tripleo-heat-templates/puppet/hieradata/controller.yaml

# Hiera data here applies to all controller nodes

nova::api::enabled: true
nova::vncproxy::enabled: true

# gnocchi
gnocchi::db::sync::extra_opts: '--skip-storage'
gnocchi::storage::swift::swift_user: 'service:gnocchi'
gnocchi::storage::swift::swift_auth_version: 2
gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26'
gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3'
gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616'
gnocchi::statsd::flush_delay: 10
gnocchi::statsd::archive_policy_name: 'low'

# rabbitmq
rabbitmq::delete_guest_user: false
rabbitmq::wipe_db_on_cookie_change: true
rabbitmq::port: '5672'
rabbitmq::package_source: undef
rabbitmq::repos_ensure: false
rabbitmq_environment:
  RABBITMQ_NODENAME: "rabbit@%{::hostname}"
  RABBITMQ_SERVER_ERL_ARGS: '"+K true +A30 +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"'
rabbitmq_kernel_variables:
  inet_dist_listen_min: '35672'
  inet_dist_listen_max: '35672'
rabbitmq_config_variables:
  tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]'
  cluster_partition_handling: 'pause_minority'
  loopback_users: '[]'

mongodb::server::replset: tripleo
mongodb::server::journal: false

redis::port: 6379
redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}"
redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}"
redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'

# keystone
keystone::roles::admin::email: 'root@localhost'

# service tenant
glance::api::keystone_tenant: 'service'
aodh::api::keystone_tenant: 'service'
glance::registry::keystone_tenant: 'service'
neutron::server::auth_tenant: 'service'
neutron::agents::metadata::auth_tenant: 'service'
neutron::agents::l3::router_delete_namespaces: True
cinder::api::keystone_tenant: 'service'
swift::proxy::authtoken::admin_tenant_name: 'service'
ceilometer::api::keystone_tenant: 'service'
gnocchi::api::keystone_tenant: 'service'
heat::keystone_tenant: 'service'
sahara::admin_tenant_name: 'service'
aodh::keystone::auth::tenant: 'service'
ceilometer::keystone::auth::tenant: 'service'
cinder::keystone::auth::tenant: 'service'
glance::keystone::auth::tenant: 'service'
gnocchi::keystone::auth::tenant: 'service'
heat::keystone::auth::tenant: 'service'
neutron::keystone::auth::tenant: 'service'
nova::keystone::auth::tenant: 'service'
sahara::keystone::auth::tenant: 'service'
swift::keystone::auth::tenant: 'service'

# keystone
keystone::cron::token_flush::maxdelay: 3600
keystone::roles::admin::service_tenant: 'service'
keystone::roles::admin::admin_tenant: 'admin'
keystone::cron::token_flush::destination: '/dev/null'
keystone::config::keystone_config:
  DEFAULT/secure_proxy_ssl_header:
    value: 'HTTP_X_FORWARDED_PROTO'
  ec2/driver:
    value: 'keystone.contrib.ec2.backends.sql.Ec2'
keystone::service_name: 'httpd'
keystone::wsgi::apache::ssl: false

#swift
swift::proxy::pipeline:
  - 'catch_errors'
  - 'healthcheck'
  - 'cache'
  - 'ratelimit'
  - 'tempurl'
  - 'formpost'
  - 'authtoken'
  - 'keystone'
  - 'staticweb'
  - 'proxy-logging'
  - 'proxy-server'

swift::proxy::account_autocreate: true
swift::keystone::auth::configure_s3_endpoint: false
swift::keystone::auth::operator_roles:
  - admin
  - swiftoperator

# glance
glance::api::pipeline: 'keystone'
glance::api::show_image_direct_url: true
glance::registry::pipeline: 'keystone'
glance::backend::swift::swift_store_create_container_on_put: true
glance_file_pcmk_directory: '/var/lib/glance/images'

# neutron
neutron::server::sync_db: true

# nova
nova::notify_on_state_change: 'vm_and_task_state'
nova::api::default_floating_pool: 'public'
nova::api::sync_db_api: true
nova::api::enable_proxy_headers_parsing: true
nova::cron::archive_deleted_rows::hour: '*/12'
nova::cron::archive_deleted_rows::destination: '/dev/null'
nova::notification_driver: messaging

# ceilometer
ceilometer::agent::auth::auth_endpoint_type: 'internalURL'

# cinder
cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
cinder::cron::db_purge::destination: '/dev/null'
cinder::host: hostgroup

# TODO(jaosorior): Move to cinder profile once cinder is moved as a composable
# service.
cinder::api::enable_proxy_headers_parsing: true

# heat
heat::engine::configure_delegated_roles: false
heat::engine::trusts_delegated_roles: []
heat::instance_user: ''
heat::cron::purge_deleted::age: 30
heat::cron::purge_deleted::age_type: 'days'
heat::cron::purge_deleted::maxdelay: 3600
heat::cron::purge_deleted::destination: '/dev/null'
heat::keystone::domain::domain_name: 'heat_stack'
heat::keystone::domain::domain_admin: 'heat_stack_domain_admin'
heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost'
heat::auth_plugin: 'password'

# pacemaker
pacemaker::corosync::cluster_name: 'tripleo_cluster'
pacemaker::corosync::manage_fw: false
pacemaker::resource_defaults::defaults:
  resource-stickiness: { value: INFINITY }
corosync_token_timeout: 10000

# horizon
horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
horizon::vhost_extra_params:
  add_listen: false
  priority: 10
  access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'

# mysql
mysql::server::manage_config_file: true


tripleo::haproxy::keystone_admin: true
tripleo::haproxy::keystone_public: true
tripleo::haproxy::neutron: true
tripleo::haproxy::cinder: true
tripleo::haproxy::glance_api: true
tripleo::haproxy::glance_registry: true
tripleo::haproxy::nova_osapi: true
tripleo::haproxy::nova_metadata: true
tripleo::haproxy::nova_novncproxy: true
tripleo::haproxy::mysql: true
tripleo::haproxy::redis: true
tripleo::haproxy::sahara: true
tripleo::haproxy::swift_proxy_server: true
tripleo::haproxy::ceilometer: true
tripleo::haproxy::aodh: true
tripleo::haproxy::gnocchi: true
tripleo::haproxy::heat_api: true
tripleo::haproxy::heat_cloudwatch: true
tripleo::haproxy::heat_cfn: true
tripleo::haproxy::horizon: true

controller_classes: []
# firewall
tripleo::firewall::firewall_rules:
  '101 mongodb_config':
    dport: 27019
  '102 mongodb_sharding':
    dport: 27018
  '103 mongod':
    dport: 27017
  '104 mysql galera':
    dport:
      - 873
      - 3306
      - 4444
      - 4567
      - 4568
      - 9200
  '105 ntp':
    dport: 123
    proto: udp
  '106 vrrp':
    proto: vrrp
  '107 haproxy stats':
    dport: 1993
  '108 redis':
    dport:
      - 6379
      - 26379
  '109 rabbitmq':
    dport:
      - 4369
      - 5672
      - 35672
  '110 ceph':
    dport:
      - 6789
      - '6800-6810'
  '111 keystone':
    dport:
      - 5000
      - 13000
      - 35357
      - 13357
  '112 glance':
    dport:
      - 9292
      - 9191
      - 13292
  '113 nova':
    dport:
      - 6080
      - 13080
      - 8773
      - 3773
      - 8774
      - 13774
      - 8775
  '114 neutron server':
    dport:
      - 9696
      - 13696
  '115 neutron dhcp input':
    proto: 'udp'
    dport: 67
  '116 neutron dhcp output':
    proto: 'udp'
    chain: 'OUTPUT'
    dport: 68
  '118 neutron vxlan networks':
    proto: 'udp'
    dport: 4789
  '119 cinder':
    dport:
      - 8776
      - 13776
  '120 iscsi initiator':
    dport: 3260
  '121 memcached':
    dport: 11211
  '122 swift proxy':
    dport:
      - 8080
      - 13808
  '123 swift storage':
    dport:
      - 873
      - 6000
      - 6001
      - 6002
  '124 ceilometer':
    dport:
      - 8777
      - 13777
  '125 heat':
    dport:
      - 8000
      - 13800
      - 8003
      - 13003
      - 8004
      - 13004
  '126 horizon':
    dport:
      - 80
      - 443
  '127 snmp':
    dport: 161
    proto: 'udp'
  '128 aodh':
    dport:
      - 8042
      - 13042
  '129 gnocchi-api':
    dport:
      - 8041
      - 13041
  '130 pacemaker tcp':
    proto: 'tcp'
    dport:
      - 2224
      - 3121
      - 21064
  '131 pacemaker udp':
    proto: 'udp'
    dport: 5405
  '132 sahara':
    dport:
      - 8386
      - 13386