Mv Nova, Neutron, Horizon out of controller.yaml

This patch moves the settings for Nova, Neutron, and Horizon
out of controller.yaml.

Also fixes the NovaPassword settings in nova-base.yaml
so they don't use get_input.

Also, creates a new apache.yaml base service to contain shared
apache settings for several services which use Apache for WSGI.

Co-Authored-By: Giulio Fidente <gfidente@redhat.com>

Change-Id: I35d909bd5abc23976b5732a2b9af31cf1448838e
Related-bug: #1604414
changes/62/361362/8
Dan Prince 6 years ago
parent a02cee9e3b
commit e3cb92a5db
  1. 1
      network/service_net_map.yaml
  2. 1
      overcloud-resource-registry-puppet.yaml
  3. 1
      overcloud.yaml
  4. 88
      puppet/controller.yaml
  5. 8
      puppet/services/aodh-api.yaml
  6. 40
      puppet/services/apache.yaml
  7. 8
      puppet/services/ceilometer-api.yaml
  8. 9
      puppet/services/gnocchi-api.yaml
  9. 39
      puppet/services/horizon.yaml
  10. 153
      puppet/services/keystone.yaml
  11. 6
      puppet/services/neutron-api.yaml
  12. 6
      puppet/services/neutron-metadata.yaml
  13. 24
      puppet/services/nova-api.yaml
  14. 4
      puppet/services/nova-base.yaml
  15. 6
      puppet/services/nova-vncproxy.yaml

@ -13,6 +13,7 @@ parameters:
ServiceNetMapDefaults:
default:
ApacheNetwork: internal_api
NeutronTenantNetwork: tenant
CeilometerApiNetwork: internal_api
AodhApiNetwork: internal_api

@ -130,6 +130,7 @@ resource_registry:
# services
OS::TripleO::Services: puppet/services/services.yaml
OS::TripleO::Services::Apache: puppet/services/apache.yaml
OS::TripleO::Services::CACerts: puppet/services/ca-certs.yaml
OS::TripleO::Services::CephMon: OS::Heat::None
OS::TripleO::Services::CephOSD: OS::Heat::None

@ -435,7 +435,6 @@ resources:
properties:
CloudDomain: {get_param: CloudDomain}
controllerExtraConfig: {get_param: controllerExtraConfig}
HorizonSecret: {get_resource: HorizonSecret}
PcsdPassword: {get_resource: PcsdPassword}
RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}
RedisVirtualIPUri: {get_attr: [RedisVirtualIP, ip_address_uri]}

@ -83,10 +83,6 @@ parameters:
type: string
constraints:
- custom_constraint: nova.flavor
HorizonSecret:
description: Secret key for Django
type: string
hidden: true
controllerImage:
type: string
default: overcloud-full
@ -96,10 +92,6 @@ parameters:
default: 'REBUILD_PRESERVE_EPHEMERAL'
description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
type: string
InstanceNameTemplate:
default: 'instance-%08x'
description: Template string to be used to generate instance names
type: string
KeyName:
default: default
description: Name of an existing Nova key pair to enable SSH access to the instances
@ -110,39 +102,14 @@ parameters:
default: false
description: Whether to manage IPtables rules.
type: boolean
MemcachedIPv6:
default: false
description: Enable IPv6 features in Memcached.
type: boolean
PurgeFirewallRules:
default: false
description: Whether IPtables rules should be purged before setting up the new ones.
type: boolean
NeutronMetadataProxySharedSecret:
description: Shared secret to prevent spoofing
type: string
hidden: true
NeutronPassword:
description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
NeutronPublicInterface:
default: nic1
description: What interface to bridge onto br-ex for network nodes.
type: string
NovaEnableDBPurge:
default: true
description: |
Whether to create cron job for purging soft deleted rows in Nova database.
type: boolean
NovaIPv6:
default: false
description: Enable IPv6 features in Nova
type: boolean
NovaPassword:
description: The password for the nova service and db account, used by nova-api.
type: string
hidden: true
PcsdPassword:
type: string
description: The password for the 'pcsd' user.
@ -162,10 +129,6 @@ parameters:
default: {}
description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
type: json
UpgradeLevelNovaCompute:
type: string
description: Nova Compute upgrade level
default: ''
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
@ -392,43 +355,15 @@ resources:
server: {get_resource: Controller}
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
horizon_secret: {get_param: HorizonSecret}
debug: {get_param: Debug}
keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
enable_fencing: {get_param: EnableFencing}
enable_load_balancer: {get_param: EnableLoadBalancer}
manage_firewall: {get_param: ManageFirewall}
purge_firewall_rules: {get_param: PurgeFirewallRules}
neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
nova_enable_db_purge: {get_param: NovaEnableDBPurge}
nova_ipv6: {get_param: NovaIPv6}
corosync_ipv6: {get_param: CorosyncIPv6}
memcached_ipv6: {get_param: MemcachedIPv6}
nova_password: {get_param: NovaPassword}
upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
instance_name_template: {get_param: InstanceNameTemplate}
fencing_config: {get_param: FencingConfig}
pcsd_password: {get_param: PcsdPassword}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
horizon_subnet:
str_replace:
template: "['SUBNET']"
params:
SUBNET:
get_attr:
- NetIpMap
- net_ip_map
- str_replace:
template: "NETWORK_subnet"
params:
NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
redis_vip: {get_param: RedisVirtualIP}
ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]}
@ -489,37 +424,14 @@ resources:
tripleo::fencing::config: {get_input: fencing_config}
# Neutron
neutron::bind_host: {get_input: neutron_api_network}
neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
# Nova
nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
nova::use_ipv6: {get_input: nova_ipv6}
nova::api::api_bind_address: {get_input: nova_api_network}
nova::api::metadata_listen: {get_input: nova_metadata_network}
nova::glance_api_servers: {get_input: glance_api_servers}
nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
nova::api::instance_name_template: {get_input: instance_name_template}
nova::vncproxy::host: {get_input: nova_api_network}
nova_enable_db_purge: {get_input: nova_enable_db_purge}
# Horizon
apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet}
apache::ip: {get_input: horizon_network}
horizon::django_debug: {get_input: debug}
horizon::secret_key: {get_input: horizon_secret}
horizon::bind_address: {get_input: horizon_network}
horizon::keystone_url: {get_input: keystone_auth_uri}
# Redis
redis_vip: {get_input: redis_vip}
# Firewall
tripleo::firewall::manage_firewall: {get_input: manage_firewall}
tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
# Misc
memcached_ipv6: {get_input: memcached_ipv6}
tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}

@ -27,6 +27,13 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
ApacheServiceBase:
type: ./apache.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Aodh API service.
@ -35,6 +42,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [AodhBase, role_data, config_settings]
- get_attr: [ApacheServiceBase, role_data, config_settings]
- aodh::wsgi::apache::ssl: false
aodh::api::service_name: 'httpd'
tripleo.aodh_api.firewall_rules:

@ -0,0 +1,40 @@
heat_template_version: 2016-10-14
description: >
Apache service configured with Puppet. Note this is typically included
automatically via other services which run via Apache.
parameters:
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
outputs:
role_data:
description: Role data for the Apache role.
value:
service_name: apache
config_settings:
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]}
apache_remote_proxy_ips_network:
str_replace:
template: "NETWORK_subnet"
params:
NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
apache::mod::remoteip::proxy_ips:
- "%{hiera('apache_remote_proxy_ips_network')}"

@ -28,6 +28,13 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
ApacheServiceBase:
type: ./apache.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Ceilometer API role.
@ -35,6 +42,7 @@ outputs:
service_name: ceilometer_api
config_settings:
map_merge:
- get_attr: [ApacheServiceBase, role_data, config_settings]
- get_attr: [CeilometerServiceBase, role_data, config_settings]
- tripleo.ceilometer_api.firewall_rules:
'124 ceilometer':

@ -35,6 +35,7 @@ parameters:
description: Keystone region for endpoint
resources:
GnocchiServiceBase:
type: ./gnocchi-base.yaml
properties:
@ -42,6 +43,13 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
ApacheServiceBase:
type: ./apache.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Gnocchi role.
@ -49,6 +57,7 @@ outputs:
service_name: gnocchi_api
config_settings:
map_merge:
- get_attr: [ApacheServiceBase, role_data, config_settings]
- get_attr: [GnocchiServiceBase, role_data, config_settings]
- tripleo.gnocchi_api.firewall_rules:
'129 gnocchi-api':

@ -1,4 +1,4 @@
heat_template_version: 2016-04-08
heat_template_version: 2016-10-14
description: >
Horizon service configured with Puppet
@ -10,6 +10,10 @@ parameters:
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
Debug:
default: ''
description: Set to True to enable debugging on all services.
type: string
DefaultPasswords:
default: {}
type: json
@ -22,11 +26,20 @@ parameters:
default: '*'
description: A list of IP/Hostname allowed to connect to horizon
type: comma_delimited_list
HorizonSecret:
description: Secret key for Django
type: string
hidden: true
default: ''
NeutronMechanismDrivers:
default: 'openvswitch'
description: |
The mechanism drivers for the Neutron tenant network.
type: comma_delimited_list
MemcachedIPv6:
default: false
description: Enable IPv6 features in Memcached.
type: boolean
outputs:
role_data:
@ -51,5 +64,29 @@ outputs:
add_listen: false
priority: 10
access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
apache::ip: {get_param: [ServiceNetMap, HorizonNetwork]}
apache_remote_proxy_ips_network:
str_replace:
template: "NETWORK_subnet"
params:
NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
apache::mod::remoteip::proxy_ips:
- "%{hiera('apache_remote_proxy_ips_network')}"
horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]}
horizon::django_debug: {get_param: Debug}
horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
horizon::secret_key:
yaql:
expression: $.data.passwords.where($ != '').first()
data:
passwords:
- {get_param: HorizonSecret}
- {get_param: [DefaultPasswords, horizon_secret]}
memcached_ipv6: {get_param: MemcachedIPv6}
step_config: |
include ::tripleo::profile::base::horizon

@ -84,81 +84,94 @@ parameters:
type: string
description: Set the number of workers for keystone::wsgi::apache
default: '"%{::processorcount}"'
resources:
ApacheServiceBase:
type: ./apache.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Keystone role.
value:
service_name: keystone
config_settings:
keystone::database_connection:
list_join:
- ''
- - {get_param: [EndpointMap, MysqlInternal, protocol]}
- '://keystone:'
- {get_param: AdminToken}
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/keystone'
keystone::admin_token: {get_param: AdminToken}
keystone::roles::admin::password: {get_param: AdminPassword}
keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
keystone::enable_proxy_headers_parsing: true
keystone::debug: {get_param: Debug}
keystone::db::mysql::password: {get_param: AdminToken}
keystone::rabbit_userid: {get_param: RabbitUserName}
keystone::rabbit_password: {get_param: RabbitPassword}
keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
keystone::rabbit_port: {get_param: RabbitClientPort}
keystone::notification_driver: {get_param: KeystoneNotificationDriver}
keystone::notification_format: {get_param: KeystoneNotificationFormat}
keystone::roles::admin::email: {get_param: AdminEmail}
keystone::roles::admin::password: {get_param: AdminPassword}
keystone::endpoint::public_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
keystone::endpoint::region: {get_param: KeystoneRegion}
keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
keystone::db::mysql::user: keystone
keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
keystone::db::mysql::dbname: keystone
keystone::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
keystone::rabbit_heartbeat_timeout_threshold: 60
keystone::cron::token_flush::maxdelay: 3600
keystone::roles::admin::service_tenant: 'service'
keystone::roles::admin::admin_tenant: 'admin'
keystone::cron::token_flush::destination: '/dev/null'
keystone::config::keystone_config:
ec2/driver:
value: 'keystone.contrib.ec2.backends.sql.Ec2'
keystone::service_name: 'httpd'
keystone::wsgi::apache::ssl: false
keystone::wsgi::apache::workers: {get_param: KeystoneWorkers}
# override via extraconfig:
keystone::wsgi::apache::threads: 1
keystone::db::database_db_max_retries: -1
keystone::db::database_max_retries: -1
tripleo.keystone.firewall_rules:
'111 keystone':
dport:
- 5000
- 13000
- 35357
- 13357
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
# NOTE: this applies to all 4 bind IP settings below...
keystone::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
keystone::public_bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
config_settings:
map_merge:
- get_attr: [ApacheServiceBase, role_data, config_settings]
- keystone::database_connection:
list_join:
- ''
- - {get_param: [EndpointMap, MysqlInternal, protocol]}
- '://keystone:'
- {get_param: AdminToken}
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/keystone'
keystone::admin_token: {get_param: AdminToken}
keystone::roles::admin::password: {get_param: AdminPassword}
keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
keystone::enable_proxy_headers_parsing: true
keystone::debug: {get_param: Debug}
keystone::db::mysql::password: {get_param: AdminToken}
keystone::rabbit_userid: {get_param: RabbitUserName}
keystone::rabbit_password: {get_param: RabbitPassword}
keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
keystone::rabbit_port: {get_param: RabbitClientPort}
keystone::notification_driver: {get_param: KeystoneNotificationDriver}
keystone::notification_format: {get_param: KeystoneNotificationFormat}
keystone::roles::admin::email: {get_param: AdminEmail}
keystone::roles::admin::password: {get_param: AdminPassword}
keystone::endpoint::public_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
keystone::endpoint::region: {get_param: KeystoneRegion}
keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
keystone::db::mysql::user: keystone
keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
keystone::db::mysql::dbname: keystone
keystone::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
keystone::rabbit_heartbeat_timeout_threshold: 60
keystone::cron::token_flush::maxdelay: 3600
keystone::roles::admin::service_tenant: 'service'
keystone::roles::admin::admin_tenant: 'admin'
keystone::cron::token_flush::destination: '/dev/null'
keystone::config::keystone_config:
ec2/driver:
value: 'keystone.contrib.ec2.backends.sql.Ec2'
keystone::service_name: 'httpd'
keystone::wsgi::apache::ssl: false
keystone::wsgi::apache::workers: {get_param: KeystoneWorkers}
# override via extraconfig:
keystone::wsgi::apache::threads: 1
keystone::db::database_db_max_retries: -1
keystone::db::database_max_retries: -1
tripleo.keystone.firewall_rules:
'111 keystone':
dport:
- 5000
- 13000
- 35357
- 13357
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
# NOTE: this applies to all 4 bind IP settings below...
keystone::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
keystone::public_bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
step_config: |
include ::tripleo::profile::base::keystone

@ -111,5 +111,11 @@ outputs:
'106 vrrp':
proto: vrrp
neutron::server::router_distributed: {get_param: NeutronEnableDVR}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]}
step_config: |
include tripleo::profile::base::neutron::server

@ -53,5 +53,11 @@ outputs:
neutron::agents::metadata::auth_password: {get_param: NeutronPassword}
neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
neutron::agents::metadata::auth_tenant: 'service'
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
neutron::agents::metadata::metadata_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]}
step_config: |
include tripleo::profile::base::neutron::metadata

@ -30,6 +30,19 @@ parameters:
type: string
default: 'regionOne'
description: Keystone region for endpoint
NeutronMetadataProxySharedSecret:
description: Shared secret to prevent spoofing
type: string
hidden: true
InstanceNameTemplate:
default: 'instance-%08x'
description: Template string to be used to generate instance names
type: string
NovaEnableDBPurge:
default: true
description: |
Whether to create cron job for purging soft deleted rows in Nova database.
type: boolean
resources:
NovaBase:
@ -75,5 +88,16 @@ outputs:
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
nova::keystone::auth::password: {get_param: NovaPassword}
nova::keystone::auth::region: {get_param: KeystoneRegion}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
nova::api::api_bind_address: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
nova::api::instance_name_template: {get_param: InstanceNameTemplate}
nova_enable_db_purge: {get_param: NovaEnableDBPurge}
step_config: |
include tripleo::profile::base::nova::api

@ -95,14 +95,14 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/nova_api'
nova::db::mysql::password: {get_input: nova_password}
nova::db::mysql::password: {get_param: NovaPassword}
nova::db::mysql::user: nova
nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
nova::db::mysql::dbname: nova
nova::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
nova::db::mysql_api::password: {get_input: nova_password}
nova::db::mysql_api::password: {get_param: NovaPassword}
nova::db::mysql_api::user: nova_api
nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
nova::db::mysql_api::dbname: nova_api

@ -46,5 +46,11 @@ outputs:
'[': ''
']': ''
nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
nova::vncproxy::host: {get_param: [ServiceNetMap, NovaApiNetwork]}
step_config: |
include tripleo::profile::base::nova::vncproxy

Loading…
Cancel
Save