Merge "Simplify octavia service templates"
This commit is contained in:
commit
fbd67550ea
@ -88,14 +88,7 @@ parameters:
|
||||
description: Set to false if the driver agent needs to be disabled for some reason.
|
||||
type: boolean
|
||||
|
||||
conditions:
|
||||
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
|
||||
enable_driver_agent: {equals: [{get_param: OctaviaEnableDriverAgent}, true]}
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
@ -203,12 +196,9 @@ outputs:
|
||||
- list_concat:
|
||||
- - 'amphora: The Octavia Amphora driver.'
|
||||
- 'octavia: Deprecated alias of the Octavia Amphora driver.'
|
||||
-
|
||||
if:
|
||||
- enable_driver_agent
|
||||
- if:
|
||||
- {get_param: OctaviaEnableDriverAgent}
|
||||
- {get_attr: [OctaviaProviderConfig, role_data, provider_driver_labels]}
|
||||
- []
|
||||
|
||||
service_config_settings:
|
||||
rsyslog:
|
||||
tripleo_logging_sources_octavia_api:
|
||||
@ -345,25 +335,20 @@ outputs:
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/octavia_api.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- - /var/lib/kolla/config_files/octavia_api.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/octavia:/var/lib/kolla/config_files/src:ro
|
||||
- /var/log/containers/octavia:/var/log/octavia:z
|
||||
- /run/octavia:/run/octavia:shared,z
|
||||
- /var/log/containers/httpd/octavia-api:/var/log/httpd:z
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- {get_param: EnableInternalTLS}
|
||||
- - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
||||
- []
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
||||
- []
|
||||
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
||||
- {get_attr: [OctaviaProviderConfig, role_data, volumes]}
|
||||
environment:
|
||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||
- if:
|
||||
- enable_driver_agent
|
||||
- {get_param: OctaviaEnableDriverAgent}
|
||||
- octavia_driver_agent:
|
||||
start_order: 2
|
||||
image: *octavia_api_image
|
||||
@ -373,15 +358,12 @@ outputs:
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/octavia_driver_agent.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- - /var/lib/kolla/config_files/octavia_driver_agent.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/octavia:/var/lib/kolla/config_files/src:ro
|
||||
- /var/log/containers/octavia:/var/log/octavia:z
|
||||
- /run/octavia:/run/octavia:shared,z
|
||||
environment:
|
||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||
- {}
|
||||
|
||||
host_prep_tasks:
|
||||
- name: create persistent directories
|
||||
file:
|
||||
|
@ -208,11 +208,14 @@ parameters:
|
||||
type: boolean
|
||||
|
||||
conditions:
|
||||
octavia_ca_cert_unset: {equals: [{get_param: OctaviaCaCert}, '']}
|
||||
octavia_ca_key_unset: {equals: [{get_param: OctaviaCaKey}, '']}
|
||||
octavia_client_cert_unset: {equals: [{get_param: OctaviaClientCert}, '']}
|
||||
octavia_topology_unset: {equals : [{get_param: OctaviaLoadBalancerTopology}, ""]}
|
||||
enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]}
|
||||
octavia_ca_cert_set:
|
||||
not: {equals: [{get_param: OctaviaCaCert}, '']}
|
||||
octavia_ca_key_set:
|
||||
not: {equals: [{get_param: OctaviaCaKey}, '']}
|
||||
octavia_client_cert_set:
|
||||
not: {equals: [{get_param: OctaviaClientCert}, '']}
|
||||
octavia_topology_set:
|
||||
not: {equals : [{get_param: OctaviaLoadBalancerTopology}, '']}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
@ -220,88 +223,80 @@ outputs:
|
||||
value:
|
||||
service_name: octavia_base
|
||||
config_settings:
|
||||
map_merge:
|
||||
- octavia::logging::debug:
|
||||
octavia::logging::debug:
|
||||
if:
|
||||
- {get_param: OctaviaDebug}
|
||||
- true
|
||||
- {get_param: Debug}
|
||||
octavia::purge_config: {get_param: EnableConfigPurge}
|
||||
octavia::notification_driver: {get_param: NotificationDriver}
|
||||
octavia::db::database_connection:
|
||||
make_url:
|
||||
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
|
||||
username: {get_param: OctaviaUserName}
|
||||
password: {get_param: OctaviaPassword}
|
||||
host: {get_param: [EndpointMap, MysqlInternal, host]}
|
||||
path: /octavia
|
||||
query:
|
||||
if:
|
||||
- {get_param: OctaviaDebug}
|
||||
- true
|
||||
- {get_param: Debug}
|
||||
octavia::purge_config: {get_param: EnableConfigPurge}
|
||||
octavia::notification_driver: {get_param: NotificationDriver}
|
||||
octavia::db::database_connection:
|
||||
make_url:
|
||||
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
|
||||
username: {get_param: OctaviaUserName}
|
||||
password: {get_param: OctaviaPassword}
|
||||
host: {get_param: [EndpointMap, MysqlInternal, host]}
|
||||
path: /octavia
|
||||
query:
|
||||
if:
|
||||
- enable_sqlalchemy_collectd
|
||||
-
|
||||
read_default_file: /etc/my.cnf.d/tripleo.cnf
|
||||
read_default_group: tripleo
|
||||
plugin: collectd
|
||||
collectd_program_name: octavia
|
||||
collectd_host: localhost
|
||||
-
|
||||
read_default_file: /etc/my.cnf.d/tripleo.cnf
|
||||
read_default_group: tripleo
|
||||
|
||||
octavia::service_auth::auth_url: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
|
||||
octavia::service_auth::auth_type: 'password'
|
||||
octavia::service_auth::username: {get_param: OctaviaUserName}
|
||||
octavia::service_auth::password: {get_param: OctaviaPassword}
|
||||
octavia::service_auth::project_name: {get_param: OctaviaProjectName}
|
||||
octavia::service_auth::project_domain_name: 'Default'
|
||||
octavia::service_auth::user_domain_name: 'Default'
|
||||
octavia::service_auth::region_name: {get_param: KeystoneRegion}
|
||||
octavia::certificates::ca_certificate: {get_param: OctaviaCaCertFile}
|
||||
octavia::certificates::ca_private_key: {get_param: OctaviaCaKeyFile}
|
||||
octavia::certificates::client_cert: {get_param: OctaviaClientCertFile}
|
||||
octavia::certificates::server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase}
|
||||
octavia::certificates::ca_private_key_passphrase: {get_param: OctaviaCaKeyPassphrase}
|
||||
octavia::controller::amp_boot_network_list: {get_param: OctaviaAmphoraNetworkList}
|
||||
octavia::controller::amp_flavor_id: {get_param: OctaviaFlavorId}
|
||||
octavia::controller::amp_image_tag: {get_param: OctaviaAmphoraImageTag}
|
||||
octavia::controller::amp_ssh_key_name: {get_param: OctaviaAmphoraSshKeyName}
|
||||
octavia::controller::enable_ssh_access: true
|
||||
octavia::controller::timeout_client_data: {get_param: OctaviaTimeoutClientData}
|
||||
octavia::controller::timeout_member_connect: {get_param: OctaviaTimeoutMemberConnect}
|
||||
octavia::controller::timeout_member_data: {get_param: OctaviaTimeoutMemberData}
|
||||
octavia::controller::timeout_tcp_inspect: {get_param: OctaviaTimeoutTcpInspect}
|
||||
octavia::controller::connection_max_retries: {get_param: OctaviaConnectionMaxRetries}
|
||||
octavia::controller::connection_logging: {get_param: OctaviaConnectionLogging}
|
||||
octavia::controller::build_active_retries: {get_param: OctaviaBuildActiveRetries}
|
||||
octavia::controller::port_detach_timeout: {get_param: OctaviaPortDetachTimeout}
|
||||
octavia::controller::admin_log_targets: {get_param: OctaviaAdminLogTargets}
|
||||
octavia::controller::administrative_log_facility: {get_param: OctaviaAdminLogFacility}
|
||||
octavia::controller::forward_all_logs: {get_param: OctaviaForwardAllLogs}
|
||||
octavia::controller::tenant_log_targets: {get_param: OctaviaTenantLogTargets}
|
||||
octavia::controller::user_log_facility: {get_param: OctaviaTenantLogFacility}
|
||||
octavia::controller::user_log_format: {get_param: OctaviaUserLogFormat}
|
||||
octavia::controller::disable_local_log_storage: {get_param: OctaviaDisableLocalLogStorage}
|
||||
octavia::nova::enable_anti_affinity: {get_param: OctaviaAntiAffinity}
|
||||
-
|
||||
if:
|
||||
- octavia_topology_unset
|
||||
- {}
|
||||
- octavia::controller::loadbalancer_topology: {get_param: OctaviaLoadBalancerTopology}
|
||||
-
|
||||
if:
|
||||
- octavia_ca_cert_unset
|
||||
- {}
|
||||
- octavia::certificates::ca_certificate_data: {get_param: OctaviaCaCert}
|
||||
-
|
||||
if:
|
||||
- octavia_ca_key_unset
|
||||
- {}
|
||||
- octavia::certificates::ca_private_key_data: {get_param: OctaviaCaKey}
|
||||
-
|
||||
if:
|
||||
- octavia_client_cert_unset
|
||||
- {}
|
||||
- octavia::certificates::client_cert_data: {get_param: OctaviaClientCert}
|
||||
- {get_param: EnableSQLAlchemyCollectd}
|
||||
- read_default_file: /etc/my.cnf.d/tripleo.cnf
|
||||
read_default_group: tripleo
|
||||
plugin: collectd
|
||||
collectd_program_name: octavia
|
||||
collectd_host: localhost
|
||||
- read_default_file: /etc/my.cnf.d/tripleo.cnf
|
||||
read_default_group: tripleo
|
||||
octavia::service_auth::auth_url: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
|
||||
octavia::service_auth::auth_type: 'password'
|
||||
octavia::service_auth::username: {get_param: OctaviaUserName}
|
||||
octavia::service_auth::password: {get_param: OctaviaPassword}
|
||||
octavia::service_auth::project_name: {get_param: OctaviaProjectName}
|
||||
octavia::service_auth::project_domain_name: 'Default'
|
||||
octavia::service_auth::user_domain_name: 'Default'
|
||||
octavia::service_auth::region_name: {get_param: KeystoneRegion}
|
||||
octavia::certificates::ca_certificate: {get_param: OctaviaCaCertFile}
|
||||
octavia::certificates::ca_private_key: {get_param: OctaviaCaKeyFile}
|
||||
octavia::certificates::client_cert: {get_param: OctaviaClientCertFile}
|
||||
octavia::certificates::server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase}
|
||||
octavia::certificates::ca_private_key_passphrase: {get_param: OctaviaCaKeyPassphrase}
|
||||
octavia::controller::amp_boot_network_list: {get_param: OctaviaAmphoraNetworkList}
|
||||
octavia::controller::amp_flavor_id: {get_param: OctaviaFlavorId}
|
||||
octavia::controller::amp_image_tag: {get_param: OctaviaAmphoraImageTag}
|
||||
octavia::controller::amp_ssh_key_name: {get_param: OctaviaAmphoraSshKeyName}
|
||||
octavia::controller::enable_ssh_access: true
|
||||
octavia::controller::timeout_client_data: {get_param: OctaviaTimeoutClientData}
|
||||
octavia::controller::timeout_member_connect: {get_param: OctaviaTimeoutMemberConnect}
|
||||
octavia::controller::timeout_member_data: {get_param: OctaviaTimeoutMemberData}
|
||||
octavia::controller::timeout_tcp_inspect: {get_param: OctaviaTimeoutTcpInspect}
|
||||
octavia::controller::connection_max_retries: {get_param: OctaviaConnectionMaxRetries}
|
||||
octavia::controller::connection_logging: {get_param: OctaviaConnectionLogging}
|
||||
octavia::controller::build_active_retries: {get_param: OctaviaBuildActiveRetries}
|
||||
octavia::controller::port_detach_timeout: {get_param: OctaviaPortDetachTimeout}
|
||||
octavia::controller::admin_log_targets: {get_param: OctaviaAdminLogTargets}
|
||||
octavia::controller::administrative_log_facility: {get_param: OctaviaAdminLogFacility}
|
||||
octavia::controller::forward_all_logs: {get_param: OctaviaForwardAllLogs}
|
||||
octavia::controller::tenant_log_targets: {get_param: OctaviaTenantLogTargets}
|
||||
octavia::controller::user_log_facility: {get_param: OctaviaTenantLogFacility}
|
||||
octavia::controller::user_log_format: {get_param: OctaviaUserLogFormat}
|
||||
octavia::controller::disable_local_log_storage: {get_param: OctaviaDisableLocalLogStorage}
|
||||
octavia::nova::enable_anti_affinity: {get_param: OctaviaAntiAffinity}
|
||||
octavia::controller::loadbalancer_topology:
|
||||
if:
|
||||
- octavia_topology_set
|
||||
- {get_param: OctaviaLoadBalancerTopology}
|
||||
octavia::certificates::ca_certificate_data:
|
||||
if:
|
||||
- octavia_ca_cert_set
|
||||
- {get_param: OctaviaCaCert}
|
||||
octavia::certificates::ca_private_key_data:
|
||||
if:
|
||||
- octavia_ca_key_set
|
||||
- {get_param: OctaviaCaKey}
|
||||
octavia::certificates::client_cert_data:
|
||||
if:
|
||||
- octavia_client_cert_set
|
||||
- {get_param: OctaviaClientCert}
|
||||
update_tasks: &ensure_start_up_files
|
||||
- name: make sure that post-deploy.conf exists before restarting containers on update or upgrade
|
||||
when: step|int == 5
|
||||
|
@ -207,53 +207,6 @@ resources:
|
||||
type: OS::Nova::KeyPair
|
||||
external_id: default
|
||||
{% endif %}
|
||||
OctaviaVars:
|
||||
type: OS::Heat::Value
|
||||
properties:
|
||||
type: json
|
||||
value:
|
||||
vars:
|
||||
os_auth_type: "password"
|
||||
os_identity_api_version: "3"
|
||||
amp_image_name: { get_param: OctaviaAmphoraImageName }
|
||||
amp_image_filename: {get_param: OctaviaAmphoraImageFilename }
|
||||
amp_image_tag: { get_param: OctaviaAmphoraImageTag }
|
||||
amp_hw_arch: { get_param: OctaviaAmphoraImageArchitecture }
|
||||
amp_ssh_key_name: { get_param: OctaviaAmphoraSshKeyName }
|
||||
amp_ssh_key_path: { get_param: OctaviaAmphoraSshKeyFile }
|
||||
{% if not octavia_standalone %}
|
||||
amp_ssh_key_data: { get_attr: [default_key_pair, public_key] }
|
||||
{% endif %}
|
||||
{% raw %}
|
||||
amp_to_raw: {if: [octavia_raw_image_check, true, false]}
|
||||
auth_username: { get_param: OctaviaUserName }
|
||||
auth_password: { get_param: OctaviaPassword }
|
||||
auth_project_name: { get_param: OctaviaProjectName }
|
||||
lb_mgmt_net_name: { get_param: OctaviaControlNetwork }
|
||||
lb_mgmt_subnet_name: { get_param: OctaviaControlSubnet }
|
||||
lb_sec_group_name: { get_param: OctaviaControlSubnet }
|
||||
lb_mgmt_subnet_cidr: { get_param: OctaviaControlSubnetCidr }
|
||||
lb_mgmt_subnet_gateway: { get_param: OctaviaControlSubnetGateway }
|
||||
lb_mgmt_subnet_pool_start: { get_param: OctaviaControlSubnetPoolStart }
|
||||
lb_mgmt_subnet_pool_end: { get_param: OctaviaControlSubnetPoolEnd }
|
||||
ca_cert_path: { get_param: OctaviaCaCertFile }
|
||||
ca_private_key_path: { get_param: OctaviaCaKeyFile }
|
||||
server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase}
|
||||
ca_passphrase: { get_param: OctaviaCaKeyPassphrase }
|
||||
client_cert_path: { get_param: OctaviaClientCertFile }
|
||||
generate_certs: { get_param: OctaviaGenerateCerts }
|
||||
mgmt_port_dev: { get_param: OctaviaMgmtPortDevName }
|
||||
os_password: { get_param: AdminPassword }
|
||||
os_project_name: 'admin'
|
||||
os_username: 'admin'
|
||||
octavia_ansible_playbook: '/usr/share/ansible/tripleo-playbooks/octavia-files.yaml'
|
||||
os_auth_url: { get_param: [EndpointMap, KeystoneV3Public, uri] }
|
||||
os_int_auth_url: { get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
octavia_local_tmpdir: "{{playbook_dir}}/octavia-ansible/local_dir"
|
||||
octavia_group_vars_dir: "{{playbook_dir}}/octavia-ansible/group_vars"
|
||||
container_cli: { get_param: ContainerCli }
|
||||
enable_log_offloading: { get_param: OctaviaLogOffload }
|
||||
stack_action: { get_param: StackAction }
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
@ -272,7 +225,48 @@ outputs:
|
||||
block:
|
||||
- name: Set up group_vars
|
||||
set_fact:
|
||||
octavia_ansible_group_vars: { get_attr: [OctaviaVars, value, vars] }
|
||||
octavia_ansible_group_vars:
|
||||
os_auth_type: "password"
|
||||
os_identity_api_version: "3"
|
||||
amp_image_name: { get_param: OctaviaAmphoraImageName }
|
||||
amp_image_filename: {get_param: OctaviaAmphoraImageFilename }
|
||||
amp_image_tag: { get_param: OctaviaAmphoraImageTag }
|
||||
amp_hw_arch: { get_param: OctaviaAmphoraImageArchitecture }
|
||||
amp_ssh_key_name: { get_param: OctaviaAmphoraSshKeyName }
|
||||
amp_ssh_key_path: { get_param: OctaviaAmphoraSshKeyFile }
|
||||
{% if not octavia_standalone %}
|
||||
amp_ssh_key_data: { get_attr: [default_key_pair, public_key] }
|
||||
{% endif %}
|
||||
amp_to_raw: {if: [octavia_raw_image_check, true, false]}
|
||||
auth_username: { get_param: OctaviaUserName }
|
||||
auth_password: { get_param: OctaviaPassword }
|
||||
auth_project_name: { get_param: OctaviaProjectName }
|
||||
lb_mgmt_net_name: { get_param: OctaviaControlNetwork }
|
||||
lb_mgmt_subnet_name: { get_param: OctaviaControlSubnet }
|
||||
lb_sec_group_name: { get_param: OctaviaControlSubnet }
|
||||
lb_mgmt_subnet_cidr: { get_param: OctaviaControlSubnetCidr }
|
||||
lb_mgmt_subnet_gateway: { get_param: OctaviaControlSubnetGateway }
|
||||
lb_mgmt_subnet_pool_start: { get_param: OctaviaControlSubnetPoolStart }
|
||||
lb_mgmt_subnet_pool_end: { get_param: OctaviaControlSubnetPoolEnd }
|
||||
ca_cert_path: { get_param: OctaviaCaCertFile }
|
||||
ca_private_key_path: { get_param: OctaviaCaKeyFile }
|
||||
server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase}
|
||||
ca_passphrase: { get_param: OctaviaCaKeyPassphrase }
|
||||
client_cert_path: { get_param: OctaviaClientCertFile }
|
||||
generate_certs: { get_param: OctaviaGenerateCerts }
|
||||
mgmt_port_dev: { get_param: OctaviaMgmtPortDevName }
|
||||
os_password: { get_param: AdminPassword }
|
||||
os_project_name: 'admin'
|
||||
os_username: 'admin'
|
||||
octavia_ansible_playbook: '/usr/share/ansible/tripleo-playbooks/octavia-files.yaml'
|
||||
os_auth_url: { get_param: [EndpointMap, KeystoneV3Public, uri] }
|
||||
os_int_auth_url: { get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
{% raw %}
|
||||
octavia_local_tmpdir: "{{playbook_dir}}/octavia-ansible/local_dir"
|
||||
octavia_group_vars_dir: "{{playbook_dir}}/octavia-ansible/group_vars"
|
||||
container_cli: { get_param: ContainerCli }
|
||||
enable_log_offloading: { get_param: OctaviaLogOffload }
|
||||
stack_action: { get_param: StackAction }
|
||||
no_log: "{{ hide_sensitive_logs | bool }}"
|
||||
- name: Make needed directories on the undercloud
|
||||
become: true
|
||||
@ -297,11 +291,9 @@ outputs:
|
||||
content: |
|
||||
octavia_nodes:
|
||||
hosts:
|
||||
|
||||
{%- set octavia_groups = ['worker'] -%}
|
||||
{%- for octavia_group in octavia_groups -%}
|
||||
{%- if 'octavia_' ~ octavia_groups %}
|
||||
|
||||
{% for host in groups['octavia_' ~ octavia_group] -%}
|
||||
{{ hostvars.raw_get(host)['ansible_facts']['hostname'] | lower}}:
|
||||
ansible_user: {{ hostvars.raw_get(host)['ansible_ssh_user'] | default('heat-admin') }}
|
||||
@ -309,10 +301,8 @@ outputs:
|
||||
canonical_hostname: {{ hostvars.raw_get(host)['canonical_hostname'] | default(host) | lower }}
|
||||
ansible_become: true
|
||||
{% endfor %}
|
||||
|
||||
{%- endif -%}
|
||||
{%- endfor %}
|
||||
|
||||
Undercloud:
|
||||
hosts:
|
||||
{% for host in groups['Undercloud'] -%}
|
||||
|
@ -61,12 +61,7 @@ parameters:
|
||||
the controller logs.
|
||||
type: boolean
|
||||
|
||||
conditions:
|
||||
|
||||
log_offload_enabled: {equals: [{get_param: OctaviaLogOffload}, true]}
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
@ -167,14 +162,13 @@ outputs:
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/octavia_health_manager.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- - /var/lib/kolla/config_files/octavia_health_manager.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/octavia:/var/lib/kolla/config_files/src:ro
|
||||
- /var/log/containers/octavia:/var/log/octavia:z
|
||||
environment:
|
||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||
- if:
|
||||
- log_offload_enabled
|
||||
- {get_param: OctaviaLogOffload}
|
||||
- octavia_rsyslog:
|
||||
start_order: 2
|
||||
image: {get_param: ContainerOctaviaRsyslogImage}
|
||||
@ -190,7 +184,6 @@ outputs:
|
||||
- /var/log/containers/octavia-amphorae:/var/log/octavia:z
|
||||
environment:
|
||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||
- {}
|
||||
update_tasks: {get_attr: [OctaviaBase, role_data, update_tasks]}
|
||||
upgrade_tasks: {get_attr: [OctaviaBase, role_data, upgrade_tasks]}
|
||||
host_prep_tasks:
|
||||
|
@ -50,10 +50,10 @@ parameters:
|
||||
type: string
|
||||
|
||||
conditions:
|
||||
amphora_expiry_is_zero: {equals: [{get_param: OctaviaAmphoraExpiryAge}, 0]}
|
||||
amphora_expiry_set:
|
||||
not: {equals: [{get_param: OctaviaAmphoraExpiryAge}, 0]}
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
@ -78,10 +78,8 @@ outputs:
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [OctaviaBase, role_data, config_settings]
|
||||
-
|
||||
if:
|
||||
- amphora_expiry_is_zero
|
||||
- {}
|
||||
- if:
|
||||
- amphora_expiry_set
|
||||
- octavia::housekeeping::amphora_expiry_age: {get_param: OctaviaAmphoraExpiryAge}
|
||||
service_config_settings:
|
||||
rsyslog:
|
||||
@ -137,8 +135,7 @@ outputs:
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/octavia_housekeeping.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- - /var/lib/kolla/config_files/octavia_housekeeping.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/octavia:/var/lib/kolla/config_files/src:ro
|
||||
- /var/log/containers/octavia:/var/log/octavia:z
|
||||
environment:
|
||||
|
@ -47,7 +47,6 @@ parameters:
|
||||
type: string
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
@ -124,8 +123,7 @@ outputs:
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/octavia_worker.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- - /var/lib/kolla/config_files/octavia_worker.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/octavia:/var/lib/kolla/config_files/src:ro
|
||||
- /var/log/containers/octavia:/var/log/octavia:z
|
||||
environment:
|
||||
|
@ -54,12 +54,12 @@ parameters:
|
||||
certificate for this service
|
||||
|
||||
conditions:
|
||||
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
is_ovn_in_neutron_mechanism_driver: {contains: ['ovn', {get_param: NeutronMechanismDrivers}]}
|
||||
ovn_and_tls: {and: [is_ovn_in_neutron_mechanism_driver, internal_tls_enabled]}
|
||||
octavia_provider_ovn_protocol_unset: {equals: [{get_param: OctaviaOvnProviderProtocol}, '']}
|
||||
key_size_override_unset: {equals: [{get_param: OctaviaCertificateKeySize}, '']}
|
||||
ovn_and_tls: {and: [is_ovn_in_neutron_mechanism_driver, {get_param: EnableInternalTLS}]}
|
||||
octavia_provider_ovn_protocol_set:
|
||||
not: {equals: [{get_param: OctaviaOvnProviderProtocol}, '']}
|
||||
key_size_override_set:
|
||||
not: {equals: [{get_param: OctaviaCertificateKeySize}, '']}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
@ -67,26 +67,23 @@ outputs:
|
||||
value:
|
||||
config_settings:
|
||||
map_merge:
|
||||
-
|
||||
if:
|
||||
- octavia_provider_ovn_protocol_unset
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- if:
|
||||
- octavia_provider_ovn_protocol_set
|
||||
- tripleo::profile::base::octavia::provider::ovn::protocol: {get_param: OctaviaOvnProviderProtocol}
|
||||
- if:
|
||||
- {get_param: EnableInternalTLS}
|
||||
- tripleo::profile::base::octavia::provider::ovn::protocol: 'ssl'
|
||||
- tripleo::profile::base::octavia::provider::ovn::protocol: 'tcp'
|
||||
- tripleo::profile::base::octavia::provider::ovn::protocol: {get_param: OctaviaOvnProviderProtocol}
|
||||
- if:
|
||||
- if:
|
||||
- ovn_and_tls
|
||||
- tripleo::profile::base::octavia::provider::ovn::ovn_nb_ca_cert: {get_param: InternalTLSCAFile}
|
||||
tripleo::profile::base::octavia::provider::ovn::ovn_nb_certificate: '/etc/pki/tls/certs/ovn_octavia.crt'
|
||||
tripleo::profile::base::octavia::provider::ovn::ovn_nb_private_key: '/etc/pki/tls/private/ovn_octavia.key'
|
||||
- {}
|
||||
puppet_tags: octavia_ovn_provider_config
|
||||
provider_driver_labels:
|
||||
if:
|
||||
- is_ovn_in_neutron_mechanism_driver
|
||||
- ['ovn: Octavia OVN driver.']
|
||||
- []
|
||||
step_config:
|
||||
if:
|
||||
- is_ovn_in_neutron_mechanism_driver
|
||||
@ -98,39 +95,31 @@ outputs:
|
||||
- - service: ovn_octavia
|
||||
network: {get_param: [ServiceNetMap, OvnDbsNetwork]}
|
||||
type: node
|
||||
- null
|
||||
volumes:
|
||||
if:
|
||||
- ovn_and_tls
|
||||
-
|
||||
- /etc/pki/tls/certs/ovn_octavia.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/ovn_octavia.crt:ro
|
||||
- - /etc/pki/tls/certs/ovn_octavia.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/ovn_octavia.crt:ro
|
||||
- /etc/pki/tls/private/ovn_octavia.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/ovn_octavia.key:ro
|
||||
- []
|
||||
kolla_permissions:
|
||||
if:
|
||||
- ovn_and_tls
|
||||
-
|
||||
- path: /etc/pki/tls/certs/ovn_octavia.crt
|
||||
- - path: /etc/pki/tls/certs/ovn_octavia.crt
|
||||
owner: octavia:octavia
|
||||
perm: '0644'
|
||||
- path: /etc/pki/tls/private/ovn_octavia.key
|
||||
owner: octavia:octavia
|
||||
perm: '0640'
|
||||
- []
|
||||
kolla_config_files:
|
||||
if:
|
||||
- ovn_and_tls
|
||||
-
|
||||
- source: "/var/lib/kolla/config_files/src-tls/*"
|
||||
- - source: "/var/lib/kolla/config_files/src-tls/*"
|
||||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
- []
|
||||
deploy_steps_tasks:
|
||||
if:
|
||||
- ovn_and_tls
|
||||
-
|
||||
- name: Certificate generation
|
||||
- - name: Certificate generation
|
||||
when: step|int == 1
|
||||
block:
|
||||
- include_role:
|
||||
@ -150,8 +139,7 @@ outputs:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
|
||||
key_size:
|
||||
if:
|
||||
- key_size_override_unset
|
||||
- {get_param: CertificateKeySize}
|
||||
- key_size_override_set
|
||||
- {get_param: OctaviaCertificateKeySize}
|
||||
- {get_param: CertificateKeySize}
|
||||
ca: ipa
|
||||
- null
|
||||
|
Loading…
x
Reference in New Issue
Block a user