37548ddb40
This change enforces the usage of internal api for token verification, so that internal requests to keystone uses internal endpoint instead of admin endpoint which is deployed on provisioning network by default. Change-Id: I8b5ac36ff1da46844d18fa73f835175e52719a63 Closes-Bug: #1899266
121 lines
4.4 KiB
YAML
121 lines
4.4 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack Sahara base service. Shared for all Sahara services.
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
SaharaPassword:
|
|
description: The password for the sahara service account, used by sahara-api.
|
|
type: string
|
|
hidden: true
|
|
Debug:
|
|
type: boolean
|
|
default: false
|
|
description: Set to True to enable debugging on all services.
|
|
SaharaDebug:
|
|
default: ''
|
|
description: Set to True to enable debugging Sahara services.
|
|
type: string
|
|
constraints:
|
|
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
|
|
EnableSQLAlchemyCollectd:
|
|
type: boolean
|
|
description: >
|
|
Set to true to enable the SQLAlchemy-collectd server plugin
|
|
default: false
|
|
SaharaPlugins:
|
|
default: ["ambari","cdh","mapr","vanilla","spark","storm"]
|
|
description: Sahara enabled plugin list
|
|
type: comma_delimited_list
|
|
NotificationDriver:
|
|
type: string
|
|
default: 'noop'
|
|
description: Driver or drivers to handle sending notifications.
|
|
NtpServer:
|
|
default: ['0.pool.ntp.org', '1.pool.ntp.org', '2.pool.ntp.org', '3.pool.ntp.org']
|
|
description: NTP servers list. Defaulted to a set of pool.ntp.org servers
|
|
in order to have a sane default for Pacemaker deployments when
|
|
not configuring this parameter by default.
|
|
type: comma_delimited_list
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
|
|
conditions:
|
|
service_debug_unset: {equals : [{get_param: SaharaDebug}, '']}
|
|
enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Sahara base service.
|
|
value:
|
|
service_name: sahara_base
|
|
config_settings:
|
|
sahara::database_connection:
|
|
make_url:
|
|
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
|
|
username: sahara
|
|
password: {get_param: SaharaPassword}
|
|
host: {get_param: [EndpointMap, MysqlInternal, host]}
|
|
path: /sahara
|
|
query:
|
|
if:
|
|
- enable_sqlalchemy_collectd
|
|
-
|
|
read_default_file: /etc/my.cnf.d/tripleo.cnf
|
|
read_default_group: tripleo
|
|
plugin: collectd
|
|
collectd_program_name: sahara
|
|
collectd_host: localhost
|
|
-
|
|
read_default_file: /etc/my.cnf.d/tripleo.cnf
|
|
read_default_group: tripleo
|
|
|
|
sahara::notify::notification_driver: {get_param: NotificationDriver}
|
|
sahara::logging::debug:
|
|
if:
|
|
- service_debug_unset
|
|
- {get_param: Debug }
|
|
- {get_param: SaharaDebug }
|
|
sahara::default_ntp_server: {get_param: NtpServer}
|
|
sahara::use_neutron: true
|
|
sahara::plugins: {get_param: SaharaPlugins}
|
|
sahara::rpc_backend: rabbit
|
|
sahara::db::database_db_max_retries: -1
|
|
sahara::db::database_max_retries: -1
|
|
sahara::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
sahara::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
sahara::keystone::authtoken::password: {get_param: SaharaPassword}
|
|
sahara::keystone::authtoken::project_name: 'service'
|
|
sahara::keystone::authtoken::user_domain_name: 'Default'
|
|
sahara::keystone::authtoken::project_domain_name: 'Default'
|
|
sahara::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
|
sahara::keystone::authtoken::interface: 'internal'
|