37548ddb40
This change enforces the usage of internal api for token verification, so that internal requests to keystone uses internal endpoint instead of admin endpoint which is deployed on provisioning network by default. Change-Id: I8b5ac36ff1da46844d18fa73f835175e52719a63 Closes-Bug: #1899266
123 lines
4.3 KiB
YAML
123 lines
4.3 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack Aodh service configured with Puppet
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
AodhPassword:
|
|
description: The password for the aodh services.
|
|
type: string
|
|
hidden: true
|
|
RedisPassword:
|
|
description: The password for the redis service account.
|
|
type: string
|
|
hidden: true
|
|
Debug:
|
|
default: false
|
|
description: Set to True to enable debugging on all services.
|
|
type: boolean
|
|
AodhDebug:
|
|
default: ''
|
|
description: Set to True to enable debugging Aodh services.
|
|
type: string
|
|
constraints:
|
|
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
|
|
EnableSQLAlchemyCollectd:
|
|
type: boolean
|
|
description: >
|
|
Set to true to enable the SQLAlchemy-collectd server plugin
|
|
default: false
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
NotificationDriver:
|
|
type: string
|
|
default: 'noop'
|
|
description: Driver or drivers to handle sending notifications.
|
|
|
|
conditions:
|
|
service_debug_unset: {equals : [{get_param: AodhDebug}, '']}
|
|
enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Aodh role.
|
|
value:
|
|
service_name: aodh_base
|
|
config_settings:
|
|
aodh_redis_password: {get_param: RedisPassword}
|
|
aodh::db::database_connection:
|
|
make_url:
|
|
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
|
|
username: aodh
|
|
password: {get_param: AodhPassword}
|
|
host: {get_param: [EndpointMap, MysqlInternal, host]}
|
|
path: /aodh
|
|
query:
|
|
if:
|
|
- enable_sqlalchemy_collectd
|
|
-
|
|
read_default_file: /etc/my.cnf.d/tripleo.cnf
|
|
read_default_group: tripleo
|
|
plugin: collectd
|
|
collectd_program_name: aodh
|
|
collectd_host: localhost
|
|
-
|
|
read_default_file: /etc/my.cnf.d/tripleo.cnf
|
|
read_default_group: tripleo
|
|
|
|
aodh::logging::debug:
|
|
if:
|
|
- service_debug_unset
|
|
- {get_param: Debug }
|
|
- {get_param: AodhDebug }
|
|
aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
|
aodh::notification_driver: {get_param: NotificationDriver}
|
|
aodh::keystone::authtoken::project_name: 'service'
|
|
aodh::keystone::authtoken::user_domain_name: 'Default'
|
|
aodh::keystone::authtoken::project_domain_name: 'Default'
|
|
aodh::keystone::authtoken::password: {get_param: AodhPassword}
|
|
aodh::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
|
aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
|
aodh::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
|
aodh::keystone::authtoken::interface: 'internal'
|
|
aodh::auth::auth_password: {get_param: AodhPassword}
|
|
aodh::auth::auth_region: {get_param: KeystoneRegion}
|
|
aodh::auth::auth_project_name: 'service'
|
|
service_config_settings:
|
|
mysql:
|
|
aodh::db::mysql::user: aodh
|
|
aodh::db::mysql::password: {get_param: AodhPassword}
|
|
aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
|
aodh::db::mysql::dbname: aodh
|
|
aodh::db::mysql::allowed_hosts:
|
|
- '%'
|
|
- "%{hiera('mysql_bind_host')}"
|