openstack/tripleo-heat-templates
Code Issues Proposed changes
a269c1a5a6
tripleo-heat-templates/puppet/services/octavia-api.yaml
Carlos Goncalves 3c8e736981 Fix Octavia hieradata keys 
Commit https://review.openstack.org/#/c/612395/ deprecated some
parameters in class octavia::worker and moved them to the new class
octavia::controller.

Closes-Bug: #1805345
Depends-On: https://review.openstack.org/#/c/620118/

Change-Id: I53264dc6cbb75165484c3b1f6ddbee45dc4e0206
2018-11-27 08:49:58 +01:00

181 lines
6.8 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
OpenStack Octavia API service.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
OctaviaUserName:
description: The username for the Octavia database and keystone accounts.
type: string
default: 'octavia'
OctaviaPassword:
description: The password for the Octavia database and keystone accounts.
type: string
hidden: true
OctaviaProjectName:
description: The project name for the keystone Octavia account.
type: string
default: 'service'
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
MonitoringSubscriptionOctaviaApi:
default: 'overcloud-octavia-api'
type: string
OctaviaApiLoggingSource:
type: json
default:
tag: openstack.octavia.api
path: /var/log/octavia/api.log
OctaviaApiPolicies:
description: |
A hash of policies to configure for Octavia API.
e.g. { octavia-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
EnableInternalTLS:
type: boolean
default: false
conditions:
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
resources:
TLSProxyBase:
type: OS::TripleO::Services::TLSProxyBase
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
EnableInternalTLS: {get_param: EnableInternalTLS}
OctaviaBase:
type: ./octavia-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
OctaviaController:
type: ./octavia-controller.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Octavia API service.
value:
service_name: octavia_api
monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaApi}
config_settings:
map_merge:
- get_attr: [OctaviaBase, role_data, config_settings]
- get_attr: [OctaviaController, role_data, config_settings]
- get_attr: [TLSProxyBase, role_data, config_settings]
- octavia::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
octavia::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
octavia::policy::policies: {get_param: OctaviaApiPolicies}
octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
octavia::keystone::authtoken::project_name: {get_param: OctaviaProjectName}
octavia::keystone::authtoken::password: {get_param: OctaviaPassword}
octavia::api::sync_db: true
tripleo::octavia_api::firewall_rules:
'120 octavia api':
dport:
- 9876
- 13876
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
tripleo::profile::base::octavia::api::tls_proxy_bind_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
tripleo::profile::base::octavia::api::tls_proxy_fqdn:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
tripleo::profile::base::octavia::api::tls_proxy_port:
get_param: [EndpointMap, OctaviaInternal, port]
# Bind to localhost if internal TLS is enabled, since we put a TLS
# proxy in front.
octavia::api::host:
if:
- use_tls_proxy
- '127.0.0.1'
- str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
step_config: |
include tripleo::profile::base::octavia::api
service_config_settings:
fluentd:
tripleo_fluentd_groups_octavia_api:
- octavia
tripleo_fluentd_sources_octavia_api:
- {get_param: OctaviaApiLoggingSource}
keystone:
octavia::keystone::auth::tenant: {get_param: OctaviaProjectName}
octavia::keystone::auth::public_url: {get_param: [EndpointMap, OctaviaPublic, uri]}
octavia::keystone::auth::internal_url: { get_param: [ EndpointMap, OctaviaInternal, uri ] }
octavia::keystone::auth::admin_url: { get_param: [ EndpointMap, OctaviaAdmin, uri ] }
octavia::keystone::auth::password: {get_param: OctaviaPassword}
octavia::keystone::auth::region: {get_param: KeystoneRegion}
mysql:
octavia::db::mysql::password: {get_param: OctaviaPassword}
octavia::db::mysql::user: {get_param: OctaviaUserName}
octavia::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
octavia::db::mysql::dbname: octavia
octavia::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
metadata_settings:
get_attr: [TLSProxyBase, role_data, metadata_settings]
View Git Blame Copy Permalink