28be1058f6
This fixes TLS errors when anything using python-requests is run from a virtualenv. Change-Id: Icf659e54e8887dc9759cd4d8f732982ce3e0ae5f Closes-Bug: #1771565
177 lines
5.8 KiB
YAML
177 lines
5.8 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
Post-deployment for the TripleO undercloud
|
|
|
|
parameters:
|
|
servers:
|
|
type: json
|
|
DeployedServerPortMap:
|
|
default: {}
|
|
type: json
|
|
UndercloudHomeDir:
|
|
description: The HOME directory where the stackrc and ssh credentials for the Undercloud will be installed. Set to /home/<user> to customize the location.
|
|
type: string
|
|
default: '/root'
|
|
AdminPassword: #supplied by tripleo-undercloud-passwords.yaml
|
|
type: string
|
|
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
|
|
hidden: True
|
|
SSLCertificate:
|
|
description: >
|
|
The content of the SSL certificate (without Key) in PEM format.
|
|
type: string
|
|
default: ""
|
|
hidden: True
|
|
PublicSSLCertificateAutogenerated:
|
|
default: false
|
|
description: >
|
|
Whether the public SSL certificate was autogenerated or not.
|
|
type: boolean
|
|
InternalTLSCAFile:
|
|
default: '/etc/ipa/ca.crt'
|
|
type: string
|
|
description: Specifies the default CA cert to use if TLS is used for
|
|
services in the internal network.
|
|
SnmpdReadonlyUserPassword:
|
|
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
|
|
type: string
|
|
hidden: true
|
|
EnableValidations:
|
|
default: false
|
|
description: >
|
|
Whether the TripleO validations are enabled.
|
|
type: boolean
|
|
DnsServers: # Override this via parameter_defaults
|
|
default: []
|
|
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
|
|
type: comma_delimited_list
|
|
CtlplaneLocalPhysicalNetwork:
|
|
default: ctlplane
|
|
type: string
|
|
description: Physical network name for the ctlplane network local to the undercloud
|
|
UndercloudCtlplaneSubnets:
|
|
description: >
|
|
Dictionary of subnets to configure on the Undercloud ctlplan network
|
|
default: {}
|
|
type: json
|
|
UndercloudCtlplaneLocalSubnet:
|
|
description: The subnet local to the undercloud on the ctlplane network
|
|
default: ctlplane-subnet
|
|
type: string
|
|
UndercloudEnableRoutedNetworks:
|
|
description: Enable support for routed ctlplane networks.
|
|
default: False
|
|
type: boolean
|
|
UndercloudLocalMtu: # Override this via parameter_defaults
|
|
default: 1500
|
|
description: MTU to use for the Undercloud local_interface.
|
|
type: number
|
|
constraints:
|
|
- range: { min: 1000, max: 65536 }
|
|
|
|
conditions:
|
|
|
|
tls_enabled:
|
|
or:
|
|
- not:
|
|
equals:
|
|
- {get_param: SSLCertificate}
|
|
- ""
|
|
- equals:
|
|
- {get_param: PublicSSLCertificateAutogenerated}
|
|
- true
|
|
|
|
|
|
resources:
|
|
|
|
UndercloudPostConfig:
|
|
type: OS::Heat::SoftwareConfig
|
|
properties:
|
|
group: script
|
|
inputs:
|
|
- name: deploy_identifier
|
|
- name: admin_password
|
|
- name: auth_url
|
|
- name: snmp_readonly_user_password
|
|
- name: enable_validations
|
|
- name: internal_tls_ca_file
|
|
config: {get_file: ./undercloud_post.sh}
|
|
|
|
UndercloudPostDeployment:
|
|
type: OS::Heat::SoftwareDeployments
|
|
properties:
|
|
name: UndercloudPostDeployment
|
|
servers: {get_param: servers}
|
|
config: {get_resource: UndercloudPostConfig}
|
|
input_values:
|
|
ssl_certificate: {get_param: SSLCertificate}
|
|
homedir: {get_param: UndercloudHomeDir}
|
|
admin_password: {get_param: AdminPassword}
|
|
snmp_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
|
|
enable_validations: [get_params: EnableValidations]
|
|
internal_tls_ca_file:
|
|
if:
|
|
- tls_enabled
|
|
- {get_param: InternalTLSCAFile}
|
|
- ''
|
|
# if SSL is enabled we use the public virtual ip as the stackrc endpoint
|
|
auth_url:
|
|
if:
|
|
- tls_enabled
|
|
- make_url:
|
|
scheme: https
|
|
host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
|
|
port: 13000
|
|
path: /
|
|
- make_url:
|
|
scheme: http
|
|
host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
|
|
port: 5000
|
|
path: /
|
|
|
|
UndercloudCtlplaneNetworkConfig:
|
|
type: OS::Heat::SoftwareConfig
|
|
properties:
|
|
group: script
|
|
inputs:
|
|
- name: admin_password
|
|
- name: auth_url
|
|
- name: config
|
|
config: {get_file: ./undercloud_ctlplane_network.py}
|
|
|
|
UndercloudCtlplaneNetworkDeployment:
|
|
type: OS::Heat::SoftwareDeployments
|
|
properties:
|
|
name: UndercloudCtlplaneNetworkDeployment
|
|
servers: {get_param: servers}
|
|
config: {get_resource: UndercloudCtlplaneNetworkConfig}
|
|
input_values:
|
|
admin_password: {get_param: AdminPassword}
|
|
# if SSL is enabled we use the public virtual ip as the stackrc endpoint
|
|
auth_url:
|
|
if:
|
|
- tls_enabled
|
|
- make_url:
|
|
scheme: https
|
|
host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
|
|
port: 13000
|
|
path: /
|
|
- make_url:
|
|
scheme: http
|
|
host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
|
|
port: 5000
|
|
path: /
|
|
config:
|
|
str_replace:
|
|
template: JSON
|
|
params:
|
|
JSON:
|
|
local_ip: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
|
|
local_subnet: {get_param: UndercloudCtlplaneLocalSubnet}
|
|
nameservers: {get_param: DnsServers}
|
|
physical_network: {get_param: CtlplaneLocalPhysicalNetwork}
|
|
subnets: {get_param: UndercloudCtlplaneSubnets}
|
|
enable_routed_networks: {get_param: UndercloudEnableRoutedNetworks}
|
|
mtu: {get_param: UndercloudLocalMtu}
|