heat_template_version: wallaby description: > OpenStack Octavia base service. Shared for all Octavia services parameters: ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. Use parameter_merge_strategies to merge it with the defaults. type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json Debug: type: boolean default: false description: Set to True to enable debugging on all services. OctaviaDebug: default: false description: Set to True to enable debugging Octavia services. type: boolean EnableSQLAlchemyCollectd: type: boolean description: > Set to true to enable the SQLAlchemy-collectd server plugin default: false EnableConfigPurge: type: boolean default: false description: > Remove configuration that is not generated by TripleO. Used to avoid configuration remnants after upgrades. NotificationDriver: type: comma_delimited_list default: 'noop' description: Driver or drivers to handle sending notifications. OctaviaUserName: description: The username for the Octavia database and keystone accounts. type: string default: 'octavia' OctaviaPassword: description: The password for the Octavia database and keystone accounts. type: string hidden: true OctaviaProjectName: description: The project name for the keystone Octavia account. type: string default: 'service' KeystoneRegion: type: string default: 'regionOne' description: Keystone region for endpoint OctaviaCaCertFile: type: string default: '/etc/octavia/certs/ca_01.pem' description: Octavia CA certificate file path. OctaviaCaCert: type: string default: '' description: Octavia CA certificate data. If provided, this will create or update a file on the host with the path provided in OctaviaCaCertFile with the certificate data. OctaviaCaKeyFile: type: string default: '/etc/octavia/certs/private/cakey.pem' description: Octavia CA private key file path. OctaviaCaKey: type: string default: '' description: The private key for the certificate provided in OctaviaCaCert. If provided, this will create or update a file on the host with the path provided in OctaviaCaKeyFile with the key data. OctaviaClientCertFile: type: string default: '/etc/octavia/certs/client.pem' description: Octavia client certificate for amphorae. OctaviaClientCert: type: string default: '' description: Octavia client certificate data. If provided, this will create or update a file on the host with the path provided in OctaviaClientCertFile with the certificate data. OctaviaServerCertsKeyPassphrase: constraints: - length: { min: 32, max: 32} description: Passphrase for encrypting Amphora Certificates and Private Keys. Must be exactly 32 characters. type: string hidden: true OctaviaCaKeyPassphrase: description: CA private key passphrase. type: string hidden: true OctaviaAmphoraImageTag: default: 'amphora-image' description: Glance image tag for identifying the amphora image. type: string OctaviaAmphoraNetworkList: default: [] description: List of networks to attach to amphorae. type: comma_delimited_list OctaviaAmphoraSshKeyName: type: string default: 'octavia-ssh-key' description: SSH key name. OctaviaLoadBalancerTopology: default: '' description: Load balancer topology configuration. type: string OctaviaFlavorId: default: '65' description: Nova flavor ID to be used when creating the nova flavor for amphora. type: string OctaviaTimeoutClientData: default: 50000 description: Frontend client inactivity timeout. type: number OctaviaTimeoutMemberConnect: default: 5000 description: Backend member connection timeout. type: number OctaviaTimeoutMemberData: default: 50000 description: Backend member inactivity timeout. type: number OctaviaTimeoutTcpInspect: default: 0 description: Time to wait for TCP packets for content inspection. type: number OctaviaConnectionMaxRetries: default: 120 description: Retry threshold for connecting to amphorae. type: number OctaviaConnectionLogging: default: true description: When false, tenant connection flows will not be logged. type: boolean OctaviaBuildActiveRetries: default: 120 description: Retry threshold for waiting for a build slot for an amphorae. type: number OctaviaPortDetachTimeout: default: 300 description: Seconds to wait for a port to detach from an amphora. type: number OctaviaAdminLogTargets: default: [] description: List of syslog endpoints, host:port comma separated list, to receive administrative log messages. type: comma_delimited_list OctaviaAdminLogFacility: default: 1 description: The syslog "LOG_LOCAL" facility to use for the administrative log messages. type: number constraints: - range: { min: 0, max: 7 } description: Facility must be between 0 and 7. OctaviaForwardAllLogs: default: false description: When true, all log messages from the amphora will be forwarded to the administrative log endponts, including non-load balancing related logs. type: boolean OctaviaTenantLogTargets: default: [] description: List of syslog endpoints, host:port comma separated list, to receive tenant traffic flow log messages. type: comma_delimited_list OctaviaTenantLogFacility: default: 0 description: The syslog "LOG_LOCAL" facility to use for the tenant traffic flow log messages. type: number constraints: - range: { min: 0, max: 7 } description: Facility must be between 0 and 7. OctaviaUserLogFormat: default: "{{ '{{' }} project_id {{ '}}' }} {{ '{{' }} lb_id {{ '}}' }} %f %ci %cp %t %{+Q}r %ST %B %U %[ssl_c_verify] %{+Q}[ssl_c_s_dn] %b %s %Tt %tsc" description: The tenant traffic flow log format string. type: string OctaviaDisableLocalLogStorage: default: false description: When true, logs will not be stored on the amphora filesystem. This includes all kernel, system, and security logs. type: boolean OctaviaAntiAffinity: default: true description: Flag to indicate if anti-affinity feature is turned on. type: boolean OctaviaRpcResponseTimeout: default: 60 description: Octavia's RPC response timeout, in seconds. type: number conditions: octavia_ca_cert_set: not: {equals: [{get_param: OctaviaCaCert}, '']} octavia_ca_key_set: not: {equals: [{get_param: OctaviaCaKey}, '']} octavia_client_cert_set: not: {equals: [{get_param: OctaviaClientCert}, '']} octavia_topology_set: not: {equals : [{get_param: OctaviaLoadBalancerTopology}, '']} outputs: role_data: description: Base role data for Octavia services value: service_name: octavia_base config_settings: octavia::logging::debug: if: - {get_param: OctaviaDebug} - true - {get_param: Debug} octavia::purge_config: {get_param: EnableConfigPurge} octavia::notification_driver: {get_param: NotificationDriver} octavia::db::database_connection: make_url: scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} username: {get_param: OctaviaUserName} password: {get_param: OctaviaPassword} host: {get_param: [EndpointMap, MysqlInternal, host]} path: /octavia query: if: - {get_param: EnableSQLAlchemyCollectd} - read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo plugin: collectd collectd_program_name: octavia collectd_host: localhost - read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo octavia::service_auth::auth_url: {get_param: [EndpointMap, KeystoneV3Internal, uri]} octavia::service_auth::auth_type: 'password' octavia::service_auth::username: {get_param: OctaviaUserName} octavia::service_auth::password: {get_param: OctaviaPassword} octavia::service_auth::project_name: {get_param: OctaviaProjectName} octavia::service_auth::project_domain_name: 'Default' octavia::service_auth::user_domain_name: 'Default' octavia::service_auth::region_name: {get_param: KeystoneRegion} octavia::nova::endpoint_type: 'internalURL' octavia::nova::region_name: {get_param: KeystoneRegion} octavia::neutron::endpoint_type: 'internalURL' octavia::neutron::region_name: {get_param: KeystoneRegion} octavia::glance::endpoint_type: 'internalURL' octavia::glance::region_name: {get_param: KeystoneRegion} octavia::cinder::endpoint_type: 'internalURL' octavia::cinder::region_name: {get_param: KeystoneRegion} octavia::certificates::endpoint_type: 'internalURL' octavia::certificates::ca_certificate: {get_param: OctaviaCaCertFile} octavia::certificates::ca_private_key: {get_param: OctaviaCaKeyFile} octavia::certificates::client_cert: {get_param: OctaviaClientCertFile} octavia::certificates::server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase} octavia::certificates::ca_private_key_passphrase: {get_param: OctaviaCaKeyPassphrase} octavia::worker::manage_nova_flavor: false octavia::controller::amp_boot_network_list: {get_param: OctaviaAmphoraNetworkList} octavia::controller::amp_flavor_id: {get_param: OctaviaFlavorId} octavia::controller::amp_image_tag: {get_param: OctaviaAmphoraImageTag} octavia::controller::amp_ssh_key_name: {get_param: OctaviaAmphoraSshKeyName} octavia::controller::enable_ssh_access: true octavia::controller::timeout_client_data: {get_param: OctaviaTimeoutClientData} octavia::controller::timeout_member_connect: {get_param: OctaviaTimeoutMemberConnect} octavia::controller::timeout_member_data: {get_param: OctaviaTimeoutMemberData} octavia::controller::timeout_tcp_inspect: {get_param: OctaviaTimeoutTcpInspect} octavia::controller::connection_max_retries: {get_param: OctaviaConnectionMaxRetries} octavia::controller::connection_logging: {get_param: OctaviaConnectionLogging} octavia::controller::build_active_retries: {get_param: OctaviaBuildActiveRetries} octavia::controller::admin_log_targets: {get_param: OctaviaAdminLogTargets} octavia::controller::administrative_log_facility: {get_param: OctaviaAdminLogFacility} octavia::controller::forward_all_logs: {get_param: OctaviaForwardAllLogs} octavia::controller::tenant_log_targets: {get_param: OctaviaTenantLogTargets} octavia::controller::user_log_facility: {get_param: OctaviaTenantLogFacility} octavia::controller::user_log_format: {get_param: OctaviaUserLogFormat} octavia::controller::disable_local_log_storage: {get_param: OctaviaDisableLocalLogStorage} octavia::networking::port_detach_timeout: {get_param: OctaviaPortDetachTimeout} octavia::nova::enable_anti_affinity: {get_param: OctaviaAntiAffinity} octavia::rpc_response_timeout: {get_param: OctaviaRpcResponseTimeout} octavia::controller::loadbalancer_topology: if: - octavia_topology_set - {get_param: OctaviaLoadBalancerTopology} octavia::certificates::ca_certificate_data: if: - octavia_ca_cert_set - {get_param: OctaviaCaCert} octavia::certificates::ca_private_key_data: if: - octavia_ca_key_set - {get_param: OctaviaCaKey} octavia::certificates::client_cert_data: if: - octavia_client_cert_set - {get_param: OctaviaClientCert} update_tasks: &ensure_start_up_files - name: make sure that post-deploy.conf exists before restarting containers on update or upgrade when: step|int == 5 block: - name: check for octavia post-deploy.conf file stat: path: /var/lib/config-data/puppet-generated/octavia/etc/octavia/post-deploy.conf register: octavia_post_deploy_stat - name: create an empty post-deploy.conf file if it does not exist file: path: /var/lib/config-data/puppet-generated/octavia/etc/octavia/post-deploy.conf state: touch setype: container_file_t mode: '0755' when: - octavia_post_deploy_stat.exists is defined and not octavia_post_deploy_stat.exists upgrade_tasks: *ensure_start_up_files