50367fbe35
This change converts our filewall deployment practice to use the tripleo-ansible firewall role. This change creates a new "firewall_rules" object which is queried using YAQL from the "FirewallRules" resource. A new parameter has been added allowing users to input additional firewall rules as needed. The new parameter is `ExtraFirewallRules` and will be merged on top of the YAQL interface. Depends-On: Ie5d0f51d7efccd112847d3f1edf5fd9cdb1edeed Change-Id: I1be209a04f599d1d018e730c92f1fc8dd9bf884b Signed-off-by: Kevin Carter <kecarter@redhat.com>
107 lines
3.9 KiB
YAML
107 lines
3.9 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack Neutron Compute Nuage plugin
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
NovaPassword:
|
|
description: The password for the nova service and db account
|
|
type: string
|
|
hidden: true
|
|
NuageMetadataPort:
|
|
description: TCP Port to listen for metadata server requests
|
|
type: string
|
|
default: '9697'
|
|
NuageActiveController:
|
|
description: IP address of the Active Virtualized Services Controller (VSC)
|
|
type: string
|
|
NuageStandbyController:
|
|
description: IP address of the Standby Virtualized Services Controller (VSC)
|
|
type: string
|
|
NuageNovaMetadataPort:
|
|
description: TCP Port used by Nova metadata server
|
|
type: string
|
|
default: '8775'
|
|
NuageMetadataProxySharedSecret:
|
|
description: Shared secret to sign the instance-id request
|
|
type: string
|
|
NuageNovaClientVersion:
|
|
description: Client Version Nova
|
|
type: string
|
|
default: '2'
|
|
NuageNovaOsUsername:
|
|
description: Nova username in keystone_authtoken
|
|
type: string
|
|
default: 'nova'
|
|
NuageMetadataAgentStartWithOvs:
|
|
description: Set to true if nuage-metadata-agent needs to be started with nuage-openvswitch-switch
|
|
type: boolean
|
|
default: true
|
|
NuageNovaApiEndpoint:
|
|
description: One of publicURL, internalURL, adminURL in "keystone endpoint-list"
|
|
type: string
|
|
default: 'publicURL'
|
|
NuageNovaRegionName:
|
|
description: Region name in "keystone endpoint-list"
|
|
type: string
|
|
default: 'regionOne'
|
|
NuageBridgeMTU:
|
|
description: Support for non-default MTU configured on each VRS node
|
|
type: string
|
|
default: ''
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Neutron Compute Nuage plugin
|
|
firewall_rules:
|
|
'118 neutron vxlan networks':
|
|
proto: 'udp'
|
|
dport: 4789
|
|
'100 metadata agent':
|
|
dport: {get_param: NuageMetadataPort}
|
|
value:
|
|
service_name: neutron_compute_plugin_nuage
|
|
config_settings:
|
|
nuage::vrs::active_controller: {get_param: NuageActiveController}
|
|
nuage::vrs::standby_controller: {get_param: NuageStandbyController}
|
|
nuage::vrs::bridge_mtu: {get_param: NuageBridgeMTU}
|
|
nuage::metadataagent::metadata_port: {get_param: NuageMetadataPort}
|
|
nuage::metadataagent::nova_metadata_port: {get_param: NuageNovaMetadataPort}
|
|
nuage::metadataagent::metadata_secret: {get_param: NuageMetadataProxySharedSecret}
|
|
nuage::metadataagent::nova_client_version: {get_param: NuageNovaClientVersion}
|
|
nuage::metadataagent::nova_os_username: {get_param: NuageNovaOsUsername}
|
|
nuage::metadataagent::metadata_agent_start_with_ovs: {get_param: NuageMetadataAgentStartWithOvs}
|
|
nuage::metadataagent::nova_api_endpoint_type: {get_param: NuageNovaApiEndpoint}
|
|
nuage::metadataagent::nova_region_name: {get_param: NuageNovaRegionName}
|
|
tripleo::profile::base::neutron::agents::nuage::nova_os_tenant_name: 'service'
|
|
tripleo::profile::base::neutron::agents::nuage::nova_os_password: {get_param: NovaPassword}
|
|
tripleo::profile::base::neutron::agents::nuage::nova_auth_ip: {get_param: [EndpointMap, KeystoneInternal, host]}
|
|
step_config: |
|
|
include ::tripleo::profile::base::neutron::agents::nuage
|