33bc901670
This also tells the neutron metadata agent to use TLS for contacting nova-metadata. bp tls-via-certmonger Depends-On: I97ac2da29be468c75713fe2fae7e6d84cae8f67c Depends-On: I9df395dc699090bd73265d10395e155e9b8adb26 Change-Id: I9a8c54f6e052852b8f9d06a42da87773f4da3a15
90 lines
2.6 KiB
YAML
90 lines
2.6 KiB
YAML
heat_template_version: pike
|
|
|
|
description: >
|
|
OpenStack Nova API service configured with Puppet
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
NovaWorkers:
|
|
default: 0
|
|
description: Number of workers for Nova services.
|
|
type: number
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
|
|
conditions:
|
|
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
|
|
|
|
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
|
|
|
|
resources:
|
|
|
|
TLSProxyBase:
|
|
type: OS::TripleO::Services::TLSProxyBase
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
EnableInternalTLS: {get_param: EnableInternalTLS}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Nova Metadata service.
|
|
value:
|
|
service_name: nova_metadata
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [TLSProxyBase, role_data, config_settings]
|
|
- nova::api::metadata_listen:
|
|
if:
|
|
- use_tls_proxy
|
|
- 'localhost'
|
|
- {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
|
-
|
|
if:
|
|
- nova_workers_zero
|
|
- {}
|
|
- nova::api::metadata_workers: {get_param: NovaWorkers}
|
|
-
|
|
if:
|
|
- use_tls_proxy
|
|
- tripleo::profile::base::nova::api::metadata_tls_proxy_bind_ip:
|
|
get_param: [ServiceNetMap, NovaMetadataNetwork]
|
|
tripleo::profile::base::nova::api::metadata_tls_proxy_fqdn:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('fqdn_$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
|
- {}
|
|
step_config: ""
|
|
metadata_settings:
|
|
get_attr: [TLSProxyBase, role_data, metadata_settings]
|