password: {get_param: BarbicanPassword}
|
||||
barbican::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
barbican::keystone::auth::tenant: 'service'
|
||||
tripleo::profile::base::keystone::barbican_notification_topics: ['barbican_notifications']
|
||||
nova_compute:
|
||||
nova::compute::keymgr_backend: >
|
||||
|
|
|
@ -52,6 +52,10 @@ parameters:
|
|||
default: false
|
||||
description: Whether to enable gnocchi usage.
|
||||
type: boolean
|
||||
CeilometerPassword:
|
||||
description: The password for the ceilometer service account.
|
||||
type: string
|
||||
hidden: true
|
||||
|
||||
conditions:
|
||||
ceilometer_enable_gnocchi: {equals: [{get_param: CeilometerEnableGnocchi}, True]}
|
||||
|
@ -77,6 +81,13 @@ outputs:
|
|||
value:
|
||||
service_name: ceilometer_agent_central
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCentral}
|
||||
keystone_resources:
|
||||
ceilometer:
|
||||
users:
|
||||
ceilometer:
|
||||
password: {get_param: CeilometerPassword}
|
||||
roles:
|
||||
- admin
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [CeilometerServiceBase, role_data, config_settings]
|
||||
|
|
|
@ -179,11 +179,5 @@ outputs:
|
|||
- {}
|
||||
service_config_settings:
|
||||
keystone:
|
||||
ceilometer_auth_enabled: true
|
||||
# NOTE(aschultz): no endpoints since ceilometer api removal
|
||||
ceilometer::keystone::auth::configure_endpoint: false
|
||||
ceilometer::keystone::auth::password: {get_param: CeilometerPassword}
|
||||
ceilometer::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
ceilometer::keystone::auth::tenant: 'service'
|
||||
# Enable default notification queue
|
||||
tripleo::profile::base::keystone::ceilometer_notification_topics: ["notifications"]
|
||||
|
|
|
@ -85,6 +85,22 @@ outputs:
|
|||
- dashboard_enabled
|
||||
- - '9100'
|
||||
- []
|
||||
keystone_resources:
|
||||
swift:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, CephRgwPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, CephRgwInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, CephRgwAdmin, uri]}
|
||||
users:
|
||||
swift:
|
||||
password: {get_param: SwiftPassword}
|
||||
roles:
|
||||
- admin
|
||||
- member
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'object-store'
|
||||
roles:
|
||||
- member
|
||||
upgrade_tasks: []
|
||||
puppet_config:
|
||||
config_image: ''
|
||||
|
@ -107,13 +123,3 @@ outputs:
|
|||
content: "{{ceph_ansible_group_vars_rgws|to_nice_yaml}}"
|
||||
external_update_tasks: {get_attr: [CephBase, role_data, external_update_tasks]}
|
||||
external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]}
|
||||
service_config_settings:
|
||||
keystone:
|
||||
ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]}
|
||||
ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
|
||||
ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
|
||||
ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
ceph::rgw::keystone::auth::roles: [ 'admin', 'member' ]
|
||||
ceph::rgw::keystone::auth::tenant: service
|
||||
ceph::rgw::keystone::auth::user: swift
|
||||
ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
|
||||
|
|
|
@ -78,6 +78,9 @@ parameters:
|
|||
type: string
|
||||
default: 'messagingv2'
|
||||
description: Driver or drivers to handle sending notifications.
|
||||
RootStackName:
|
||||
description: The name of the stack/plan.
|
||||
type: string
|
||||
|
||||
conditions:
|
||||
|
||||
|
@ -123,11 +126,46 @@ outputs:
|
|||
dport:
|
||||
- 8776
|
||||
- 13776
|
||||
keystone_resources:
|
||||
cinder:
|
||||
users:
|
||||
cinder:
|
||||
password: {get_param: CinderPassword}
|
||||
roles:
|
||||
- admin
|
||||
- service
|
||||
cinderv2:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, CinderV2Public, uri]}
|
||||
internal: {get_param: [EndpointMap, CinderV2Internal, uri]}
|
||||
admin: {get_param: [EndpointMap, CinderV2Admin, uri]}
|
||||
users:
|
||||
cinderv2:
|
||||
password: {get_param: CinderPassword}
|
||||
roles:
|
||||
- admin
|
||||
- service
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'volumev2'
|
||||
cinderv3:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, CinderV3Public, uri]}
|
||||
internal: {get_param: [EndpointMap, CinderV3Internal, uri]}
|
||||
admin: {get_param: [EndpointMap, CinderV3Admin, uri]}
|
||||
users:
|
||||
cinderv3:
|
||||
password: {get_param: CinderPassword}
|
||||
roles:
|
||||
- admin
|
||||
- service
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'volumev3'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionCinderApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [CinderBase, role_data, config_settings]
|
||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||
- keystone_resources_managed: false
|
||||
- cinder::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
|
@ -185,17 +223,6 @@ outputs:
|
|||
- rsyslog:
|
||||
tripleo_logging_sources_cinder_api:
|
||||
- {get_param: CinderApiLoggingSource}
|
||||
keystone:
|
||||
cinder::keystone::auth::tenant: 'service'
|
||||
cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
|
||||
cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
|
||||
cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
|
||||
cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]}
|
||||
cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]}
|
||||
cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]}
|
||||
cinder::keystone::auth::password: {get_param: CinderPassword}
|
||||
cinder::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
cinder::keystone::auth::roles: ['admin', 'service']
|
||||
mysql:
|
||||
cinder::db::mysql::password: {get_param: CinderPassword}
|
||||
cinder::db::mysql::user: cinder
|
||||
|
@ -413,3 +440,20 @@ outputs:
|
|||
when:
|
||||
- step|int == 8
|
||||
- is_bootstrap_node|bool
|
||||
external_deploy_tasks:
|
||||
- name: Manage Cinder Volume Type
|
||||
become: true
|
||||
vars:
|
||||
default_volume_type: {get_param: CinderDefaultVolumeType}
|
||||
environment:
|
||||
OS_CLOUD: {get_param: RootStackName}
|
||||
when:
|
||||
- step|int == 5
|
||||
- not ansible_check_mode|bool
|
||||
shell: |
|
||||
if ! openstack volume type show "{{ default_volume_type }}"; then
|
||||
openstack volume type create --public "{{ default_volume_type }}"
|
||||
fi
|
||||
args:
|
||||
executable: /bin/bash
|
||||
changed_when: false
|
||||
|
|
|
@ -84,6 +84,17 @@ outputs:
|
|||
dport:
|
||||
- 9001
|
||||
- 13001
|
||||
keystone_resources:
|
||||
designate:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, DesignatePublic, uri_no_suffix]}
|
||||
internal: {get_param: [EndpointMap, DesignateInternal, uri_no_suffix]}
|
||||
admin: {get_param: [EndpointMap, DesignateAdmin, uri_no_suffix]}
|
||||
users:
|
||||
designate:
|
||||
password: {get_param: DesignatePassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'dns'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionDesignateApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -105,13 +116,6 @@ outputs:
|
|||
- {}
|
||||
- designate::api::workers: {get_param: DesignateWorkers}
|
||||
service_config_settings:
|
||||
keystone:
|
||||
designate::keystone::auth::tenant: 'service'
|
||||
designate::keystone::auth::public_url: {get_param: [EndpointMap, DesignatePublic, uri_no_suffix]}
|
||||
designate::keystone::auth::internal_url: { get_param: [ EndpointMap, DesignateInternal, uri_no_suffix ] }
|
||||
designate::keystone::auth::admin_url: { get_param: [ EndpointMap, DesignateAdmin, uri_no_suffix ] }
|
||||
designate::keystone::auth::password: {get_param: DesignatePassword}
|
||||
designate::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
neutron_api:
|
||||
neutron::designate::password: {get_param: NeutronPassword}
|
||||
neutron::designate::url: {get_param: [EndpointMap, DesignateInternal, uri]}
|
||||
|
|
|
@ -299,6 +299,17 @@ outputs:
|
|||
dport:
|
||||
- 9292
|
||||
- 13292
|
||||
keystone_resources:
|
||||
glance:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, GlancePublic, uri]}
|
||||
internal: {get_param: [EndpointMap, GlanceInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, GlanceAdmin, uri]}
|
||||
users:
|
||||
glance:
|
||||
password: {get_param: GlancePassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'image'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -438,13 +449,6 @@ outputs:
|
|||
- {}
|
||||
- glance::api::sync_db: false
|
||||
service_config_settings:
|
||||
keystone:
|
||||
glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
|
||||
glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
|
||||
glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
|
||||
glance::keystone::auth::password: {get_param: GlancePassword }
|
||||
glance::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
glance::keystone::auth::tenant: 'service'
|
||||
mysql:
|
||||
glance::db::mysql::password: {get_param: GlancePassword}
|
||||
glance::db::mysql::user: glance
|
||||
|
|
|
@ -142,6 +142,17 @@ outputs:
|
|||
dport:
|
||||
- 8041
|
||||
- 13041
|
||||
keystone_resources:
|
||||
gnocchi:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, GnocchiPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, GnocchiInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, GnocchiAdmin, uri]}
|
||||
users:
|
||||
gnocchi:
|
||||
password: {get_param: GnocchiPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'metric'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -197,13 +208,6 @@ outputs:
|
|||
- rsyslog:
|
||||
tripleo_logging_sources_gnocchi_api:
|
||||
- {get_param: GnocchiApiLoggingSource}
|
||||
keystone:
|
||||
gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
|
||||
gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
|
||||
gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
|
||||
gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
|
||||
gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
gnocchi::keystone::auth::tenant: 'service'
|
||||
mysql:
|
||||
gnocchi::db::mysql::password: {get_param: GnocchiPassword}
|
||||
gnocchi::db::mysql::user: gnocchi
|
||||
|
|
|
@ -105,6 +105,17 @@ outputs:
|
|||
dport:
|
||||
- 8000
|
||||
- 13800
|
||||
keystone_resources:
|
||||
heat-cfn:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, HeatCfnPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, HeatCfnInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
|
||||
users:
|
||||
heat-cfn:
|
||||
password: {get_param: HeatPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'cloudformation'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCnf}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -145,15 +156,6 @@ outputs:
|
|||
rsyslog:
|
||||
tripleo_logging_sources_heat_api_cfn:
|
||||
- {get_param: HeatApiCfnLoggingSource}
|
||||
keystone:
|
||||
map_merge:
|
||||
- get_attr: [HeatBase, role_data, service_config_settings, keystone]
|
||||
- heat::keystone::auth_cfn::tenant: 'service'
|
||||
heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]}
|
||||
heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]}
|
||||
heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
|
||||
heat::keystone::auth_cfn::password: {get_param: HeatPassword}
|
||||
heat::keystone::auth_cfn::region: {get_param: KeystoneRegion}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: heat_api_cfn
|
||||
|
|
|
@ -74,6 +74,10 @@ parameters:
|
|||
e.g. { heat-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
||||
default: {}
|
||||
type: json
|
||||
HeatStackDomainAdminPassword:
|
||||
description: Password for heat_stack_domain_admin user.
|
||||
type: string
|
||||
hidden: true
|
||||
|
||||
conditions:
|
||||
|
||||
|
@ -119,6 +123,26 @@ outputs:
|
|||
dport:
|
||||
- 8004
|
||||
- 13004
|
||||
keystone_resources:
|
||||
heat:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, HeatPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, HeatInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, HeatAdmin, uri]}
|
||||
users:
|
||||
heat:
|
||||
password: {get_param: HeatPassword}
|
||||
heat_stack_domain_admin:
|
||||
password: {get_param: HeatStackDomainAdminPassword}
|
||||
roles:
|
||||
- admin
|
||||
domain: heat_stack
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'orchestration'
|
||||
roles:
|
||||
- heat_stack_user
|
||||
domains:
|
||||
- heat_stack
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionHeatApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -161,15 +185,6 @@ outputs:
|
|||
rsyslog:
|
||||
tripleo_logging_sources_heat_api:
|
||||
- {get_param: HeatApiLoggingSource}
|
||||
keystone:
|
||||
map_merge:
|
||||
- get_attr: [HeatBase, role_data, service_config_settings, keystone]
|
||||
- heat::keystone::auth::tenant: 'service'
|
||||
heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]}
|
||||
heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]}
|
||||
heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
|
||||
heat::keystone::auth::password: {get_param: HeatPassword}
|
||||
heat::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: heat_api
|
||||
|
|
|
@ -186,8 +186,3 @@ outputs:
|
|||
heat::cron::purge_deleted::age_type: {get_param: HeatCronPurgeDeletedAgeType}
|
||||
heat::cron::purge_deleted::destination: {get_param: HeatCronPurgeDeletedDestination}
|
||||
heat::max_json_body_size: {get_param: HeatMaxJsonBodySize}
|
||||
service_config_settings:
|
||||
keystone:
|
||||
tripleo::profile::base::keystone::heat_admin_domain: 'heat_stack'
|
||||
tripleo::profile::base::keystone::heat_admin_user: 'heat_stack_domain_admin'
|
||||
tripleo::profile::base::keystone::heat_admin_email: 'heat_stack_domain_admin@localhost'
|
||||
|
|
|
@ -216,10 +216,6 @@ outputs:
|
|||
heat::db::mysql::allowed_hosts:
|
||||
- '%'
|
||||
- "%{hiera('mysql_bind_host')}"
|
||||
keystone:
|
||||
map_merge:
|
||||
- get_attr: [HeatBase, role_data, service_config_settings, keystone]
|
||||
- tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: heat
|
||||
|
|
|
@ -203,8 +203,7 @@ outputs:
|
|||
- debug_unset
|
||||
- horizon::django_debug: { get_param: HorizonDebug }
|
||||
- horizon::django_debug: { get_param: Debug }
|
||||
service_config_settings:
|
||||
keystone:
|
||||
ansible_group_vars:
|
||||
keystone_enable_member: true
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
|
|
|
@ -105,6 +105,17 @@ outputs:
|
|||
dport:
|
||||
- 6385
|
||||
- 13385
|
||||
keystone_resources:
|
||||
ironic:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
|
||||
internal: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
|
||||
admin: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
|
||||
users:
|
||||
ironic:
|
||||
password: {get_param: IronicPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'baremetal'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionIronicApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -159,14 +170,6 @@ outputs:
|
|||
ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
|
||||
- apache::default_vhost: false
|
||||
service_config_settings:
|
||||
keystone:
|
||||
ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
|
||||
ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
|
||||
ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
|
||||
ironic::keystone::auth::auth_name: 'ironic'
|
||||
ironic::keystone::auth::password: {get_param: IronicPassword }
|
||||
ironic::keystone::auth::tenant: 'service'
|
||||
ironic::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
mysql:
|
||||
ironic::db::mysql::password: {get_param: IronicPassword}
|
||||
ironic::db::mysql::user: ironic
|
||||
|
|
|
@ -212,6 +212,17 @@ outputs:
|
|||
proto: 'udp'
|
||||
chain: 'OUTPUT'
|
||||
dport: 547
|
||||
keystone_resources:
|
||||
ironic-inspector:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, IronicInspectorPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, IronicInspectorInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, IronicInspectorAdmin, uri]}
|
||||
users:
|
||||
ironic-inspector:
|
||||
password: {get_param: IronicPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'baremetal-introspection'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionIronicInspector}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -314,13 +325,6 @@ outputs:
|
|||
- ironic::inspector::tftp_root: /var/lib/ironic/tftpboot
|
||||
- ironic::inspector::http_root: /var/lib/ironic/httpboot
|
||||
service_config_settings:
|
||||
keystone:
|
||||
ironic::keystone::auth_inspector::tenant: 'service'
|
||||
ironic::keystone::auth_inspector::public_url: {get_param: [EndpointMap, IronicInspectorPublic, uri]}
|
||||
ironic::keystone::auth_inspector::internal_url: {get_param: [EndpointMap, IronicInspectorInternal, uri]}
|
||||
ironic::keystone::auth_inspector::admin_url: {get_param: [EndpointMap, IronicInspectorAdmin, uri]}
|
||||
ironic::keystone::auth_inspector::password: {get_param: IronicPassword}
|
||||
ironic::keystone::auth_inspector::region: {get_param: KeystoneRegion}
|
||||
mysql:
|
||||
ironic::inspector::db::mysql::password: {get_param: IronicPassword}
|
||||
ironic::inspector::db::mysql::user: ironic-inspector
|
||||
|
|
|
@ -349,6 +349,7 @@ outputs:
|
|||
- {}
|
||||
- keystone::cors::allowed_origin: {get_param: KeystoneCorsAllowedOrigin}
|
||||
- keystone_enable_member: {get_param: KeystoneEnableMember}
|
||||
- keystone_resources_managed: false
|
||||
- keystone::database_connection:
|
||||
make_url:
|
||||
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
|
||||
|
@ -712,6 +713,40 @@ outputs:
|
|||
username: admin
|
||||
identity_api_version: '3'
|
||||
region_name: {get_param: KeystoneRegion}
|
||||
- name: Manage Keystone resources
|
||||
become: true
|
||||
when:
|
||||
- step|int == 4
|
||||
- not ansible_check_mode|bool
|
||||
block:
|
||||
- name: Manage Keystone resources for OpenStack services
|
||||
include_role:
|
||||
name: tripleo-keystone-resources
|
||||
vars:
|
||||
tripleo_keystone_resources_catalog_config: "{{ keystone_resources }}"
|
||||
tripleo_keystone_resources_service_project: 'service'
|
||||
tripleo_keystone_resources_cloud_name: {get_param: RootStackName}
|
||||
tripleo_keystone_resources_region: {get_param: KeystoneRegion}
|
||||
tripleo_keystone_resources_admin_endpoint: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
tripleo_keystone_resources_public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
tripleo_keystone_resources_internal_endpoint: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
tripleo_keystone_resources_admin_password: {get_param: AdminPassword}
|
||||
tripleo_keystone_resources_member_role_enabled: {get_param: KeystoneEnableMember}
|
||||
- name: is Keystone LDAP enabled
|
||||
set_fact:
|
||||
keystone_ldap_domain_enabled: {get_param: KeystoneLDAPDomainEnable}
|
||||
- name: Set fact for tripleo_keystone_ldap_domains
|
||||
set_fact:
|
||||
tripleo_keystone_ldap_domains: {get_param: KeystoneLDAPBackendConfigs}
|
||||
when: keystone_ldap_domain_enabled|bool
|
||||
- name: Manage Keystone domains from LDAP config
|
||||
when: keystone_ldap_domain_enabled|bool
|
||||
include_role:
|
||||
name: tripleo-keystone-resources
|
||||
tasks_from: domains
|
||||
vars:
|
||||
tripleo_keystone_resources_catalog_config: "{{ keystone_resources }}"
|
||||
batched_tripleo_keystone_resources_domains: "{{ tripleo_keystone_ldap_domains | list }}"
|
||||
deploy_steps_tasks:
|
||||
- name: validate keystone service state
|
||||
when:
|
||||
|
@ -732,7 +767,7 @@ outputs:
|
|||
# Keystone endpoint creation occurs only on single node
|
||||
step_3:
|
||||
config_volume: 'keystone_init_tasks'
|
||||
puppet_tags: 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain,keystone_puppet_config'
|
||||
puppet_tags: 'keystone_config'
|
||||
step_config: 'include ::tripleo::profile::base::keystone'
|
||||
config_image: *keystone_config_image
|
||||
host_prep_tasks: {get_attr: [KeystoneLogging, host_prep_tasks]}
|
||||
|
|
|
@ -99,6 +99,27 @@ outputs:
|
|||
dport:
|
||||
- 8786
|
||||
- 13786
|
||||
keystone_resources:
|
||||
manila:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, ManilaV1Public, uri]}
|
||||
internal: {get_param: [EndpointMap, ManilaV1Internal, uri]}
|
||||
admin: {get_param: [EndpointMap, ManilaV1Admin, uri]}
|
||||
users:
|
||||
manila:
|
||||
password: {get_param: ManilaPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'share'
|
||||
manilav2:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, ManilaPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, ManilaInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, ManilaAdmin, uri]}
|
||||
users:
|
||||
manilav2:
|
||||
password: {get_param: ManilaPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'sharev2'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionManilaApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -142,19 +163,7 @@ outputs:
|
|||
- manila_workers_zero
|
||||
- {}
|
||||
- manila::wsgi::apache::workers: {get_param: ManilaWorkers}
|
||||
service_config_settings:
|
||||
map_merge:
|
||||
- get_attr: [ManilaBase, role_data, service_config_settings]
|
||||
- keystone:
|
||||
manila::keystone::auth::tenant: 'service'
|
||||
manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]}
|
||||
manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]}
|
||||
manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]}
|
||||
manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]}
|
||||
manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]}
|
||||
manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]}
|
||||
manila::keystone::auth::password: {get_param: ManilaPassword}
|
||||
manila::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]}
|
||||
# BEGIN DOCKER SETTINGS #
|
||||
puppet_config:
|
||||
config_volume: manila
|
||||
|
|
|
@ -60,6 +60,14 @@ parameters:
|
|||
default: ''
|
||||
description: Indicate whether this resource may be shared with the domain received in the request
|
||||
"origin" header.
|
||||
MistralPassword:
|
||||
description: The password for the Mistral service and db account, used by the Mistral services.
|
||||
type: string
|
||||
hidden: true
|
||||
KeystoneRegion:
|
||||
type: string
|
||||
default: 'regionOne'
|
||||
description: Keystone region for endpoint
|
||||
|
||||
conditions:
|
||||
mistral_workers_zero: {equals : [{get_param: MistralWorkers}, 0]}
|
||||
|
@ -93,6 +101,17 @@ outputs:
|
|||
dport:
|
||||
- 8989
|
||||
- 13989
|
||||
keystone_resources:
|
||||
mistral:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, MistralPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, MistralInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, MistralAdmin, uri]}
|
||||
users:
|
||||
mistral:
|
||||
password: {get_param: MistralPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'workflowv2'
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [MistralBase, role_data, config_settings]
|
||||
|
|
|
@ -50,10 +50,6 @@ parameters:
|
|||
description: The password for the Mistral service and db account, used by the Mistral services.
|
||||
type: string
|
||||
hidden: true
|
||||
KeystoneRegion:
|
||||
type: string
|
||||
default: 'regionOne'
|
||||
description: Keystone region for endpoint
|
||||
NotificationDriver:
|
||||
type: string
|
||||
default: 'messagingv2'
|
||||
|
@ -109,13 +105,6 @@ outputs:
|
|||
- - {get_param: [EndpointMap, KeystoneV3Internal, uri]}
|
||||
- '/ec2tokens'
|
||||
service_config_settings:
|
||||
keystone:
|
||||
mistral::keystone::auth::tenant: 'service'
|
||||
mistral::keystone::auth::public_url: {get_param: [EndpointMap, MistralPublic, uri]}
|
||||
mistral::keystone::auth::internal_url: {get_param: [EndpointMap, MistralInternal, uri]}
|
||||
mistral::keystone::auth::admin_url: {get_param: [EndpointMap, MistralAdmin, uri]}
|
||||
mistral::keystone::auth::password: {get_param: MistralPassword}
|
||||
mistral::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
mysql:
|
||||
mistral::db::mysql::user: mistral
|
||||
mistral::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
||||
|
|
|
@ -229,6 +229,17 @@ outputs:
|
|||
dport:
|
||||
- 9696
|
||||
- 13696
|
||||
keystone_resources:
|
||||
neutron:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, NeutronPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, NeutronInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, NeutronAdmin, uri]}
|
||||
users:
|
||||
neutron:
|
||||
password: {get_param: NeutronPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'network'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -373,13 +384,6 @@ outputs:
|
|||
rsyslog:
|
||||
tripleo_logging_sources_neutron_api:
|
||||
- {get_param: NeutronApiLoggingSource}
|
||||
keystone:
|
||||
neutron::keystone::auth::tenant: 'service'
|
||||
neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
|
||||
neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
|
||||
neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
|
||||
neutron::keystone::auth::password: {get_param: NeutronPassword}
|
||||
neutron::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
mysql:
|
||||
neutron::db::mysql::password: {get_param: NeutronPassword}
|
||||
neutron::db::mysql::user: neutron
|
||||
|
|
|
@ -151,6 +151,20 @@ outputs:
|
|||
dport:
|
||||
- 8774
|
||||
- 13774
|
||||
keystone_resources:
|
||||
nova:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, NovaPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, NovaInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, NovaAdmin, uri]}
|
||||
users:
|
||||
nova:
|
||||
roles:
|
||||
- admin
|
||||
- service
|
||||
password: {get_param: NovaPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'compute'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionNovaApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -225,14 +239,6 @@ outputs:
|
|||
nova::db::mysql_api::allowed_hosts:
|
||||
- '%'
|
||||
- "%{hiera('mysql_bind_host')}"
|
||||
keystone:
|
||||
nova::keystone::auth::tenant: 'service'
|
||||
nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
|
||||
nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
|
||||
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
|
||||
nova::keystone::auth::password: {get_param: NovaPassword}
|
||||
nova::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
nova::keystone::auth::roles: ['admin', 'service']
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: nova
|
||||
|
|
|
@ -172,13 +172,6 @@ outputs:
|
|||
rsyslog:
|
||||
tripleo_logging_sources_nova_metadata:
|
||||
- {get_param: NovaMetadataLoggingSource}
|
||||
keystone:
|
||||
nova::keystone::auth::tenant: 'service'
|
||||
nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
|
||||
nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
|
||||
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
|
||||
nova::keystone::auth::password: {get_param: NovaPassword}
|
||||
nova::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
mysql:
|
||||
map_merge:
|
||||
- {get_attr: [NovaBase, role_data, service_config_settings, mysql]}
|
||||
|
|
|
@ -98,6 +98,22 @@ outputs:
|
|||
'119 novajoin':
|
||||
dport:
|
||||
- 9090
|
||||
keystone_resources:
|
||||
novajoin:
|
||||
endpoints:
|
||||
public: &novajoin_endpoint
|
||||
str_replace:
|
||||
template:
|
||||
"http://%{hiera('novajoin_network')}:9090/v1/"
|
||||
params:
|
||||
novajoin_network: {get_param: [ServiceNetMap, NovajoinNetwork]}
|
||||
internal: *novajoin_endpoint
|
||||
admin: *novajoin_endpoint
|
||||
users:
|
||||
novajoin:
|
||||
password: {get_param: NovajoinPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'compute-vendordata-plugin'
|
||||
config_settings:
|
||||
tripleo::profile::base::novajoin::oslomsg_rpc_password: {get_param: RpcPassword}
|
||||
tripleo::profile::base::novajoin::oslomsg_rpc_port: {get_param: RabbitClientPort}
|
||||
|
@ -124,19 +140,6 @@ outputs:
|
|||
nova::metadata::novajoin::authtoken::project_name: 'service'
|
||||
nova::metadata::novajoin::policy::policies: {get_param: NovajoinPolicies}
|
||||
service_config_settings:
|
||||
keystone:
|
||||
nova::metadata::novajoin::auth::tenant: 'service'
|
||||
nova::metadata::novajoin::auth::password: {get_param: NovajoinPassword}
|
||||
nova::metadata::novajoin::auth::region: {get_param: KeystoneRegion}
|
||||
nova::metadata::novajoin::auth::configure_endpoint: true
|
||||
nova::metadata::novajoin::auth::public_url: &novajoin_endpoint
|
||||
str_replace:
|
||||
template:
|
||||
"http://%{hiera('novajoin_network')}:9090/v1/"
|
||||
params:
|
||||
novajoin_network: {get_param: [ServiceNetMap, NovajoinNetwork]}
|
||||
nova::metadata::novajoin::auth::internal_url: *novajoin_endpoint
|
||||
nova::metadata::novajoin::auth::admin_url: *novajoin_endpoint
|
||||
nova_metadata: &nova_vendordata
|
||||
novajoin_address: *novajoin_address
|
||||
nova::vendordata::vendordata_jsonfile_path: '/etc/novajoin/cloud-config-novajoin.json'
|
||||
|
|
|
@ -130,6 +130,17 @@ outputs:
|
|||
dport:
|
||||
- 9876
|
||||
- 13876
|
||||
keystone_resources:
|
||||
octavia:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, OctaviaPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, OctaviaInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, OctaviaAdmin, uri]}
|
||||
users:
|
||||
octavia:
|
||||
password: {get_param: OctaviaPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'load-balancer'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -185,13 +196,6 @@ outputs:
|
|||
rsyslog:
|
||||
tripleo_logging_sources_octavia_api:
|
||||
- {get_param: OctaviaApiLoggingSource}
|
||||
keystone:
|
||||
octavia::keystone::auth::tenant: {get_param: OctaviaProjectName}
|
||||
octavia::keystone::auth::public_url: {get_param: [EndpointMap, OctaviaPublic, uri]}
|
||||
octavia::keystone::auth::internal_url: { get_param: [ EndpointMap, OctaviaInternal, uri ] }
|
||||
octavia::keystone::auth::admin_url: { get_param: [ EndpointMap, OctaviaAdmin, uri ] }
|
||||
octavia::keystone::auth::password: {get_param: OctaviaPassword}
|
||||
octavia::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
mysql:
|
||||
octavia::db::mysql::password: {get_param: OctaviaPassword}
|
||||
octavia::db::mysql::user: {get_param: OctaviaUserName}
|
||||
|
|
|
@ -115,6 +115,17 @@ outputs:
|
|||
dport:
|
||||
- 8778
|
||||
- 13778
|
||||
keystone_resources:
|
||||
placement:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, PlacementPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, PlacementInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, PlacementAdmin, uri]}
|
||||
users:
|
||||
placement:
|
||||
password: {get_param: PlacementPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'placement'
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [PlacementLogging, config_settings]
|
||||
|
@ -173,13 +184,6 @@ outputs:
|
|||
- rsyslog:
|
||||
tripleo_logging_sources_placement:
|
||||
- {get_param: PlacementLoggingSource}
|
||||
keystone:
|
||||
placement::keystone::auth::tenant: 'service'
|
||||
placement::keystone::auth::public_url: {get_param: [EndpointMap, PlacementPublic, uri]}
|
||||
placement::keystone::auth::internal_url: {get_param: [EndpointMap, PlacementInternal, uri]}
|
||||
placement::keystone::auth::admin_url: {get_param: [EndpointMap, PlacementAdmin, uri]}
|
||||
placement::keystone::auth::password: {get_param: PlacementPassword}
|
||||
placement::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
mysql:
|
||||
placement::db::mysql::password: {get_param: PlacementPassword}
|
||||
placement::db::mysql::user: placement
|
||||
|
|
|
@ -91,6 +91,17 @@ outputs:
|
|||
dport:
|
||||
- 8386
|
||||
- 13386
|
||||
keystone_resources:
|
||||
sahara:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, SaharaPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, SaharaInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, SaharaAdmin, uri]}
|
||||
users:
|
||||
sahara:
|
||||
password: {get_param: SaharaPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'data-processing'
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionSaharaApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -114,13 +125,6 @@ outputs:
|
|||
rsyslog:
|
||||
tripleo_logging_sources_sahara_api:
|
||||
- {get_param: SaharaApiLoggingSource}
|
||||
keystone:
|
||||
sahara::keystone::auth::tenant: 'service'
|
||||
sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]}
|
||||
sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]}
|
||||
sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]}
|
||||
sahara::keystone::auth::password: {get_param: SaharaPassword }
|
||||
sahara::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
mysql:
|
||||
sahara::db::mysql::password: {get_param: SaharaPassword}
|
||||
sahara::db::mysql::user: sahara
|
||||
|
|
|
@ -92,32 +92,29 @@ outputs:
|
|||
|
||||
step_config:
|
||||
|
||||
service_config_settings:
|
||||
keystone:
|
||||
swift::keystone::auth::public_url:
|
||||
keystone_resources:
|
||||
swift:
|
||||
endpoints:
|
||||
public:
|
||||
if:
|
||||
- deprecated_external_public_url
|
||||
- {get_param: ExternalPublicUrl}
|
||||
- {get_param: ExternalSwiftPublicUrl}
|
||||
swift::keystone::auth::internal_url:
|
||||
internal:
|
||||
if:
|
||||
- deprecated_external_internal_url
|
||||
- {get_param: ExternalInternalUrl}
|
||||
- {get_param: ExternalSwiftInternalUrl}
|
||||
swift::keystone::auth::admin_url:
|
||||
admin:
|
||||
if:
|
||||
- deprecated_external_admin_url
|
||||
- {get_param: ExternalAdminUrl}
|
||||
- {get_param: ExternalSwiftAdminUrl}
|
||||
swift::keystone::auth::public_url_s3: ''
|
||||
swift::keystone::auth::internal_url_s3: ''
|
||||
swift::keystone::auth::admin_url_s3: ''
|
||||
swift::keystone::auth::password: {get_param: SwiftPassword}
|
||||
swift::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
swift::keystone::auth::tenant: {get_param: ExternalSwiftUserTenant}
|
||||
swift::keystone::auth::configure_s3_endpoint: false
|
||||
swift::keystone::auth::operator_roles:
|
||||
- admin
|
||||
users:
|
||||
swift:
|
||||
password: {get_param: SwiftPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'object-store'
|
||||
roles:
|
||||
- swiftoperator
|
||||
- ResellerAdmin
|
||||
|
||||
|
|
|
@ -131,6 +131,20 @@ outputs:
|
|||
dport:
|
||||
- 8080
|
||||
- 13808
|
||||
keystone_resources:
|
||||
swift:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, SwiftPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, SwiftInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, SwiftAdmin, uri]}
|
||||
users:
|
||||
swift:
|
||||
password: {get_param: SwiftPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'object-store'
|
||||
roles:
|
||||
- swiftoperator
|
||||
- ResellerAdmin
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionSwiftProxy}
|
||||
config_settings:
|
||||
map_merge:
|
||||
|
@ -253,22 +267,6 @@ outputs:
|
|||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
|
||||
service_config_settings:
|
||||
keystone:
|
||||
swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
|
||||
swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
|
||||
swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
|
||||
swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
|
||||
swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
|
||||
swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
|
||||
swift::keystone::auth::password: {get_param: SwiftPassword}
|
||||
swift::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
swift::keystone::auth::tenant: 'service'
|
||||
swift::keystone::auth::configure_s3_endpoint: false
|
||||
swift::keystone::auth::operator_roles:
|
||||
- admin
|
||||
- swiftoperator
|
||||
- ResellerAdmin
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: swift
|
||||
|
|
|
@ -80,6 +80,10 @@ parameters:
|
|||
type: json
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
KeystoneRegion:
|
||||
type: string
|
||||
default: 'regionOne'
|
||||
description: Keystone region for endpoint
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
|
@ -100,7 +104,27 @@ outputs:
|
|||
service_config_settings:
|
||||
rabbitmq:
|
||||
vrts_rabbitmq_passwd: {get_param: VrtsRabbitPassword}
|
||||
keystone:
|
||||
vrts_keystone_passwd: {get_param: VrtsKeystonePassword}
|
||||
mysql:
|
||||
vrts_mysql_passwd: {get_param: VrtsMysqlPassword}
|
||||
keystone_resources:
|
||||
hyperscale:
|
||||
# Replicating what was done with Puppet manifest:
|
||||
# https://github.com/vtas-hyperscale-ci/puppet-veritas_hyperscale/blob/7c7868adb027c5bcfdcb6fc9d86610470759ae28/manifests/hs_keystone.pp#L17
|
||||
# Moving forward, we should have the Veritas part of EndpointMap so the service
|
||||
# can live outside of the Keystone node.
|
||||
endpoints:
|
||||
public: &veritas_endpoint
|
||||
make_url:
|
||||
scheme: {get_param: [EndpointMap, KeystoneAdmin, protocol]}
|
||||
host: {get_param: [EndpointMap, KeystoneAdmin, host]}
|
||||
port: 8753
|
||||
path: /v1/%(tenant_id)s
|
||||
internal: *veritas_endpoint
|
||||
admin: *veritas_endpoint
|
||||
users:
|
||||
hyperscale:
|
||||
password: {get_param: VrtsKeystonePassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'infrastructure'
|
||||
roles:
|
||||
- infra_admin
|
||||
|
|
|
@ -123,6 +123,27 @@ outputs:
|
|||
- 8888
|
||||
- 3000 #SSL for websocket
|
||||
- 13888 #SSL for api
|
||||
keystone_resources:
|
||||
zaqar:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, ZaqarPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, ZaqarInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, ZaqarAdmin, uri]}
|
||||
users:
|
||||
zaqar:
|
||||
password: {get_param: ZaqarPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'messaging'
|
||||
zaqar-websocket:
|
||||
endpoints:
|
||||
public: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]}
|
||||
internal: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
|
||||
admin: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]}
|
||||
users:
|
||||
zaqar-websocket:
|
||||
password: {get_param: ZaqarPassword}
|
||||
region: {get_param: KeystoneRegion}
|
||||
service: 'messaging-websocket'
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||
|
@ -221,18 +242,6 @@ outputs:
|
|||
service_config_settings:
|
||||
map_merge:
|
||||
- keystone:
|
||||
zaqar::keystone::auth::password: {get_param: ZaqarPassword}
|
||||
zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]}
|
||||
zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]}
|
||||
zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]}
|
||||
zaqar::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
zaqar::keystone::auth::tenant: 'service'
|
||||
zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword}
|
||||
zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]}
|
||||
zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]}
|
||||
zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
|
||||
zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion}
|
||||
zaqar::keystone::auth_websocket::tenant: 'service'
|
||||
zaqar::keystone::trust::password: {get_param: ZaqarPassword}
|
||||
zaqar::keystone::trust::user_domain_name: 'Default'
|
||||
-
|
||||
|
|
|
@ -1130,6 +1130,11 @@ resources:
|
|||
- add_vips_to_etc_hosts
|
||||
- {get_attr: [VipHosts, value]}
|
||||
- ''
|
||||
KeystoneResourcesConfigs:
|
||||
map_merge:
|
||||
{% for role in roles %}
|
||||
- get_attr: [{{role.name}}ServiceChainRoleData, value, keystone_resources]
|
||||
{% endfor %}
|
||||
|
||||
outputs:
|
||||
ManagedEndpoints:
|
||||
|
|
Loading…
Reference in New Issue