tripleo-heat-templates/puppet/hieradata/controller.yaml
Emilien Macchi 1730d95acd Put staticweb middleware after keystoneauth in proxy pipeline
The staticweb middleware needs to be put after authentication
middlewares to ensure correct functionality as documented in
http://docs.openstack.org/developer/swift/middleware.html#staticweb

Without this Swift sends a HTML response even if the request was done
using a X-Auth-Token. This might result in a faulty handling of the response on
the client side; for example, "swift stat containername" would report an empty,
private container, while the container might actually be public readable with
data stored in it.

Closes-bug: 1494896
Change-Id: Id48840e0041f8d272e08def292fbedfaf76bbfbb
Co-Authored-By: Christian Schwede <cschwede@redhat.com>
2015-09-22 16:33:57 -04:00

124 lines
3.8 KiB
YAML

# Hiera data here applies to all controller nodes
nova::api::enabled: true
nova::conductor::enabled: true
nova::consoleauth::enabled: true
nova::vncproxy::enabled: true
nova::scheduler::enabled: true
# rabbitmq
rabbitmq::delete_guest_user: false
rabbitmq::wipe_db_on_cookie_change: true
rabbitmq::port: '5672'
rabbitmq::package_source: undef
rabbitmq::repos_ensure: false
rabbitmq_environment:
RABBITMQ_NODENAME: "rabbit@%{::hostname}"
RABBITMQ_SERVER_ERL_ARGS: '"+K true +A30 +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"'
rabbitmq_kernel_variables:
inet_dist_listen_min: '35672'
inet_dist_listen_max: '35672'
rabbitmq_config_variables:
tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]'
cluster_partition_handling: 'pause_minority'
mongodb::server::replset: tripleo
mongodb::server::journal: false
redis::port: 6379
redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}"
redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}"
redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'
# service tenant
nova::api::admin_tenant_name: 'service'
glance::api::keystone_tenant: 'service'
glance::registry::keystone_tenant: 'service'
neutron::server::auth_tenant: 'service'
neutron::agents::metadata::auth_tenant: 'service'
cinder::api::keystone_tenant: 'service'
swift::proxy::authtoken::admin_tenant_name: 'service'
ceilometer::api::keystone_tenant: 'service'
heat::keystone_tenant: 'service'
# keystone
keystone::cron::token_flush::maxdelay: 3600
#swift
swift::proxy::pipeline:
- 'catch_errors'
- 'healthcheck'
- 'cache'
- 'ratelimit'
- 'tempurl'
- 'formpost'
- 'authtoken'
- 'keystone'
- 'staticweb'
- 'proxy-logging'
- 'proxy-server'
swift::proxy::account_autocreate: true
# glance
glance::api::pipeline: 'keystone'
glance::registry::pipeline: 'keystone'
glance::backend::swift::swift_store_create_container_on_put: true
glance::backend::rbd::rbd_store_user: 'openstack'
# neutron
neutron::core_plugin: 'ml2'
neutron::service_plugins:
- 'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'
neutron::server::sync_db: true
neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf
# nova
nova::notify_on_state_change: 'vm_and_task_state'
nova::api::default_floating_pool: 'public'
nova::api::osapi_v3: true
nova::scheduler::filter::ram_allocation_ratio: '1.0'
# cinder
cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
# heat
heat::engine::configure_delegated_roles: false
heat::engine::trusts_delegated_roles: []
heat::instance_user: ''
# pacemaker
pacemaker::corosync::cluster_name: 'tripleo_cluster'
pacemaker::corosync::manage_fw: false
pacemaker::resource_defaults::defaults:
resource-stickiness: { value: INFINITY }
# horizon
horizon::allowed_hosts: '*'
horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
# mysql
mysql::server::manage_config_file: true
mysql::server::remove_default_accounts: true
tripleo::loadbalancer::keystone_admin: true
tripleo::loadbalancer::keystone_public: true
tripleo::loadbalancer::neutron: true
tripleo::loadbalancer::cinder: true
tripleo::loadbalancer::glance_api: true
tripleo::loadbalancer::glance_registry: true
tripleo::loadbalancer::nova_ec2: true
tripleo::loadbalancer::nova_osapi: true
tripleo::loadbalancer::nova_metadata: true
tripleo::loadbalancer::nova_novncproxy: true
tripleo::loadbalancer::mysql: true
tripleo::loadbalancer::redis: true
tripleo::loadbalancer::swift_proxy_server: true
tripleo::loadbalancer::ceilometer: true
tripleo::loadbalancer::heat_api: true
tripleo::loadbalancer::heat_cloudwatch: true
tripleo::loadbalancer::heat_cfn: true
tripleo::loadbalancer::horizon: true
controller_classes: []