tripleo-heat-templates/deployment/heat/heat-base-puppet.yaml
Takashi Kajinami 807f0e638c Heat: Remove non-existing puppet parameters
The heat::trustee class doesn't support project_name and region_name.
This change removes these two unused parameters from hieradata.

Change-Id: I56455423ea8b28eda92bbc334c45fbaba5757151
2022-04-15 01:02:04 +09:00

233 lines
9.4 KiB
YAML

heat_template_version: wallaby
description: >
Openstack Heat base service. Shared for all Heat services.
parameters:
Debug:
default: false
description: Set to True to enable debugging on all services.
type: boolean
HeatDebug:
default: false
description: Set to True to enable debugging Heat services.
type: boolean
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. Use
parameter_merge_strategies to merge it with the defaults.
type: json
HeatPassword:
description: The password for the Heat service and db account, used by the Heat services.
type: string
hidden: true
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
EnableCache:
description: Enable caching with memcached
type: boolean
default: true
HeatCronPurgeDeletedEnsure:
type: string
description: >
Cron to purge db entries marked as deleted and older than $age - Ensure
default: 'present'
HeatCronPurgeDeletedMinute:
type: string
description: >
Cron to purge db entries marked as deleted and older than $age - Minute
default: '1'
HeatCronPurgeDeletedHour:
type: string
description: >
Cron to purge db entries marked as deleted and older than $age - Hour
default: '0'
HeatCronPurgeDeletedMonthday:
type: string
description: >
Cron to purge db entries marked as deleted and older than $age - Month Day
default: '*'
HeatCronPurgeDeletedMonth:
type: string
description: >
Cron to purge db entries marked as deleted and older than $age - Month
default: '*'
HeatCronPurgeDeletedWeekday:
type: string
description: >
Cron to purge db entries marked as deleted and older than $age - Week Day
default: '*'
HeatCronPurgeDeletedMaxDelay:
type: string
description: >
Cron to purge db entries marked as deleted and older than $age - Max Delay
default: '3600'
HeatCronPurgeDeletedUser:
type: string
description: >
Cron to purge db entries marked as deleted and older than $age - User
default: 'heat'
HeatCronPurgeDeletedAge:
type: string
description: >
Cron to purge db entries marked as deleted and older than $age - Age
default: '30'
HeatCronPurgeDeletedAgeType:
type: string
description: >
Cron to purge db entries marked as deleted and older than $age - Age type
default: 'days'
HeatCronPurgeDeletedDestination:
type: string
description: >
Cron to purge db entries marked as deleted and older than $age - Log destination
default: '/dev/null'
HeatYaqlLimitIterators:
type: number
description: >
The maximum number of elements in collection yaql expressions can take
for its evaluation.
default: 1000
HeatYaqlMemoryQuota:
type: number
description: >
The maximum size of memory in bytes that yaql exrpessions can take for
its evaluation.
default: 100000
HeatMaxJsonBodySize:
default: 4194304
description: Maximum raw byte size of the Heat API JSON request body.
type: number
NotificationDriver:
type: comma_delimited_list
default: 'noop'
description: Driver or drivers to handle sending notifications.
HeatCorsAllowedOrigin:
type: string
default: ''
description: Indicate whether this resource may be shared with the domain received in the request
"origin" header.
HeatRpcResponseTimeout:
default: 600
description: Heat's RPC response timeout, in seconds.
type: number
MemcachedTLS:
default: false
description: Set to True to enable TLS on Memcached service.
Because not all services support Memcached TLS, during the
migration period, Memcached will listen on 2 ports - on the
port set with MemcachedPort parameter (above) and on 11211,
without TLS.
type: boolean
MemcacheUseAdvancedPool:
type: boolean
description: |
Use the advanced (eventlet safe) memcached client pool.
default: true
EnforceSecureRbac:
type: boolean
default: false
description: >-
Setting this option to True will configure each OpenStack service to
enforce Secure RBAC by setting `[oslo_policy] enforce_new_defaults` and
`[oslo_policy] enforce_scope` to True. This introduces a consistent set
of RBAC personas across OpenStack services that include support for
system and project scope, as well as keystone's default roles, admin,
member, and reader. Do not enable this functionality until all services in
your deployment actually support secure RBAC.
conditions:
tls_cache_enabled:
and:
- {get_param: EnableCache}
- {get_param: MemcachedTLS}
cors_allowed_origin_set:
not: {equals : [{get_param: HeatCorsAllowedOrigin}, '']}
outputs:
role_data:
description: Shared role data for the Heat services.
value:
service_name: heat_base
config_settings:
map_merge:
- if:
- {get_param: EnforceSecureRbac}
- heat::policy::enforce_scope: true
heat::policy::enforce_new_defaults: true
- if:
- cors_allowed_origin_set
- heat::cors::allowed_origin: {get_param: HeatCorsAllowedOrigin}
- heat::notification_driver: {get_param: NotificationDriver}
heat::logging::debug:
if:
- {get_param: HeatDebug}
- true
- {get_param: Debug}
heat::enable_proxy_headers_parsing: true
heat::rpc_response_timeout: {get_param: HeatRpcResponseTimeout}
heat::rabbit_heartbeat_timeout_threshold: 60
heat::region_name: {get_param: KeystoneRegion}
heat::keystone::authtoken::project_name: 'service'
heat::keystone::authtoken::user_domain_name: 'Default'
heat::keystone::authtoken::project_domain_name: 'Default'
heat::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
heat::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
heat::keystone::authtoken::password: {get_param: HeatPassword}
heat::keystone::authtoken::region_name: {get_param: KeystoneRegion}
heat::keystone::authtoken::interface: 'internal'
heat::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
heat::keystone::domain::domain_name: 'heat_stack'
heat::keystone::domain::domain_admin: 'heat_stack_domain_admin'
heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost'
heat::db::database_db_max_retries: -1
heat::db::database_max_retries: -1
heat::db::sync_db: false
heat::yaql_memory_quota: {get_param: HeatYaqlMemoryQuota}
heat::yaql_limit_iterators: {get_param: HeatYaqlLimitIterators}
heat::cors::max_age: 3600
heat::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
heat::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
heat::cron::purge_deleted::ensure: {get_param: HeatCronPurgeDeletedEnsure}
heat::cron::purge_deleted::minute: {get_param: HeatCronPurgeDeletedMinute}
heat::cron::purge_deleted::hour: {get_param: HeatCronPurgeDeletedHour}
heat::cron::purge_deleted::monthday: {get_param: HeatCronPurgeDeletedMonthday}
heat::cron::purge_deleted::month: {get_param: HeatCronPurgeDeletedMonth}
heat::cron::purge_deleted::weekday: {get_param: HeatCronPurgeDeletedWeekday}
heat::cron::purge_deleted::maxdelay: {get_param: HeatCronPurgeDeletedMaxDelay}
heat::cron::purge_deleted::user: {get_param: HeatCronPurgeDeletedUser}
heat::cron::purge_deleted::age: {get_param: HeatCronPurgeDeletedAge}
heat::cron::purge_deleted::age_type: {get_param: HeatCronPurgeDeletedAgeType}
heat::cron::purge_deleted::destination: {get_param: HeatCronPurgeDeletedDestination}
heat::max_json_body_size: {get_param: HeatMaxJsonBodySize}
heat::trustee::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
heat::trustee::user_domain_name: 'Default'
- heat::cache::enabled: {get_param: EnableCache}
heat::cache::tls_enabled: {get_param: MemcachedTLS}
heat::cache::resource_finder_caching: false
- if:
- tls_cache_enabled
- heat::cache::backend: 'dogpile.cache.pymemcache'
heat::cache::enable_socket_keepalive: true
- heat::cache::backend: 'dogpile.cache.memcached'