32279c4a32
Manage all Keystone resources with Ansible Change-Id: I96a3351fca26cd8bb122a86cb4c3a58d5f88573e (cherry picked from commit7f40baabcd) keystone: fix trailing space Change-Id: Id3642bd4f539f496d00298ab7996720f14cd0a3c (cherry picked from commit4c167191dc) deployment: document keystone_resources Bring some documentation into the deployment README about the new keystone_resources interface. Change-Id: I17c2c451136eb4729e4751a250d5545019ea84ff (cherry picked from commit362e92fb82) Add novajoin to EndpointMap Previously, novajoin was relying on hiera data to populate endpoints in keystone, but that recently changed for the rest of the OpenStack services. This commit updates novajoin to use the same approach with EndpointMap. Otherwise, deploying the undercloud fails with an error message similar to the following: Cannot create an endpoint with an invalid URL: http://%{hiera('ctlplane')}:9090/v1/. Change-Id: I0e177a5e21ed9fb5eacba7a766c153ba99af34ae (cherry picked from commit18e51ca533) keystone/ldap: add missing cloud name ... or Ansible will use the default "openstack" cloud, which isn't good. We need to create domains in the actual overcloud. Change-Id: I129d7355364c87c40f51372b402620790a31ec81 (cherry picked from commitb3538251d6)
131 lines
4.6 KiB
YAML
131 lines
4.6 KiB
YAML
# Copyright (c) 2017 Veritas Technologies LLC.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
heat_template_version: rocky
|
|
|
|
description: >
|
|
Openstack Veritas HyperScale backend
|
|
|
|
parameters:
|
|
VrtsRabbitPassword:
|
|
type: string
|
|
description: The Rabbitmq password of the hyperscale user. Mandatory.
|
|
VrtsKeystonePassword:
|
|
type: string
|
|
description: The Keystone password of the hyperscale service. Mandatory.
|
|
VrtsMysqlPassword:
|
|
type: string
|
|
description: The MySQL password of the hyperscale user. Mandatory.
|
|
VrtsCtrlMgmtIP:
|
|
type: string
|
|
default: ''
|
|
description: The management IP of HyperScale. The value will be inferred
|
|
from the rest of the deployment settings if left blank.
|
|
VrtsDashboardIP:
|
|
type: string
|
|
default: ''
|
|
description: The dashboard IP of HyperScale. The value will be inferred
|
|
from the rest of the deployment settings if left blank.
|
|
VrtsZookeeperIP:
|
|
type: string
|
|
description: The IP of a node where Zookeeper is configured. Mandatory.
|
|
VrtsSSHPassword:
|
|
type: string
|
|
description: The SSH password of the hyperscale user. Mandatory.
|
|
VrtsConfigParam1:
|
|
type: string
|
|
default: ''
|
|
description: Additional config parameter. Optional.
|
|
VrtsConfigParam2:
|
|
type: string
|
|
default: ''
|
|
description: Additional config parameter. Optional.
|
|
VrtsConfigParam3:
|
|
type: string
|
|
default: ''
|
|
description: Additional config parameter. Optional.
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
type: json
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Install Veritas HyperScale packages for controller.
|
|
value:
|
|
service_name: veritas_hyperscale_controller
|
|
config_settings:
|
|
global_config_settings:
|
|
vrts_ctrl_mgmt_ip: {get_param: VrtsCtrlMgmtIP}
|
|
vrts_dashboard_ip: {get_param: VrtsDashboardIP}
|
|
vrts_zookeeper_ip: {get_param: VrtsZookeeperIP}
|
|
vrts_ssh_passwd: {get_param: VrtsSSHPassword}
|
|
vrts_config_param1: {get_param: VrtsConfigParam1}
|
|
vrts_config_param2: {get_param: VrtsConfigParam2}
|
|
vrts_config_param3: {get_param: VrtsConfigParam3}
|
|
step_config: |
|
|
include ::veritas_hyperscale::controller_pkg_inst
|
|
service_config_settings:
|
|
rabbitmq:
|
|
vrts_rabbitmq_passwd: {get_param: VrtsRabbitPassword}
|
|
mysql:
|
|
vrts_mysql_passwd: {get_param: VrtsMysqlPassword}
|
|
keystone_resources:
|
|
hyperscale:
|
|
# Replicating what was done with Puppet manifest:
|
|
# https://github.com/vtas-hyperscale-ci/puppet-veritas_hyperscale/blob/7c7868adb027c5bcfdcb6fc9d86610470759ae28/manifests/hs_keystone.pp#L17
|
|
# Moving forward, we should have the Veritas part of EndpointMap so the service
|
|
# can live outside of the Keystone node.
|
|
endpoints:
|
|
public: &veritas_endpoint
|
|
make_url:
|
|
scheme: {get_param: [EndpointMap, KeystoneAdmin, protocol]}
|
|
host: {get_param: [EndpointMap, KeystoneAdmin, host]}
|
|
port: 8753
|
|
path: /v1/%(tenant_id)s
|
|
internal: *veritas_endpoint
|
|
admin: *veritas_endpoint
|
|
users:
|
|
hyperscale:
|
|
password: {get_param: VrtsKeystonePassword}
|
|
region: {get_param: KeystoneRegion}
|
|
service: 'infrastructure'
|
|
roles:
|
|
- infra_admin
|