9d67d7b3b1
This patch moves the keystone::auth settings for all
services into the new service_config_settings section. This
is important because we execute the keystone commands via
puppet only on the role containing the keystone service
and without these settings it will fail.
Note that yaql merging/filtering is used here to ensure that
service_config_settings is optional in service templates,
and also that we'll only deploy hieradata for a given
service on a node running the service (the key in
the service_config_settings map must match the service_name
in the service template for this to work).
e.g the following will result in only deploying keystone: 123
in hiera on the role running the "keystone" service,
regardless of which service template defines it.
service_config_settings:
keystone:
keystone: 123
Co-Authored-By: Steven Hardy <shardy@redhat.com>
Change-Id: I0c2fce037a1a38772f998d582a816b4b703f8265
Closes-bug: 1620829
107 lines
3.8 KiB
YAML
107 lines
3.8 KiB
YAML
heat_template_version: 2016-04-08
|
|
|
|
description: >
|
|
OpenStack Aodh service configured with Puppet
|
|
|
|
parameters:
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
AodhPassword:
|
|
description: The password for the aodh services.
|
|
type: string
|
|
hidden: true
|
|
RedisPassword:
|
|
description: The password for the redis service account.
|
|
type: string
|
|
hidden: true
|
|
RabbitPassword:
|
|
description: The password for RabbitMQ
|
|
type: string
|
|
hidden: true
|
|
RabbitUserName:
|
|
default: guest
|
|
description: The username for RabbitMQ
|
|
type: string
|
|
RabbitClientUseSSL:
|
|
default: false
|
|
description: >
|
|
Rabbit client subscriber parameter to specify
|
|
an SSL connection to the RabbitMQ host.
|
|
type: string
|
|
RabbitClientPort:
|
|
default: 5672
|
|
description: Set rabbit subscriber port, change this if using SSL
|
|
type: number
|
|
Debug:
|
|
default: ''
|
|
description: Set to True to enable debugging on all services.
|
|
type: string
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Aodh role.
|
|
value:
|
|
service_name: aodh_base
|
|
config_settings:
|
|
aodh::evaluator::coordination_url:
|
|
list_join:
|
|
- ''
|
|
- - 'redis://:'
|
|
- {get_param: RedisPassword}
|
|
- '@'
|
|
- "%{hiera('redis_vip')}"
|
|
- ':6379/'
|
|
aodh::db::database_connection:
|
|
list_join:
|
|
- ''
|
|
- - {get_param: [EndpointMap, MysqlInternal, protocol]}
|
|
- '://aodh:'
|
|
- {get_param: AodhPassword}
|
|
- '@'
|
|
- {get_param: [EndpointMap, MysqlInternal, host]}
|
|
- '/aodh'
|
|
aodh::debug: {get_param: Debug}
|
|
aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
|
aodh::rabbit_userid: {get_param: RabbitUserName}
|
|
aodh::rabbit_password: {get_param: RabbitPassword}
|
|
aodh::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
|
|
aodh::rabbit_port: {get_param: RabbitClientPort}
|
|
aodh::keystone::authtoken::project_name: 'service'
|
|
aodh::keystone::authtoken::password: {get_param: AodhPassword}
|
|
aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
|
aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
|
|
aodh::auth::auth_password: {get_param: AodhPassword}
|
|
aodh::db::mysql::user: aodh
|
|
aodh::db::mysql::password: {get_param: AodhPassword}
|
|
aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
|
aodh::db::mysql::dbname: aodh
|
|
aodh::db::mysql::allowed_hosts:
|
|
- '%'
|
|
- "%{hiera('mysql_bind_host')}"
|
|
aodh::auth::auth_region: 'regionOne'
|
|
aodh::auth::auth_tenant_name: 'service'
|
|
service_config_settings:
|
|
keystone:
|
|
aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]}
|
|
aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]}
|
|
aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]}
|
|
aodh::keystone::auth::password: {get_param: AodhPassword}
|
|
aodh::keystone::auth::region: {get_param: KeystoneRegion}
|
|
aodh::keystone::auth::tenant: 'service'
|