ed5f481aa6
Using EndpointMap to ensure we get the hostname/fqdn if possible
otherwise it fallbacks to the IP for Keystone public endpoint.
This is useful when the operator uses a certificate based on
hostname/fqdn and not an IP address.
Closes-Bug #1763776
Change-Id: Ifa9d55cca90caf5be0c83507cb47447e25311fce
(cherry picked from commit 016279b71e
)
232 lines
7.2 KiB
YAML
232 lines
7.2 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
Post-deployment for the TripleO undercloud
|
|
|
|
parameters:
|
|
servers:
|
|
type: json
|
|
DeployedServerPortMap:
|
|
default: {}
|
|
type: json
|
|
UndercloudHomeDir:
|
|
description: The HOME directory where the stackrc and ssh credentials for the Undercloud will be installed. Set to /home/<user> to customize the location.
|
|
type: string
|
|
default: '/root'
|
|
AdminPassword: #supplied by tripleo-undercloud-passwords.yaml
|
|
type: string
|
|
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
|
|
hidden: True
|
|
SSLCertificate:
|
|
description: >
|
|
The content of the SSL certificate (without Key) in PEM format.
|
|
type: string
|
|
default: ""
|
|
hidden: True
|
|
PublicSSLCertificateAutogenerated:
|
|
default: false
|
|
description: >
|
|
Whether the public SSL certificate was autogenerated or not.
|
|
type: boolean
|
|
InternalTLSCAFile:
|
|
default: '/etc/ipa/ca.crt'
|
|
type: string
|
|
description: Specifies the default CA cert to use if TLS is used for
|
|
services in the internal network.
|
|
SnmpdReadonlyUserPassword:
|
|
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
|
|
type: string
|
|
hidden: true
|
|
MysqlRootPassword:
|
|
type: string
|
|
hidden: true
|
|
default: ''
|
|
DnsServers:
|
|
default: []
|
|
description: >
|
|
DNS servers to use for the Overcloud (2 max for some implementations).
|
|
If not set the nameservers configured in the ctlplane subnet's
|
|
dns_nameservers attribute will be used.
|
|
type: comma_delimited_list
|
|
CtlplaneLocalPhysicalNetwork:
|
|
default: ctlplane
|
|
type: string
|
|
description: Physical network name for the ctlplane network local to the undercloud
|
|
UndercloudCtlplaneSubnets:
|
|
description: >
|
|
Dictionary of subnets to configure on the Undercloud ctlplan network
|
|
default: {}
|
|
type: json
|
|
UndercloudCtlplaneLocalSubnet:
|
|
description: The subnet local to the undercloud on the ctlplane network
|
|
default: ctlplane-subnet
|
|
type: string
|
|
UndercloudEnableRoutedNetworks:
|
|
description: Enable support for routed ctlplane networks.
|
|
default: False
|
|
type: boolean
|
|
UndercloudLocalMtu: # Override this via parameter_defaults
|
|
default: 1500
|
|
description: MTU to use for the Undercloud local_interface.
|
|
type: number
|
|
constraints:
|
|
- range: { min: 1000, max: 65536 }
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
UndercloudCloudName:
|
|
type: string
|
|
default: 'undercloud'
|
|
description: Cloud name for the clouds.yaml
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
|
|
conditions:
|
|
|
|
tls_enabled:
|
|
or:
|
|
- not:
|
|
equals:
|
|
- {get_param: SSLCertificate}
|
|
- ""
|
|
- equals:
|
|
- {get_param: PublicSSLCertificateAutogenerated}
|
|
- true
|
|
|
|
ca_file_enabled:
|
|
and:
|
|
- not:
|
|
equals:
|
|
- {get_param: InternalTLSCAFile}
|
|
- ""
|
|
- tls_enabled
|
|
|
|
resources:
|
|
|
|
UndercloudPostConfig:
|
|
type: OS::Heat::SoftwareConfig
|
|
properties:
|
|
group: script
|
|
inputs:
|
|
- name: deploy_identifier
|
|
- name: admin_password
|
|
- name: auth_url
|
|
- name: internal_tls_ca_file
|
|
- name: cloud_name
|
|
config: {get_file: ./undercloud_post.sh}
|
|
|
|
UndercloudPostDeployment:
|
|
type: OS::Heat::SoftwareDeployments
|
|
properties:
|
|
name: UndercloudPostDeployment
|
|
servers: {get_param: servers}
|
|
config: {get_resource: UndercloudPostConfig}
|
|
input_values:
|
|
ssl_certificate: {get_param: SSLCertificate}
|
|
homedir: {get_param: UndercloudHomeDir}
|
|
admin_password: {get_param: AdminPassword}
|
|
cloud_name: {get_param: UndercloudCloudName}
|
|
internal_tls_ca_file:
|
|
if:
|
|
- ca_file_enabled
|
|
- {get_param: InternalTLSCAFile}
|
|
- ''
|
|
auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
|
|
|
CloudsYamlConfig:
|
|
type: OS::Heat::SoftwareConfig
|
|
properties:
|
|
group: script
|
|
inputs:
|
|
- name: admin_password
|
|
- name: auth_url
|
|
- name: cloud_name
|
|
- name: home_dir
|
|
- name: identity_api_version
|
|
- name: project_name
|
|
- name: project_domain_name
|
|
- name: region_name
|
|
- name: user_name
|
|
- name: user_domain_name
|
|
config: {get_file: ./clouds_yaml.py}
|
|
|
|
CloudsYamlDeployment:
|
|
type: OS::Heat::SoftwareDeployments
|
|
properties:
|
|
name: CloudsYamlDeployment
|
|
servers: {get_param: servers}
|
|
config: {get_resource: CloudsYamlConfig}
|
|
input_values:
|
|
admin_password: {get_param: AdminPassword}
|
|
auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
|
cloud_name: {get_param: UndercloudCloudName}
|
|
home_dir: {get_param: UndercloudHomeDir}
|
|
identity_api_version: 3
|
|
project_name: 'admin'
|
|
project_domain_name: 'Default'
|
|
region_name: {get_param: KeystoneRegion}
|
|
user_name: 'admin'
|
|
user_domain_name: 'Default'
|
|
|
|
UndercloudPostPyConfig:
|
|
type: OS::Heat::SoftwareConfig
|
|
properties:
|
|
group: script
|
|
inputs:
|
|
- name: config
|
|
config: {get_file: ./undercloud_post.py}
|
|
|
|
UndercloudPostPyDeployment:
|
|
type: OS::Heat::SoftwareDeployments
|
|
depends_on: [UndercloudPostDeployment, CloudsYamlDeployment]
|
|
properties:
|
|
name: UndercloudPostPyDeployment
|
|
servers: {get_param: servers}
|
|
config: {get_resource: UndercloudPostPyConfig}
|
|
input_values:
|
|
config:
|
|
str_replace:
|
|
template: JSON
|
|
params:
|
|
JSON:
|
|
cloud_name: {get_param: UndercloudCloudName}
|
|
home_dir: {get_param: UndercloudHomeDir}
|
|
snmp_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
|
|
undercloud_db_password: {get_param: MysqlRootPassword}
|
|
|
|
|
|
UndercloudCtlplaneNetworkConfig:
|
|
type: OS::Heat::SoftwareConfig
|
|
properties:
|
|
group: script
|
|
inputs:
|
|
- name: config
|
|
config: {get_file: ./undercloud_ctlplane_network.py}
|
|
|
|
UndercloudCtlplaneNetworkDeployment:
|
|
type: OS::Heat::SoftwareDeployments
|
|
depends_on: [UndercloudPostDeployment, CloudsYamlDeployment]
|
|
properties:
|
|
name: UndercloudCtlplaneNetworkDeployment
|
|
servers: {get_param: servers}
|
|
config: {get_resource: UndercloudCtlplaneNetworkConfig}
|
|
input_values:
|
|
config:
|
|
str_replace:
|
|
template: JSON
|
|
params:
|
|
JSON:
|
|
cloud_name: {get_param: UndercloudCloudName}
|
|
local_ip: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
|
|
local_subnet: {get_param: UndercloudCtlplaneLocalSubnet}
|
|
nameservers: {get_param: DnsServers}
|
|
physical_network: {get_param: CtlplaneLocalPhysicalNetwork}
|
|
subnets: {get_param: UndercloudCtlplaneSubnets}
|
|
enable_routed_networks: {get_param: UndercloudEnableRoutedNetworks}
|
|
mtu: {get_param: UndercloudLocalMtu}
|
|
home_dir: {get_param: UndercloudHomeDir}
|