openstack/tripleo-heat-templates
Code Issues Proposed changes
5720819516
tripleo-heat-templates/puppet/hieradata/controller.yaml
Juan Antonio Osorio Robles fd9208025e Enable keystone handling of X-Forwarded-Proto header 
If the X-Forwarded-Proto header is received by keystone, this option
will make the service properly handle it. This is useful, for instance,
if TLS is enabled for the admin endpoint.

Change-Id: I31a1f51591e8423367e61eafc3af9b2d61278468
2016-01-14 17:17:27 +02:00

246 lines
6.0 KiB
YAML
Raw Blame History

# Hiera data here applies to all controller nodes
nova::api::enabled: true
nova::conductor::enabled: true
nova::consoleauth::enabled: true
nova::vncproxy::enabled: true
nova::scheduler::enabled: true
# rabbitmq
rabbitmq::delete_guest_user: false
rabbitmq::wipe_db_on_cookie_change: true
rabbitmq::port: '5672'
rabbitmq::package_source: undef
rabbitmq::repos_ensure: false
rabbitmq_environment:
RABBITMQ_NODENAME: "rabbit@%{::hostname}"
RABBITMQ_SERVER_ERL_ARGS: '"+K true +A30 +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"'
rabbitmq_kernel_variables:
inet_dist_listen_min: '35672'
inet_dist_listen_max: '35672'
rabbitmq_config_variables:
tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]'
cluster_partition_handling: 'pause_minority'
mongodb::server::replset: tripleo
mongodb::server::journal: false
redis::port: 6379
redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}"
redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}"
redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'
# service tenant
glance::api::keystone_tenant: 'service'
glance::registry::keystone_tenant: 'service'
neutron::server::auth_tenant: 'service'
neutron::agents::metadata::auth_tenant: 'service'
cinder::api::keystone_tenant: 'service'
swift::proxy::authtoken::admin_tenant_name: 'service'
ceilometer::api::keystone_tenant: 'service'
heat::keystone_tenant: 'service'
sahara::admin_tenant_name: 'service'
# keystone
keystone::cron::token_flush::maxdelay: 3600
keystone::roles::admin::service_tenant: 'service'
keystone::roles::admin::admin_tenant: 'admin'
keystone::cron::token_flush::destination: '/dev/null'
keystone::config::keystone_config:
DEFAULT/secure_proxy_ssl_header:
value: 'HTTP_X_FORWARDED_PROTO'
ec2/driver:
value: 'keystone.contrib.ec2.backends.sql.Ec2'
#swift
swift::proxy::pipeline:
- 'catch_errors'
- 'healthcheck'
- 'cache'
- 'ratelimit'
- 'tempurl'
- 'formpost'
- 'authtoken'
- 'keystone'
- 'staticweb'
- 'proxy-logging'
- 'proxy-server'
swift::proxy::account_autocreate: true
# glance
glance::api::pipeline: 'keystone'
glance::api::show_image_direct_url: true
glance::registry::pipeline: 'keystone'
glance::backend::swift::swift_store_create_container_on_put: true
glance::backend::rbd::rbd_store_user: 'openstack'
glance_file_pcmk_directory: '/var/lib/glance/images'
# neutron
neutron::server::sync_db: true
neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf
# nova
nova::notify_on_state_change: 'vm_and_task_state'
nova::api::default_floating_pool: 'public'
nova::api::osapi_v3: true
nova::scheduler::filter::ram_allocation_ratio: '1.0'
nova::cron::archive_deleted_rows::hour: '*/12'
nova::cron::archive_deleted_rows::destination: '/dev/null'
# ceilometer
ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
# cinder
cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
cinder::cron::db_purge::destination: '/dev/null'
# heat
heat::engine::configure_delegated_roles: false
heat::engine::trusts_delegated_roles: []
heat::instance_user: ''
# pacemaker
pacemaker::corosync::cluster_name: 'tripleo_cluster'
pacemaker::corosync::manage_fw: false
pacemaker::resource_defaults::defaults:
resource-stickiness: { value: INFINITY }
# horizon
horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
horizon::vhost_extra_params:
add_listen: false
priority: 10
# mysql
mysql::server::manage_config_file: true
tripleo::loadbalancer::keystone_admin: true
tripleo::loadbalancer::keystone_public: true
tripleo::loadbalancer::neutron: true
tripleo::loadbalancer::cinder: true
tripleo::loadbalancer::glance_api: true
tripleo::loadbalancer::glance_registry: true
tripleo::loadbalancer::nova_ec2: true
tripleo::loadbalancer::nova_osapi: true
tripleo::loadbalancer::nova_metadata: true
tripleo::loadbalancer::nova_novncproxy: true
tripleo::loadbalancer::mysql: true
tripleo::loadbalancer::redis: true
tripleo::loadbalancer::sahara: true
tripleo::loadbalancer::swift_proxy_server: true
tripleo::loadbalancer::ceilometer: true
tripleo::loadbalancer::heat_api: true
tripleo::loadbalancer::heat_cloudwatch: true
tripleo::loadbalancer::heat_cfn: true
tripleo::loadbalancer::horizon: true
controller_classes: []
# firewall
tripleo::firewall::firewall_rules:
'101 mongodb_config':
port: 27019
'102 mongodb_sharding':
port: 27018
'103 mongod':
port: 27017
'104 mysql galera':
port:
- 873
- 3306
- 4444
- 4567
- 4568
- 9200
'105 ntp':
port: 123
proto: udp
'106 vrrp':
proto: vrrp
'107 haproxy stats':
port: 1993
'108 redis':
port:
- 6379
- 26379
'109 rabbitmq':
port:
- 5672
- 35672
'110 ceph':
port:
- 6789
- '6800-6810'
'111 keystone':
port:
- 5000
- 13000
- 35357
- 13357
'112 glance':
port:
- 9292
- 9191
- 13292
'113 nova':
port:
- 6080
- 13080
- 8773
- 3773
- 8774
- 13774
- 8775
'114 neutron server':
port:
- 9696
- 13696
'115 neutron dhcp input':
proto: 'udp'
port: 67
'116 neutron dhcp output':
proto: 'udp'
chain: 'OUTPUT'
port: 68
'118 neutron vxlan networks':
proto: 'udp'
port: 4789
'119 cinder':
port:
- 8776
- 13776
'120 iscsi initiator':
port: 3260
'121 memcached':
port: 11211
'122 swift proxy':
port:
- 8080
- 13808
'123 swift storage':
port:
- 873
- 6000
- 6001
- 6002
'124 ceilometer':
port:
- 8777
- 13777
'125 heat':
port:
- 8000
- 13800
- 8003
- 13003
- 8004
- 13004
'126 horizon':
port:
- 80
- 443
'127 snmp':
port: 161
proto: 'udp'
View Git Blame Copy Permalink