flatten the octavia service configurations
This change combines the previous puppet and docker files into a single file that performs the containerized service installation and configuration for the octavia services. With this patch the baremetal version of each respective octavia service has been removed. Related-Blueprint: services-yaml-flattening Change-Id: Icf2856fd261b49a4da1f197c7190c9a18d21e30f
This commit is contained in:
parent
e7db158840
commit
ebc9dd98e0
@ -12,11 +12,11 @@ resource_registry:
|
||||
OS::TripleO::Services::MySQL: ../../deployment/database/mysql-pacemaker-puppet.yaml
|
||||
OS::TripleO::Services::Keepalived: OS::Heat::None
|
||||
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
|
||||
OS::TripleO::Services::OctaviaApi: ../../docker/services/octavia-api.yaml
|
||||
OS::TripleO::Services::OctaviaHousekeeping: ../../docker/services/octavia-housekeeping.yaml
|
||||
OS::TripleO::Services::OctaviaHealthManager: ../../docker/services/octavia-health-manager.yaml
|
||||
OS::TripleO::Services::OctaviaWorker: ../../docker/services/octavia-worker.yaml
|
||||
OS::TripleO::Services::OctaviaDeploymentConfig: ../../docker/services/octavia/octavia-deployment-config.yaml
|
||||
OS::TripleO::Services::OctaviaApi: ../../deployment/octavia/octavia-api-container-puppet.yaml
|
||||
OS::TripleO::Services::OctaviaHousekeeping: ../../deployment/octavia/octavia-housekeeping-container-puppet.yaml
|
||||
OS::TripleO::Services::OctaviaHealthManager: ../../deployment/octavia/octavia-health-manager-container-puppet.yaml
|
||||
OS::TripleO::Services::OctaviaWorker: ../../deployment/octavia/octavia-worker-container-puppet.yaml
|
||||
OS::TripleO::Services::OctaviaDeploymentConfig: ../../deployment/octavia/octavia-deployment-config.yaml
|
||||
OS::TripleO::Services::CinderApi: OS::Heat::None
|
||||
OS::TripleO::Services::CinderBackup: OS::Heat::None
|
||||
OS::TripleO::Services::CinderScheduler: OS::Heat::None
|
||||
|
@ -44,22 +44,58 @@ parameters:
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
OctaviaUserName:
|
||||
description: The username for the Octavia database and keystone accounts.
|
||||
type: string
|
||||
default: 'octavia'
|
||||
OctaviaPassword:
|
||||
description: The password for the Octavia database and keystone accounts.
|
||||
type: string
|
||||
hidden: true
|
||||
OctaviaProjectName:
|
||||
description: The project name for the keystone Octavia account.
|
||||
type: string
|
||||
default: 'service'
|
||||
KeystoneRegion:
|
||||
type: string
|
||||
default: 'regionOne'
|
||||
description: Keystone region for endpoint
|
||||
MonitoringSubscriptionOctaviaApi:
|
||||
default: 'overcloud-octavia-api'
|
||||
type: string
|
||||
OctaviaApiPolicies:
|
||||
description: |
|
||||
A hash of policies to configure for Octavia API.
|
||||
e.g. { octavia-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
||||
default: {}
|
||||
type: json
|
||||
|
||||
conditions:
|
||||
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ./containers-common.yaml
|
||||
type: ../../docker/services/containers-common.yaml
|
||||
|
||||
MySQLClient:
|
||||
type: ../../deployment/database/mysql-client.yaml
|
||||
type: ../database/mysql-client.yaml
|
||||
|
||||
OctaviaApiPuppetBase:
|
||||
type: ../../puppet/services/octavia-api.yaml
|
||||
TLSProxyBase:
|
||||
type: OS::TripleO::Services::TLSProxyBase
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
EnableInternalTLS: {get_param: EnableInternalTLS}
|
||||
|
||||
OctaviaBase:
|
||||
type: ./octavia-base.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
@ -68,8 +104,8 @@ resources:
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
OctaviaFlavor:
|
||||
type: ../../puppet/services/octavia-worker.yaml
|
||||
OctaviaWorker: # provides Nova flavor
|
||||
type: ./octavia-worker-container-puppet.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
@ -82,19 +118,76 @@ outputs:
|
||||
role_data:
|
||||
description: Role data for the Octavia API role.
|
||||
value:
|
||||
service_name: {get_attr: [OctaviaApiPuppetBase, role_data, service_name]}
|
||||
service_name: octavia_api
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- {get_attr: [OctaviaApiPuppetBase, role_data, config_settings]}
|
||||
- {get_attr: [OctaviaFlavor, role_data, config_settings]}
|
||||
- {get_attr: [OctaviaBase, role_data, config_settings]}
|
||||
- {get_attr: [OctaviaWorker, role_data, config_settings]}
|
||||
- get_attr: [TLSProxyBase, role_data, config_settings]
|
||||
- octavia::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
octavia::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
octavia::policy::policies: {get_param: OctaviaApiPolicies}
|
||||
octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
octavia::keystone::authtoken::project_name: {get_param: OctaviaProjectName}
|
||||
octavia::keystone::authtoken::password: {get_param: OctaviaPassword}
|
||||
octavia::api::sync_db: true
|
||||
tripleo::octavia_api::firewall_rules:
|
||||
'120 octavia api':
|
||||
dport:
|
||||
- 9876
|
||||
- 13876
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
tripleo::profile::base::octavia::api::tls_proxy_bind_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
|
||||
tripleo::profile::base::octavia::api::tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
|
||||
tripleo::profile::base::octavia::api::tls_proxy_port:
|
||||
get_param: [EndpointMap, OctaviaInternal, port]
|
||||
# Bind to localhost if internal TLS is enabled, since we put a TLS
|
||||
# proxy in front.
|
||||
octavia::api::host:
|
||||
if:
|
||||
- use_tls_proxy
|
||||
- '127.0.0.1'
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
|
||||
service_config_settings:
|
||||
map_merge:
|
||||
- get_attr: [OctaviaApiPuppetBase, role_data, service_config_settings]
|
||||
- fluentd:
|
||||
tripleo_fluentd_groups_octavia_api:
|
||||
- octavia
|
||||
tripleo_fluentd_sources_octavia_api:
|
||||
- {get_param: OctaviaApiLoggingSource}
|
||||
fluentd:
|
||||
tripleo_fluentd_groups_octavia_api:
|
||||
- octavia
|
||||
tripleo_fluentd_sources_octavia_api:
|
||||
- {get_param: OctaviaApiLoggingSource}
|
||||
keystone:
|
||||
octavia::keystone::auth::tenant: {get_param: OctaviaProjectName}
|
||||
octavia::keystone::auth::public_url: {get_param: [EndpointMap, OctaviaPublic, uri]}
|
||||
octavia::keystone::auth::internal_url: { get_param: [ EndpointMap, OctaviaInternal, uri ] }
|
||||
octavia::keystone::auth::admin_url: { get_param: [ EndpointMap, OctaviaAdmin, uri ] }
|
||||
octavia::keystone::auth::password: {get_param: OctaviaPassword}
|
||||
octavia::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
mysql:
|
||||
octavia::db::mysql::password: {get_param: OctaviaPassword}
|
||||
octavia::db::mysql::user: {get_param: OctaviaUserName}
|
||||
octavia::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
||||
octavia::db::mysql::dbname: octavia
|
||||
octavia::db::mysql::allowed_hosts:
|
||||
- '%'
|
||||
- "%{hiera('mysql_bind_host')}"
|
||||
# BEGIN DOCKER SETTINGS #
|
||||
puppet_config:
|
||||
config_volume: octavia
|
||||
@ -102,7 +195,7 @@ outputs:
|
||||
step_config:
|
||||
list_join:
|
||||
- "\n"
|
||||
- - {get_attr: [OctaviaApiPuppetBase, role_data, step_config]}
|
||||
- - "include tripleo::profile::base::octavia::api"
|
||||
- {get_attr: [MySQLClient, role_data, step_config]}
|
||||
config_image: {get_param: DockerOctaviaConfigImage}
|
||||
kolla_config:
|
||||
@ -133,7 +226,7 @@ outputs:
|
||||
config_volume: octavia
|
||||
puppet_tags: nova_flavor
|
||||
step_config:
|
||||
get_attr: [OctaviaFlavor, role_data, step_config]
|
||||
get_attr: [OctaviaWorker, role_data, step_config]
|
||||
config_image: {get_param: DockerOctaviaConfigImage}
|
||||
volumes:
|
||||
- /var/lib/config-data/puppet-generated/nova/etc/nova:/etc/nova:ro
|
||||
@ -229,7 +322,7 @@ outputs:
|
||||
ignore_errors: true
|
||||
upgrade_tasks: []
|
||||
metadata_settings:
|
||||
get_attr: [OctaviaApiPuppetBase, role_data, metadata_settings]
|
||||
get_attr: [TLSProxyBase, role_data, metadata_settings]
|
||||
post_upgrade_tasks:
|
||||
- when: step|int == 1
|
||||
import_role:
|
215
deployment/octavia/octavia-base.yaml
Normal file
215
deployment/octavia/octavia-base.yaml
Normal file
@ -0,0 +1,215 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
OpenStack Octavia base service. Shared for all Octavia services
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
Debug:
|
||||
type: boolean
|
||||
default: false
|
||||
description: Set to True to enable debugging on all services.
|
||||
OctaviaDebug:
|
||||
default: ''
|
||||
description: Set to True to enable debugging Octavia services.
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
|
||||
EnableConfigPurge:
|
||||
type: boolean
|
||||
default: false
|
||||
description: >
|
||||
Remove configuration that is not generated by TripleO. Used to avoid
|
||||
configuration remnants after upgrades.
|
||||
RpcPort:
|
||||
default: 5672
|
||||
description: The network port for messaging backend
|
||||
type: number
|
||||
RpcUserName:
|
||||
default: guest
|
||||
description: The username for messaging backend
|
||||
type: string
|
||||
RpcPassword:
|
||||
description: The password for messaging backend
|
||||
type: string
|
||||
hidden: true
|
||||
RpcUseSSL:
|
||||
default: false
|
||||
description: >
|
||||
Messaging client subscriber parameter to specify
|
||||
an SSL connection to the messaging host.
|
||||
type: string
|
||||
NotificationDriver:
|
||||
type: string
|
||||
default: 'messagingv2'
|
||||
description: Driver or drivers to handle sending notifications.
|
||||
OctaviaUserName:
|
||||
description: The username for the Octavia database and keystone accounts.
|
||||
type: string
|
||||
default: 'octavia'
|
||||
OctaviaPassword:
|
||||
description: The password for the Octavia database and keystone accounts.
|
||||
type: string
|
||||
hidden: true
|
||||
OctaviaProjectName:
|
||||
description: The project name for the keystone Octavia account.
|
||||
type: string
|
||||
default: 'service'
|
||||
OctaviaCaCertFile:
|
||||
type: string
|
||||
default: '/etc/octavia/certs/ca_01.pem'
|
||||
description: Octavia CA certificate file path.
|
||||
OctaviaCaCert:
|
||||
type: string
|
||||
default: ''
|
||||
description: Octavia CA certificate data. If provided, this will create
|
||||
or update a file on the host with the path provided in
|
||||
OctaviaCaCertFile with the certificate data.
|
||||
OctaviaCaKeyFile:
|
||||
type: string
|
||||
default: '/etc/octavia/certs/private/cakey.pem'
|
||||
description: Octavia CA private key file path.
|
||||
OctaviaCaKey:
|
||||
type: string
|
||||
default: ''
|
||||
description: The private key for the certificate provided in OctaviaCaCert.
|
||||
If provided, this will create or update a file on the host
|
||||
with the path provided in OctaviaCaKeyFile with the key
|
||||
data.
|
||||
OctaviaCaKeyPassphrase:
|
||||
description: CA private key passphrase.
|
||||
type: string
|
||||
hidden: true
|
||||
OctaviaAmphoraImageTag:
|
||||
default: 'amphora-image'
|
||||
description: Glance image tag for identifying the amphora image.
|
||||
type: string
|
||||
OctaviaAmphoraNetworkList:
|
||||
default: []
|
||||
description: List of networks to attach to amphorae.
|
||||
type: comma_delimited_list
|
||||
OctaviaAmphoraSshKeyName:
|
||||
type: string
|
||||
default: 'octavia-ssh-key'
|
||||
description: SSH key name.
|
||||
OctaviaLoadBalancerTopology:
|
||||
default: ''
|
||||
description: Load balancer topology configuration.
|
||||
type: string
|
||||
OctaviaFlavorId:
|
||||
default: '65'
|
||||
description: Nova flavor ID to be used when creating the nova flavor for
|
||||
amphora.
|
||||
type: string
|
||||
OctaviaTimeoutClientData:
|
||||
default: 50000
|
||||
description: Frontend client inactivity timeout.
|
||||
type: number
|
||||
OctaviaTimeoutMemberConnect:
|
||||
default: 5000
|
||||
description: Backend member connection timeout.
|
||||
type: number
|
||||
OctaviaTimeoutMemberData:
|
||||
default: 50000
|
||||
description: Backend member inactivity timeout.
|
||||
type: number
|
||||
OctaviaTimeoutTcpInspect:
|
||||
default: 0
|
||||
description: Time to wait for TCP packets for content inspection.
|
||||
type: number
|
||||
|
||||
conditions:
|
||||
service_debug_unset: {equals : [{get_param: OctaviaDebug}, '']}
|
||||
octavia_ca_cert_unset: {equals: [{get_param: OctaviaCaCert}, '']}
|
||||
octavia_ca_key_unset: {equals: [{get_param: OctaviaCaKey}, '']}
|
||||
octavia_topology_unset: {equals : [{get_param: OctaviaLoadBalancerTopology}, ""]}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Base role data for Octavia services
|
||||
value:
|
||||
service_name: octavia_base
|
||||
config_settings:
|
||||
map_merge:
|
||||
- octavia::logging::debug:
|
||||
if:
|
||||
- service_debug_unset
|
||||
- {get_param: Debug }
|
||||
- {get_param: OctaviaDebug }
|
||||
octavia::purge_config: {get_param: EnableConfigPurge}
|
||||
octavia::notification_driver: {get_param: NotificationDriver}
|
||||
octavia::db::database_connection:
|
||||
make_url:
|
||||
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
|
||||
username: {get_param: OctaviaUserName}
|
||||
password: {get_param: OctaviaPassword}
|
||||
host: {get_param: [EndpointMap, MysqlInternal, host]}
|
||||
path: /octavia
|
||||
query:
|
||||
read_default_file: /etc/my.cnf.d/tripleo.cnf
|
||||
read_default_group: tripleo
|
||||
# TODO(ansmith): remove once p-t-o switches to oslo params
|
||||
octavia::rabbit_use_ssl: {get_param: RpcUseSSL}
|
||||
octavia::rabbit_userid: {get_param: RpcUserName}
|
||||
octavia::rabbit_password: {get_param: RpcPassword}
|
||||
octavia::rabbit_port: {get_param: RpcPort}
|
||||
octavia::service_auth::auth_url: {get_param: [EndpointMap, KeystonePublic, uri]}
|
||||
octavia::service_auth::auth_type: 'password'
|
||||
octavia::service_auth::username: {get_param: OctaviaUserName}
|
||||
octavia::service_auth::password: {get_param: OctaviaPassword}
|
||||
octavia::service_auth::project_name: {get_param: OctaviaProjectName}
|
||||
octavia::service_auth::project_domain_name: 'Default'
|
||||
octavia::service_auth::user_domain_name: 'Default'
|
||||
octavia::service_auth::auth_type: 'password'
|
||||
octavia::certificates::ca_certificate: {get_param: OctaviaCaCertFile}
|
||||
octavia::certificates::ca_private_key: {get_param: OctaviaCaKeyFile}
|
||||
octavia::certificates::ca_private_key_passphrase: {get_param: OctaviaCaKeyPassphrase}
|
||||
octavia::controller::amp_boot_network_list: {get_param: OctaviaAmphoraNetworkList}
|
||||
octavia::controller::amp_flavor_id: {get_param: OctaviaFlavorId}
|
||||
octavia::controller::amp_image_tag: {get_param: OctaviaAmphoraImageTag}
|
||||
octavia::controller::amp_ssh_key_name: {get_param: OctaviaAmphoraSshKeyName}
|
||||
octavia::controller::enable_ssh_access: true
|
||||
octavia::controller::timeout_client_data: {get_param: OctaviaTimeoutClientData}
|
||||
octavia::controller::timeout_member_connect: {get_param: OctaviaTimeoutMemberConnect}
|
||||
octavia::controller::timeout_member_data: {get_param: OctaviaTimeoutMemberData}
|
||||
octavia::controller::timeout_tcp_inspect: {get_param: OctaviaTimeoutTcpInspect}
|
||||
-
|
||||
if:
|
||||
- octavia_topology_unset
|
||||
- {}
|
||||
- octavia::controller::loadbalancer_topology: {get_param: OctaviaLoadBalancerTopology}
|
||||
-
|
||||
if:
|
||||
- octavia_ca_cert_unset
|
||||
- {}
|
||||
- octavia::certificates::ca_certificate_data: {get_param: OctaviaCaCert}
|
||||
-
|
||||
if:
|
||||
- octavia_ca_key_unset
|
||||
- {}
|
||||
- octavia::certificates::ca_private_key_data: {get_param: OctaviaCaKey}
|
@ -45,17 +45,37 @@ parameters:
|
||||
default: false
|
||||
description: Remove package if the service is being disabled during upgrade
|
||||
type: boolean
|
||||
MonitoringSubscriptionOctaviaHealthManager:
|
||||
default: 'overcloud-octavia-health-manager'
|
||||
type: string
|
||||
OctaviaHeartbeatKey:
|
||||
type: string
|
||||
description: Key to identify heartbeat messages for amphorae.
|
||||
hidden: true
|
||||
OctaviaMgmtPortDevName:
|
||||
type: string
|
||||
default: "o-hm0"
|
||||
description: Name of the octavia management network interface using
|
||||
for communication between octavia worker/health-manager
|
||||
with the amphora machine.
|
||||
OctaviaEventStreamerDriver:
|
||||
type: string
|
||||
default: "noop_event_streamer"
|
||||
description: Name of the event streamer driver to use for syncing Octavia
|
||||
and Neutron LBaaS databases. It is highly recommended to
|
||||
disable if one doesn't need to sync the database or is running
|
||||
Octavia in standalone mode by setting to noop_event_streamer.
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ./containers-common.yaml
|
||||
type: ../../docker/services/containers-common.yaml
|
||||
|
||||
MySQLClient:
|
||||
type: ../../deployment/database/mysql-client.yaml
|
||||
type: ../database/mysql-client.yaml
|
||||
|
||||
OctaviaHealthManagerPuppetBase:
|
||||
type: ../../puppet/services/octavia-health-manager.yaml
|
||||
OctaviaBase:
|
||||
type: ./octavia-base.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
@ -68,16 +88,24 @@ outputs:
|
||||
role_data:
|
||||
description: Role data for the Octavia health-manager role.
|
||||
value:
|
||||
service_name: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, service_name]}
|
||||
config_settings: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, config_settings]}
|
||||
service_config_settings:
|
||||
service_name: octavia_health_manager
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaHealthManager}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [OctaviaHealthManagerPuppetBase, role_data, service_config_settings]
|
||||
- fluentd:
|
||||
tripleo_fluentd_groups_octavia_health_manager:
|
||||
- octavia
|
||||
tripleo_fluentd_sources_octavia_health_manager:
|
||||
- {get_param: OctaviaHealthManagerLoggingSource}
|
||||
- get_attr: [OctaviaBase, role_data, config_settings]
|
||||
- octavia::health_manager::heartbeat_key: {get_param: OctaviaHeartbeatKey}
|
||||
octavia::health_manager::event_streamer_driver: {get_param: OctaviaEventStreamerDriver}
|
||||
tripleo::octavia_health_manager::firewall_rules:
|
||||
'200 octavia health manager interface':
|
||||
proto: udp
|
||||
dport: 5555
|
||||
iniface: {get_param: OctaviaMgmtPortDevName}
|
||||
service_config_settings:
|
||||
fluentd:
|
||||
tripleo_fluentd_groups_octavia_health_manager:
|
||||
- octavia
|
||||
tripleo_fluentd_sources_octavia_health_manager:
|
||||
- {get_param: OctaviaHealthManagerLoggingSource}
|
||||
# BEGIN DOCKER SETTINGS #
|
||||
puppet_config:
|
||||
config_volume: octavia
|
||||
@ -85,7 +113,7 @@ outputs:
|
||||
step_config:
|
||||
list_join:
|
||||
- "\n"
|
||||
- - {get_attr: [OctaviaHealthManagerPuppetBase, role_data, step_config]}
|
||||
- - "include tripleo::profile::base::octavia::health_manager"
|
||||
- {get_attr: [MySQLClient, role_data, step_config]}
|
||||
config_image: {get_param: DockerOctaviaConfigImage}
|
||||
kolla_config:
|
@ -41,17 +41,30 @@ parameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
OctaviaAmphoraExpiryAge:
|
||||
default: 0
|
||||
description: The interval in seconds after which an unused Amphora will
|
||||
be considered expired and cleaned up. If left to 0, the
|
||||
configuration will not be set and the system will use
|
||||
the service defaults.
|
||||
type: number
|
||||
MonitoringSubscriptionOctaviaHousekeeping:
|
||||
default: 'overcloud-octavia-housekeeping'
|
||||
type: string
|
||||
|
||||
conditions:
|
||||
amphora_expiry_is_zero: {equals: [{get_param: OctaviaAmphoraExpiryAge}, 0]}
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ./containers-common.yaml
|
||||
type: ../../docker/services/containers-common.yaml
|
||||
|
||||
MySQLClient:
|
||||
type: ../../deployment/database/mysql-client.yaml
|
||||
type: ../database/mysql-client.yaml
|
||||
|
||||
OctaviaHousekeepingPuppetBase:
|
||||
type: ../../puppet/services/octavia-housekeeping.yaml
|
||||
OctaviaBase:
|
||||
type: ./octavia-base.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
@ -64,16 +77,22 @@ outputs:
|
||||
role_data:
|
||||
description: Role data for the Octavia housekeeping role.
|
||||
value:
|
||||
service_name: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, service_name]}
|
||||
config_settings: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, config_settings]}
|
||||
service_config_settings:
|
||||
service_name: octavia_housekeeping
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaHousekeeping}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [OctaviaHousekeepingPuppetBase, role_data, service_config_settings]
|
||||
- fluentd:
|
||||
tripleo_fluentd_groups_octavia_housekeeping:
|
||||
- octavia
|
||||
tripleo_fluentd_sources_octavia_housekeeping:
|
||||
- {get_param: OctaviaHousekeepingLoggingSource}
|
||||
- get_attr: [OctaviaBase, role_data, config_settings]
|
||||
-
|
||||
if:
|
||||
- amphora_expiry_is_zero
|
||||
- {}
|
||||
- octavia::housekeeping::amphora_expiry_age: {get_param: OctaviaAmphoraExpiryAge}
|
||||
service_config_settings:
|
||||
fluentd:
|
||||
tripleo_fluentd_groups_octavia_housekeeping:
|
||||
- octavia
|
||||
tripleo_fluentd_sources_octavia_housekeeping:
|
||||
- {get_param: OctaviaHousekeepingLoggingSource}
|
||||
# BEGIN DOCKER SETTINGS #
|
||||
puppet_config:
|
||||
config_volume: octavia
|
||||
@ -81,7 +100,7 @@ outputs:
|
||||
step_config:
|
||||
list_join:
|
||||
- "\n"
|
||||
- - {get_attr: [OctaviaHousekeepingPuppetBase, role_data, step_config]}
|
||||
- - "include tripleo::profile::base::octavia::housekeeping"
|
||||
- {get_attr: [MySQLClient, role_data, step_config]}
|
||||
config_image: {get_param: DockerOctaviaConfigImage}
|
||||
kolla_config:
|
@ -45,17 +45,52 @@ parameters:
|
||||
default: 'false'
|
||||
description: Set to true to enable package installation at deploy time
|
||||
type: boolean
|
||||
MonitoringSubscriptionOctaviaWorker:
|
||||
default: 'overcloud-octavia-worker'
|
||||
type: string
|
||||
OctaviaFlavorProperties:
|
||||
default:
|
||||
ram : '1024'
|
||||
disk : '3'
|
||||
vcpus : '1'
|
||||
description: Dictionary describing the nova flavor for amphora.
|
||||
type: json
|
||||
OctaviaManageNovaFlavor:
|
||||
default: true
|
||||
description: Configure the nova flavor for the amphora.
|
||||
type: boolean
|
||||
OctaviaClientCertFile:
|
||||
default: '/etc/octavia/certs/client.pem'
|
||||
description: client certificate for amphoras
|
||||
type: string
|
||||
OctaviaClientCert:
|
||||
default: ''
|
||||
description: Client certificate data. If provided, this will create or update
|
||||
a file on the host with the path provided in OctaviaClientCertFile
|
||||
with the certificate data.
|
||||
type: string
|
||||
OctaviaProjectName:
|
||||
description: The project name for the keystone Octavia account.
|
||||
type: string
|
||||
default: 'service'
|
||||
RpcPort:
|
||||
default: 5672
|
||||
description: The network port for messaging backend
|
||||
type: number
|
||||
|
||||
conditions:
|
||||
octavia_client_cert_unset: {equals: [{get_param: OctaviaClientCert}, ""]}
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ./containers-common.yaml
|
||||
type: ../../docker/services/containers-common.yaml
|
||||
|
||||
MySQLClient:
|
||||
type: ../../deployment/database/mysql-client.yaml
|
||||
type: ../database/mysql-client.yaml
|
||||
|
||||
OctaviaWorkerPuppetBase:
|
||||
type: ../../puppet/services/octavia-worker.yaml
|
||||
OctaviaBase:
|
||||
type: ./octavia-base.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
@ -68,16 +103,15 @@ outputs:
|
||||
role_data:
|
||||
description: Role data for the Octavia worker role.
|
||||
value:
|
||||
service_name: {get_attr: [OctaviaWorkerPuppetBase, role_data, service_name]}
|
||||
config_settings: {get_attr: [OctaviaWorkerPuppetBase, role_data, config_settings]}
|
||||
service_name: octavia_worker
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaWorker}
|
||||
config_settings: {get_attr: [OctaviaBase, role_data, config_settings]}
|
||||
service_config_settings:
|
||||
map_merge:
|
||||
- get_attr: [OctaviaWorkerPuppetBase, role_data, service_config_settings]
|
||||
- fluentd:
|
||||
tripleo_fluentd_groups_octavia_worker:
|
||||
- octavia
|
||||
tripleo_fluentd_sources_octavia_worker:
|
||||
- {get_param: OctaviaWorkerLoggingSource}
|
||||
fluentd:
|
||||
tripleo_fluentd_groups_octavia_worker:
|
||||
- octavia
|
||||
tripleo_fluentd_sources_octavia_worker:
|
||||
- {get_param: OctaviaWorkerLoggingSource}
|
||||
# BEGIN DOCKER SETTINGS #
|
||||
puppet_config:
|
||||
config_volume: octavia
|
||||
@ -86,7 +120,7 @@ outputs:
|
||||
list_join:
|
||||
- "\n"
|
||||
- - "['nova_flavor'].each |String $val| { noop_resource($val) }"
|
||||
- {get_attr: [OctaviaWorkerPuppetBase, role_data, step_config]}
|
||||
- "include tripleo::profile::base::octavia::worker"
|
||||
- {get_attr: [MySQLClient, role_data, step_config]}
|
||||
config_image: {get_param: DockerOctaviaConfigImage}
|
||||
kolla_config:
|
||||
@ -130,7 +164,7 @@ outputs:
|
||||
- yaql:
|
||||
expression: str($.data.port)
|
||||
data:
|
||||
port: {get_attr: [OctaviaWorkerPuppetBase, role_data, config_settings, 'octavia::rabbit_port']}
|
||||
port: {get_param: RpcPort}
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
@ -1,9 +1,9 @@
|
||||
resource_registry:
|
||||
OS::TripleO::Services::OctaviaApi: ../../puppet/services/octavia-api.yaml
|
||||
OS::TripleO::Services::OctaviaHousekeeping: ../../puppet/services/octavia-housekeeping.yaml
|
||||
OS::TripleO::Services::OctaviaHealthManager: ../../puppet/services/octavia-health-manager.yaml
|
||||
OS::TripleO::Services::OctaviaWorker: ../../puppet/services/octavia-worker.yaml
|
||||
OS::TripleO::Services::OctaviaDeploymentConfig: ../../puppet/services/octavia/octavia-deployment-config.yaml
|
||||
OS::TripleO::Services::OctaviaApi: ../../deployment/octavia/octavia-api-container-puppet.yaml
|
||||
OS::TripleO::Services::OctaviaHousekeeping: ../../deployment/octavia/octavia-housekeeping-container-puppet.yaml
|
||||
OS::TripleO::Services::OctaviaHealthManager: ../../deployment/octavia/octavia-health-manager-container-puppet.yaml
|
||||
OS::TripleO::Services::OctaviaWorker: ../../deployment/octavia/octavia-worker-container-puppet.yaml
|
||||
OS::TripleO::Services::OctaviaDeploymentConfig: ../../deployment/octavia/octavia-deployment-config.yaml
|
||||
|
||||
parameter_defaults:
|
||||
NeutronEnableForceMetadata: true
|
||||
|
@ -1,9 +1,9 @@
|
||||
resource_registry:
|
||||
OS::TripleO::Services::OctaviaApi: ../../docker/services/octavia-api.yaml
|
||||
OS::TripleO::Services::OctaviaHousekeeping: ../../docker/services/octavia-housekeeping.yaml
|
||||
OS::TripleO::Services::OctaviaHealthManager: ../../docker/services/octavia-health-manager.yaml
|
||||
OS::TripleO::Services::OctaviaWorker: ../../docker/services/octavia-worker.yaml
|
||||
OS::TripleO::Services::OctaviaDeploymentConfig: ../../docker/services/octavia/octavia-deployment-config.yaml
|
||||
OS::TripleO::Services::OctaviaApi: ../../deployment/octavia/octavia-api-container-puppet.yaml
|
||||
OS::TripleO::Services::OctaviaHousekeeping: ../../deployment/octavia/octavia-housekeeping-container-puppet.yaml
|
||||
OS::TripleO::Services::OctaviaHealthManager: ../../deployment/octavia/octavia-health-manager-container-puppet.yaml
|
||||
OS::TripleO::Services::OctaviaWorker: ../../deployment/octavia/octavia-worker-container-puppet.yaml
|
||||
OS::TripleO::Services::OctaviaDeploymentConfig: ../../deployment/octavia/octavia-deployment-config.yaml
|
||||
|
||||
parameter_defaults:
|
||||
NeutronEnableForceMetadata: true
|
||||
|
@ -1,180 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
OpenStack Octavia API service.
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
OctaviaUserName:
|
||||
description: The username for the Octavia database and keystone accounts.
|
||||
type: string
|
||||
default: 'octavia'
|
||||
OctaviaPassword:
|
||||
description: The password for the Octavia database and keystone accounts.
|
||||
type: string
|
||||
hidden: true
|
||||
OctaviaProjectName:
|
||||
description: The project name for the keystone Octavia account.
|
||||
type: string
|
||||
default: 'service'
|
||||
KeystoneRegion:
|
||||
type: string
|
||||
default: 'regionOne'
|
||||
description: Keystone region for endpoint
|
||||
MonitoringSubscriptionOctaviaApi:
|
||||
default: 'overcloud-octavia-api'
|
||||
type: string
|
||||
OctaviaApiLoggingSource:
|
||||
type: json
|
||||
default:
|
||||
tag: openstack.octavia.api
|
||||
path: /var/log/octavia/api.log
|
||||
OctaviaApiPolicies:
|
||||
description: |
|
||||
A hash of policies to configure for Octavia API.
|
||||
e.g. { octavia-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
||||
default: {}
|
||||
type: json
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
conditions:
|
||||
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
resources:
|
||||
|
||||
TLSProxyBase:
|
||||
type: OS::TripleO::Services::TLSProxyBase
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
EnableInternalTLS: {get_param: EnableInternalTLS}
|
||||
|
||||
OctaviaBase:
|
||||
type: ./octavia-base.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
OctaviaController:
|
||||
type: ./octavia-controller.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the Octavia API service.
|
||||
value:
|
||||
service_name: octavia_api
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [OctaviaBase, role_data, config_settings]
|
||||
- get_attr: [OctaviaController, role_data, config_settings]
|
||||
- get_attr: [TLSProxyBase, role_data, config_settings]
|
||||
- octavia::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
octavia::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
octavia::policy::policies: {get_param: OctaviaApiPolicies}
|
||||
octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
octavia::keystone::authtoken::project_name: {get_param: OctaviaProjectName}
|
||||
octavia::keystone::authtoken::password: {get_param: OctaviaPassword}
|
||||
octavia::api::sync_db: true
|
||||
tripleo::octavia_api::firewall_rules:
|
||||
'120 octavia api':
|
||||
dport:
|
||||
- 9876
|
||||
- 13876
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
tripleo::profile::base::octavia::api::tls_proxy_bind_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
|
||||
tripleo::profile::base::octavia::api::tls_proxy_fqdn:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
|
||||
tripleo::profile::base::octavia::api::tls_proxy_port:
|
||||
get_param: [EndpointMap, OctaviaInternal, port]
|
||||
# Bind to localhost if internal TLS is enabled, since we put a TLS
|
||||
# proxy in front.
|
||||
octavia::api::host:
|
||||
if:
|
||||
- use_tls_proxy
|
||||
- '127.0.0.1'
|
||||
- str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
|
||||
step_config: |
|
||||
include tripleo::profile::base::octavia::api
|
||||
service_config_settings:
|
||||
fluentd:
|
||||
tripleo_fluentd_groups_octavia_api:
|
||||
- octavia
|
||||
tripleo_fluentd_sources_octavia_api:
|
||||
- {get_param: OctaviaApiLoggingSource}
|
||||
keystone:
|
||||
octavia::keystone::auth::tenant: {get_param: OctaviaProjectName}
|
||||
octavia::keystone::auth::public_url: {get_param: [EndpointMap, OctaviaPublic, uri]}
|
||||
octavia::keystone::auth::internal_url: { get_param: [ EndpointMap, OctaviaInternal, uri ] }
|
||||
octavia::keystone::auth::admin_url: { get_param: [ EndpointMap, OctaviaAdmin, uri ] }
|
||||
octavia::keystone::auth::password: {get_param: OctaviaPassword}
|
||||
octavia::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
mysql:
|
||||
octavia::db::mysql::password: {get_param: OctaviaPassword}
|
||||
octavia::db::mysql::user: {get_param: OctaviaUserName}
|
||||
octavia::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
||||
octavia::db::mysql::dbname: octavia
|
||||
octavia::db::mysql::allowed_hosts:
|
||||
- '%'
|
||||
- "%{hiera('mysql_bind_host')}"
|
||||
metadata_settings:
|
||||
get_attr: [TLSProxyBase, role_data, metadata_settings]
|
@ -1,164 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
OpenStack Octavia base service. Shared for all Octavia services
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
Debug:
|
||||
type: boolean
|
||||
default: false
|
||||
description: Set to True to enable debugging on all services.
|
||||
OctaviaDebug:
|
||||
default: ''
|
||||
description: Set to True to enable debugging Octavia services.
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
|
||||
EnableConfigPurge:
|
||||
type: boolean
|
||||
default: false
|
||||
description: >
|
||||
Remove configuration that is not generated by TripleO. Used to avoid
|
||||
configuration remnants after upgrades.
|
||||
RpcPort:
|
||||
default: 5672
|
||||
description: The network port for messaging backend
|
||||
type: number
|
||||
RpcUserName:
|
||||
default: guest
|
||||
description: The username for messaging backend
|
||||
type: string
|
||||
RpcPassword:
|
||||
description: The password for messaging backend
|
||||
type: string
|
||||
hidden: true
|
||||
RpcUseSSL:
|
||||
default: false
|
||||
description: >
|
||||
Messaging client subscriber parameter to specify
|
||||
an SSL connection to the messaging host.
|
||||
type: string
|
||||
NotificationDriver:
|
||||
type: string
|
||||
default: 'messagingv2'
|
||||
description: Driver or drivers to handle sending notifications.
|
||||
OctaviaUserName:
|
||||
description: The username for the Octavia database and keystone accounts.
|
||||
type: string
|
||||
default: 'octavia'
|
||||
OctaviaPassword:
|
||||
description: The password for the Octavia database and keystone accounts.
|
||||
type: string
|
||||
hidden: true
|
||||
OctaviaProjectName:
|
||||
description: The project name for the keystone Octavia account.
|
||||
type: string
|
||||
default: 'service'
|
||||
OctaviaCaCertFile:
|
||||
type: string
|
||||
default: '/etc/octavia/certs/ca_01.pem'
|
||||
description: Octavia CA certificate file path.
|
||||
OctaviaCaCert:
|
||||
type: string
|
||||
default: ''
|
||||
description: Octavia CA certificate data. If provided, this will create
|
||||
or update a file on the host with the path provided in
|
||||
OctaviaCaCertFile with the certificate data.
|
||||
OctaviaCaKeyFile:
|
||||
type: string
|
||||
default: '/etc/octavia/certs/private/cakey.pem'
|
||||
description: Octavia CA private key file path.
|
||||
OctaviaCaKey:
|
||||
type: string
|
||||
default: ''
|
||||
description: The private key for the certificate provided in OctaviaCaCert.
|
||||
If provided, this will create or update a file on the host
|
||||
with the path provided in OctaviaCaKeyFile with the key
|
||||
data.
|
||||
OctaviaCaKeyPassphrase:
|
||||
description: CA private key passphrase.
|
||||
type: string
|
||||
hidden: true
|
||||
|
||||
conditions:
|
||||
service_debug_unset: {equals : [{get_param: OctaviaDebug}, '']}
|
||||
octavia_ca_cert_unset: {equals: [{get_param: OctaviaCaCert}, '']}
|
||||
octavia_ca_key_unset: {equals: [{get_param: OctaviaCaKey}, '']}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Base role data for Octavia services
|
||||
value:
|
||||
service_name: octavia_base
|
||||
config_settings:
|
||||
|
||||
map_merge:
|
||||
- octavia::logging::debug:
|
||||
if:
|
||||
- service_debug_unset
|
||||
- {get_param: Debug }
|
||||
- {get_param: OctaviaDebug }
|
||||
octavia::purge_config: {get_param: EnableConfigPurge}
|
||||
octavia::notification_driver: {get_param: NotificationDriver}
|
||||
octavia::db::database_connection:
|
||||
make_url:
|
||||
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
|
||||
username: {get_param: OctaviaUserName}
|
||||
password: {get_param: OctaviaPassword}
|
||||
host: {get_param: [EndpointMap, MysqlInternal, host]}
|
||||
path: /octavia
|
||||
query:
|
||||
read_default_file: /etc/my.cnf.d/tripleo.cnf
|
||||
read_default_group: tripleo
|
||||
# TODO(ansmith): remove once p-t-o switches to oslo params
|
||||
octavia::rabbit_use_ssl: {get_param: RpcUseSSL}
|
||||
octavia::rabbit_userid: {get_param: RpcUserName}
|
||||
octavia::rabbit_password: {get_param: RpcPassword}
|
||||
octavia::rabbit_port: {get_param: RpcPort}
|
||||
octavia::service_auth::auth_url: {get_param: [EndpointMap, KeystonePublic, uri]}
|
||||
octavia::service_auth::auth_type: 'password'
|
||||
octavia::service_auth::username: {get_param: OctaviaUserName}
|
||||
octavia::service_auth::password: {get_param: OctaviaPassword}
|
||||
octavia::service_auth::project_name: {get_param: OctaviaProjectName}
|
||||
octavia::service_auth::project_domain_name: 'Default'
|
||||
octavia::service_auth::user_domain_name: 'Default'
|
||||
octavia::service_auth::auth_type: 'password'
|
||||
octavia::certificates::ca_certificate: {get_param: OctaviaCaCertFile}
|
||||
octavia::certificates::ca_private_key: {get_param: OctaviaCaKeyFile}
|
||||
octavia::certificates::ca_private_key_passphrase: {get_param: OctaviaCaKeyPassphrase}
|
||||
-
|
||||
if:
|
||||
- octavia_ca_cert_unset
|
||||
- {}
|
||||
- octavia::certificates::ca_certificate_data: {get_param: OctaviaCaCert}
|
||||
-
|
||||
if:
|
||||
- octavia_ca_key_unset
|
||||
- {}
|
||||
- octavia::certificates::ca_private_key_data: {get_param: OctaviaCaKey}
|
@ -1,108 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
OpenStack Octavia Worker service.
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
OctaviaAmphoraImageTag:
|
||||
default: 'amphora-image'
|
||||
description: Glance image tag for identifying the amphora image.
|
||||
type: string
|
||||
OctaviaAmphoraNetworkList:
|
||||
default: []
|
||||
description: List of networks to attach to amphorae.
|
||||
type: comma_delimited_list
|
||||
OctaviaAmphoraSshKeyName:
|
||||
type: string
|
||||
default: 'octavia-ssh-key'
|
||||
description: SSH key name.
|
||||
OctaviaLoadBalancerTopology:
|
||||
default: ''
|
||||
description: Load balancer topology configuration.
|
||||
type: string
|
||||
OctaviaFlavorId:
|
||||
default: '65'
|
||||
description: Nova flavor ID to be used when creating the nova flavor for
|
||||
amphora.
|
||||
type: string
|
||||
OctaviaTimeoutClientData:
|
||||
default: 50000
|
||||
description: Frontend client inactivity timeout.
|
||||
type: number
|
||||
OctaviaTimeoutMemberConnect:
|
||||
default: 5000
|
||||
description: Backend member connection timeout.
|
||||
type: number
|
||||
OctaviaTimeoutMemberData:
|
||||
default: 50000
|
||||
description: Backend member inactivity timeout.
|
||||
type: number
|
||||
OctaviaTimeoutTcpInspect:
|
||||
default: 0
|
||||
description: Time to wait for TCP packets for content inspection.
|
||||
type: number
|
||||
|
||||
conditions:
|
||||
octavia_topology_unset: {equals : [{get_param: OctaviaLoadBalancerTopology}, ""]}
|
||||
|
||||
resources:
|
||||
|
||||
OctaviaBase:
|
||||
type: ./octavia-base.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for Octavia controller services.
|
||||
value:
|
||||
service_name: octavia_controller
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [OctaviaBase, role_data, config_settings]
|
||||
- octavia::controller::amp_boot_network_list: {get_param: OctaviaAmphoraNetworkList}
|
||||
octavia::controller::amp_flavor_id: {get_param: OctaviaFlavorId}
|
||||
octavia::controller::amp_image_tag: {get_param: OctaviaAmphoraImageTag}
|
||||
octavia::controller::amp_ssh_key_name: {get_param: OctaviaAmphoraSshKeyName}
|
||||
octavia::controller::enable_ssh_access: true
|
||||
octavia::controller::timeout_client_data: {get_param: OctaviaTimeoutClientData}
|
||||
octavia::controller::timeout_member_connect: {get_param: OctaviaTimeoutMemberConnect}
|
||||
octavia::controller::timeout_member_data: {get_param: OctaviaTimeoutMemberData}
|
||||
octavia::controller::timeout_tcp_inspect: {get_param: OctaviaTimeoutTcpInspect}
|
||||
-
|
||||
if:
|
||||
- octavia_topology_unset
|
||||
- {}
|
||||
- octavia::controller::loadbalancer_topology: {get_param: OctaviaLoadBalancerTopology}
|
||||
|
@ -1,105 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
OpenStack Octavia Health Manager service.
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
MonitoringSubscriptionOctaviaHealthManager:
|
||||
default: 'overcloud-octavia-health-manager'
|
||||
type: string
|
||||
OctaviaHealthManagerLoggingSource:
|
||||
type: json
|
||||
default:
|
||||
tag: openstack.octavia.health-manager
|
||||
path: /var/log/octavia/health-manager.log
|
||||
OctaviaHeartbeatKey:
|
||||
type: string
|
||||
description: Key to identify heartbeat messages for amphorae.
|
||||
hidden: true
|
||||
OctaviaMgmtPortDevName:
|
||||
type: string
|
||||
default: "o-hm0"
|
||||
description: Name of the octavia management network interface using
|
||||
for communication between octavia worker/health-manager
|
||||
with the amphora machine.
|
||||
OctaviaEventStreamerDriver:
|
||||
type: string
|
||||
default: "noop_event_streamer"
|
||||
description: Name of the event streamer driver to use for syncing Octavia
|
||||
and Neutron LBaaS databases. It is highly recommended to
|
||||
disable if one doesn't need to sync the database or is running
|
||||
Octavia in standalone mode by setting to noop_event_streamer.
|
||||
|
||||
resources:
|
||||
|
||||
OctaviaBase:
|
||||
type: ./octavia-base.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
OctaviaController:
|
||||
type: ./octavia-controller.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the Octavia Health Manager service.
|
||||
value:
|
||||
service_name: octavia_health_manager
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaHealthManager}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [OctaviaBase, role_data, config_settings]
|
||||
- get_attr: [OctaviaController, role_data, config_settings]
|
||||
- octavia::health_manager::heartbeat_key: {get_param: OctaviaHeartbeatKey}
|
||||
octavia::health_manager::event_streamer_driver: {get_param: OctaviaEventStreamerDriver}
|
||||
tripleo::octavia_health_manager::firewall_rules:
|
||||
'200 octavia health manager interface':
|
||||
proto: udp
|
||||
dport: 5555
|
||||
iniface: {get_param: OctaviaMgmtPortDevName}
|
||||
service_config_settings:
|
||||
fluentd:
|
||||
tripleo_fluentd_groups_octavia_health_manager:
|
||||
- octavia
|
||||
tripleo_fluentd_sources_octavia_health_manager:
|
||||
- {get_param: OctaviaHealthManagerLoggingSource}
|
||||
step_config: |
|
||||
include tripleo::profile::base::octavia::health_manager
|
@ -1,97 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
OpenStack Octavia Housekeeping service.
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
OctaviaAmphoraExpiryAge:
|
||||
default: 0
|
||||
description: The interval in seconds after which an unused Amphora will
|
||||
be considered expired and cleaned up. If left to 0, the
|
||||
configuration will not be set and the system will use
|
||||
the service defaults.
|
||||
type: number
|
||||
MonitoringSubscriptionOctaviaHousekeeping:
|
||||
default: 'overcloud-octavia-housekeeping'
|
||||
type: string
|
||||
OctaviaHousekeepingLoggingSource:
|
||||
type: json
|
||||
default:
|
||||
tag: openstack.octavia.housekeeping
|
||||
path: /var/log/octavia/housekeeping.log
|
||||
|
||||
conditions:
|
||||
amphora_expiry_is_zero: {equals: [{get_param: OctaviaAmphoraExpiryAge}, 0]}
|
||||
|
||||
|
||||
resources:
|
||||
|
||||
OctaviaBase:
|
||||
type: ./octavia-base.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
OctaviaController:
|
||||
type: ./octavia-controller.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the Octavia Housekeeping service.
|
||||
value:
|
||||
service_name: octavia_housekeeping
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaHousekeeping}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [OctaviaBase, role_data, config_settings]
|
||||
- get_attr: [OctaviaController, role_data, config_settings]
|
||||
-
|
||||
if:
|
||||
- amphora_expiry_is_zero
|
||||
- {}
|
||||
- octavia::housekeeping::amphora_expiry_age: {get_param: OctaviaAmphoraExpiryAge}
|
||||
service_config_settings:
|
||||
fluentd:
|
||||
tripleo_fluentd_groups_octavia_housekeeping:
|
||||
- octavia
|
||||
tripleo_fluentd_sources_octavia_housekeeping:
|
||||
- {get_param: OctaviaHousekeepingLoggingSource}
|
||||
step_config: |
|
||||
include tripleo::profile::base::octavia::housekeeping
|
@ -1,121 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
OpenStack Octavia Worker service.
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
MonitoringSubscriptionOctaviaWorker:
|
||||
default: 'overcloud-octavia-worker'
|
||||
type: string
|
||||
OctaviaWorkerLoggingSource:
|
||||
type: json
|
||||
default:
|
||||
tag: openstack.octavia.worker
|
||||
path: /var/log/octavia/worker.log
|
||||
OctaviaFlavorProperties:
|
||||
default:
|
||||
ram : '1024'
|
||||
disk : '3'
|
||||
vcpus : '1'
|
||||
description: Dictionary describing the nova flavor for amphora.
|
||||
type: json
|
||||
OctaviaManageNovaFlavor:
|
||||
default: true
|
||||
description: Configure the nova flavor for the amphora.
|
||||
type: boolean
|
||||
OctaviaClientCertFile:
|
||||
default: '/etc/octavia/certs/client.pem'
|
||||
description: client certificate for amphoras
|
||||
type: string
|
||||
OctaviaClientCert:
|
||||
default: ''
|
||||
description: Client certificate data. If provided, this will create or update
|
||||
a file on the host with the path provided in OctaviaClientCertFile
|
||||
with the certificate data.
|
||||
type: string
|
||||
OctaviaProjectName:
|
||||
description: The project name for the keystone Octavia account.
|
||||
type: string
|
||||
default: 'service'
|
||||
|
||||
conditions:
|
||||
octavia_client_cert_unset: {equals: [{get_param: OctaviaClientCert}, ""]}
|
||||
|
||||
resources:
|
||||
|
||||
OctaviaBase:
|
||||
type: ./octavia-base.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
OctaviaController:
|
||||
type: ./octavia-controller.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the Octavia Worker service.
|
||||
value:
|
||||
service_name: octavia_worker
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaWorker}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [OctaviaBase, role_data, config_settings]
|
||||
- get_attr: [OctaviaController, role_data, config_settings]
|
||||
- octavia::worker::amp_project_name: {get_param: OctaviaProjectName}
|
||||
octavia::worker::nova_flavor_config: {get_param: OctaviaFlavorProperties}
|
||||
octavia::worker::manage_nova_flavor: {get_param: OctaviaManageNovaFlavor}
|
||||
octavia::worker::nova_flavor_config: {get_param: OctaviaFlavorProperties}
|
||||
octavia::certificates::client_cert: {get_param: OctaviaClientCertFile}
|
||||
-
|
||||
if:
|
||||
- octavia_client_cert_unset
|
||||
- {}
|
||||
- octavia::certificates::client_cert_data: {get_param: OctaviaClientCert}
|
||||
|
||||
service_config_settings:
|
||||
fluentd:
|
||||
tripleo_fluentd_groups_octavia_worker:
|
||||
- octavia
|
||||
tripleo_fluentd_sources_octavia_worker:
|
||||
- {get_param: OctaviaWorkerLoggingSource}
|
||||
step_config: |
|
||||
include tripleo::profile::base::octavia::worker
|
||||
|
@ -259,7 +259,7 @@ CONFIG_RESOURCE_TYPES = [
|
||||
]
|
||||
|
||||
WORKFLOW_TASKS_EXCLUSIONS = [
|
||||
'./docker/services/octavia/octavia-deployment-config.yaml',
|
||||
'./deployment/octavia/octavia-deployment-config.yaml',
|
||||
'./docker/services/ceph-ansible/ceph-external.yaml',
|
||||
'./docker/services/ceph-ansible/ceph-osd.yaml',
|
||||
'./docker/services/ceph-ansible/ceph-rbdmirror.yaml',
|
||||
|
Loading…
Reference in New Issue
Block a user