openstack/tripleo-heat-templates
Code Issues Proposed changes
a94f17d98c
tripleo-heat-templates/deployment/octavia/octavia-base.yaml
ramishra 7f195ff9a8 Remove DefaultPasswords interface 
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.

Reduces a number of heat resources.

Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
2021-02-12 11:38:44 +05:30

308 lines
12 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
OpenStack Octavia base service. Shared for all Octavia services
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
Debug:
type: boolean
default: false
description: Set to True to enable debugging on all services.
OctaviaDebug:
default: ''
description: Set to True to enable debugging Octavia services.
type: string
constraints:
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
EnableSQLAlchemyCollectd:
type: boolean
description: >
Set to true to enable the SQLAlchemy-collectd server plugin
default: false
EnableConfigPurge:
type: boolean
default: false
description: >
Remove configuration that is not generated by TripleO. Used to avoid
configuration remnants after upgrades.
NotificationDriver:
type: comma_delimited_list
default: 'noop'
description: Driver or drivers to handle sending notifications.
OctaviaUserName:
description: The username for the Octavia database and keystone accounts.
type: string
default: 'octavia'
OctaviaPassword:
description: The password for the Octavia database and keystone accounts.
type: string
hidden: true
OctaviaProjectName:
description: The project name for the keystone Octavia account.
type: string
default: 'service'
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
OctaviaCaCertFile:
type: string
default: '/etc/octavia/certs/ca_01.pem'
description: Octavia CA certificate file path.
OctaviaCaCert:
type: string
default: ''
description: Octavia CA certificate data. If provided, this will create
or update a file on the host with the path provided in
OctaviaCaCertFile with the certificate data.
OctaviaCaKeyFile:
type: string
default: '/etc/octavia/certs/private/cakey.pem'
description: Octavia CA private key file path.
OctaviaCaKey:
type: string
default: ''
description: The private key for the certificate provided in OctaviaCaCert.
If provided, this will create or update a file on the host
with the path provided in OctaviaCaKeyFile with the key
data.
OctaviaClientCertFile:
type: string
default: '/etc/octavia/certs/client.pem'
description: Octavia client certificate for amphorae.
OctaviaClientCert:
type: string
default: ''
description: Octavia client certificate data. If provided, this will create
or update a file on the host with the path provided in
OctaviaClientCertFile with the certificate data.
OctaviaServerCertsKeyPassphrase:
constraints:
- length: { min: 32, max: 32}
description: Passphrase for encrypting Amphora Certificates and
Private Keys. Must be exactly 32 characters.
type: string
hidden: true
OctaviaCaKeyPassphrase:
description: CA private key passphrase.
type: string
hidden: true
OctaviaAmphoraImageTag:
default: 'amphora-image'
description: Glance image tag for identifying the amphora image.
type: string
OctaviaAmphoraNetworkList:
default: []
description: List of networks to attach to amphorae.
type: comma_delimited_list
OctaviaAmphoraSshKeyName:
type: string
default: 'octavia-ssh-key'
description: SSH key name.
OctaviaLoadBalancerTopology:
default: ''
description: Load balancer topology configuration.
type: string
OctaviaFlavorId:
default: '65'
description: Nova flavor ID to be used when creating the nova flavor for
amphora.
type: string
OctaviaTimeoutClientData:
default: 50000
description: Frontend client inactivity timeout.
type: number
OctaviaTimeoutMemberConnect:
default: 5000
description: Backend member connection timeout.
type: number
OctaviaTimeoutMemberData:
default: 50000
description: Backend member inactivity timeout.
type: number
OctaviaTimeoutTcpInspect:
default: 0
description: Time to wait for TCP packets for content inspection.
type: number
OctaviaConnectionMaxRetries:
default: 120
description: Retry threshold for connecting to amphorae.
type: number
OctaviaConnectionLogging:
default: true
description: When false, tenant connection flows will not be logged.
type: boolean
OctaviaBuildActiveRetries:
default: 120
description: Retry threshold for waiting for a build slot for an amphorae.
type: number
OctaviaPortDetachTimeout:
default: 300
description: Seconds to wait for a port to detach from an amphora.
type: number
OctaviaAdminLogTargets:
default: []
description: List of syslog endpoints, host:port comma separated list,
to receive administrative log messages.
type: comma_delimited_list
OctaviaAdminLogFacility:
default: 1
description: The syslog "LOG_LOCAL" facility to use for the administrative
log messages.
type: number
constraints:
- range: { min: 0, max: 7 }
description: Facility must be between 0 and 7.
OctaviaForwardAllLogs:
default: false
description: When true, all log messages from the amphora will be forwarded
to the administrative log endponts, including non-load
balancing related logs.
type: boolean
OctaviaTenantLogTargets:
default: []
description: List of syslog endpoints, host:port comma separated list,
to receive tenant traffic flow log messages.
type: comma_delimited_list
OctaviaTenantLogFacility:
default: 0
description: The syslog "LOG_LOCAL" facility to use for the tenant
traffic flow log messages.
type: number
constraints:
- range: { min: 0, max: 7 }
description: Facility must be between 0 and 7.
OctaviaUserLogFormat:
default: "{{ '{{' }} project_id {{ '}}' }} {{ '{{' }} lb_id {{ '}}' }} %f %ci %cp %t %{+Q}r %ST %B %U %[ssl_c_verify] %{+Q}[ssl_c_s_dn] %b %s %Tt %tsc"
description: The tenant traffic flow log format string.
type: string
OctaviaDisableLocalLogStorage:
default: false
description: When true, logs will not be stored on the amphora filesystem.
This includes all kernel, system, and security logs.
type: boolean
OctaviaAntiAffinity:
default: true
description: Flag to indicate if anti-affinity feature is turned on.
type: boolean
conditions:
service_debug_unset: {equals : [{get_param: OctaviaDebug}, '']}
octavia_ca_cert_unset: {equals: [{get_param: OctaviaCaCert}, '']}
octavia_ca_key_unset: {equals: [{get_param: OctaviaCaKey}, '']}
octavia_client_cert_unset: {equals: [{get_param: OctaviaClientCert}, '']}
octavia_topology_unset: {equals : [{get_param: OctaviaLoadBalancerTopology}, ""]}
enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]}
outputs:
role_data:
description: Base role data for Octavia services
value:
service_name: octavia_base
config_settings:
map_merge:
- octavia::logging::debug:
if:
- service_debug_unset
- {get_param: Debug }
- {get_param: OctaviaDebug }
octavia::purge_config: {get_param: EnableConfigPurge}
octavia::notification_driver: {get_param: NotificationDriver}
octavia::db::database_connection:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
username: {get_param: OctaviaUserName}
password: {get_param: OctaviaPassword}
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /octavia
query:
if:
- enable_sqlalchemy_collectd
-
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
plugin: collectd
collectd_program_name: octavia
collectd_host: localhost
-
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
octavia::service_auth::auth_url: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
octavia::service_auth::auth_type: 'password'
octavia::service_auth::username: {get_param: OctaviaUserName}
octavia::service_auth::password: {get_param: OctaviaPassword}
octavia::service_auth::project_name: {get_param: OctaviaProjectName}
octavia::service_auth::project_domain_name: 'Default'
octavia::service_auth::user_domain_name: 'Default'
octavia::service_auth::region_name: {get_param: KeystoneRegion}
octavia::certificates::ca_certificate: {get_param: OctaviaCaCertFile}
octavia::certificates::ca_private_key: {get_param: OctaviaCaKeyFile}
octavia::certificates::client_cert: {get_param: OctaviaClientCertFile}
octavia::certificates::server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase}
octavia::certificates::ca_private_key_passphrase: {get_param: OctaviaCaKeyPassphrase}
octavia::controller::amp_boot_network_list: {get_param: OctaviaAmphoraNetworkList}
octavia::controller::amp_flavor_id: {get_param: OctaviaFlavorId}
octavia::controller::amp_image_tag: {get_param: OctaviaAmphoraImageTag}
octavia::controller::amp_ssh_key_name: {get_param: OctaviaAmphoraSshKeyName}
octavia::controller::enable_ssh_access: true
octavia::controller::timeout_client_data: {get_param: OctaviaTimeoutClientData}
octavia::controller::timeout_member_connect: {get_param: OctaviaTimeoutMemberConnect}
octavia::controller::timeout_member_data: {get_param: OctaviaTimeoutMemberData}
octavia::controller::timeout_tcp_inspect: {get_param: OctaviaTimeoutTcpInspect}
octavia::controller::connection_max_retries: {get_param: OctaviaConnectionMaxRetries}
octavia::controller::connection_logging: {get_param: OctaviaConnectionLogging}
octavia::controller::build_active_retries: {get_param: OctaviaBuildActiveRetries}
octavia::controller::port_detach_timeout: {get_param: OctaviaPortDetachTimeout}
octavia::controller::admin_log_targets: {get_param: OctaviaAdminLogTargets}
octavia::controller::administrative_log_facility: {get_param: OctaviaAdminLogFacility}
octavia::controller::forward_all_logs: {get_param: OctaviaForwardAllLogs}
octavia::controller::tenant_log_targets: {get_param: OctaviaTenantLogTargets}
octavia::controller::user_log_facility: {get_param: OctaviaTenantLogFacility}
octavia::controller::user_log_format: {get_param: OctaviaUserLogFormat}
octavia::controller::disable_local_log_storage: {get_param: OctaviaDisableLocalLogStorage}
octavia::nova::enable_anti_affinity: {get_param: OctaviaAntiAffinity}
-
if:
- octavia_topology_unset
- {}
- octavia::controller::loadbalancer_topology: {get_param: OctaviaLoadBalancerTopology}
-
if:
- octavia_ca_cert_unset
- {}
- octavia::certificates::ca_certificate_data: {get_param: OctaviaCaCert}
-
if:
- octavia_ca_key_unset
- {}
- octavia::certificates::ca_private_key_data: {get_param: OctaviaCaKey}
-
if:
- octavia_client_cert_unset
- {}
- octavia::certificates::client_cert_data: {get_param: OctaviaClientCert}
View Git Blame Copy Permalink