tripleo-heat-templates/puppet/services/database/redis-base.yaml

heat_template_version: queens

description: >
  OpenStack Redis service configured with Puppet  

parameters:
  RedisPassword:
    description: The password for the redis service account.
    type: string
    hidden: true
  RedisFDLimit:
    description: Configure Redis FD limit
    type: string
    default: 10240
  ServiceData:
    default: {}
    description: Dictionary packing service data
    type: json
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  EnableInternalTLS:
    type: boolean
    default: false
  RedisIPv6:
    default: false
    description: Enable IPv6 in Redis
    type: boolean

conditions:
  internal_tls_enabled: {equals : [{get_param: EnableInternalTLS}, true]}
  redis_ipv6: {get_param: RedisIPv6}

outputs:
  role_data:
    description: Role data for the redis role.
    value:
      service_name: redis_base
      config_settings:
        redis::requirepass: {get_param: RedisPassword}
        redis::masterauth: {get_param: RedisPassword}
        redis::sentinel_auth_pass: {get_param: RedisPassword}
        redis_ipv6: {get_param: RedisIPv6}
        # NOTE: bind IP is found in hiera replacing the network name with the local node IP
        # for the given network; replacement examples (eg. for internal_api):
        # internal_api -> IP
        # internal_api_uri -> [IP]
        # internal_api_subnet - > IP/CIDR
        # Bind to localhost if internal TLS is enabled, since we put a TLs
        # proxy in front.
        redis::bind:
          if:
          - internal_tls_enabled
          - if:
            - redis_ipv6
            - '::1'
            - '127.0.0.1'
          - str_replace:
              template:
                "%{hiera('$NETWORK')}"
              params:
                $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
        redis::port: 6379
        redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}"
        redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}"
        redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'
        redis::sentinel::sentinel_bind:
          if:
          - internal_tls_enabled
          - if:
            - redis_ipv6
            - '::1'
            - '127.0.0.1'
          - str_replace:
              template:
                "%{hiera('$NETWORK')}"
              params:
                $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
        redis::ulimit: {get_param: RedisFDLimit}
      metadata_settings:
        if:
          - internal_tls_enabled
          -
            - service: mysql
              network: {get_param: [ServiceNetMap, MysqlNetwork]}
              type: vip
            - service: mysql
              network: {get_param: [ServiceNetMap, MysqlNetwork]}
              type: node
          - null