8002eb7df2
The upstream change at:502ff38c8cmade redis::ulimit an integer and will now error out if passed a string. Historically in THT we passed RedisFDLimit directly to the redis::ulimit hiera key as a string. Let's just change RedisFDLimit to a number. The only affected people will be those that A) tweaked this parameter and B) actually wrapped the param into quotes so to force it as a string. Given that this number is likely non-significance, we choose this route and we avoid an extra YAQL invocation to do a conversion in THT. Change-Id: I70361801c71738f2d95930aea99914316d9f0d11 Closes-Bug: #1854136 (cherry picked from commitb82725f5e0)
99 lines
3.0 KiB
YAML
99 lines
3.0 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack Redis service configured with Puppet
|
|
|
|
parameters:
|
|
RedisPassword:
|
|
description: The password for the redis service account.
|
|
type: string
|
|
hidden: true
|
|
RedisFDLimit:
|
|
description: Configure Redis FD limit
|
|
type: number
|
|
default: 10240
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
RedisIPv6:
|
|
default: false
|
|
description: Enable IPv6 in Redis
|
|
type: boolean
|
|
|
|
conditions:
|
|
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
|
|
redis_ipv6: {get_param: RedisIPv6}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the redis role.
|
|
value:
|
|
service_name: redis_base
|
|
config_settings:
|
|
redis::requirepass: {get_param: RedisPassword}
|
|
redis::masterauth: {get_param: RedisPassword}
|
|
redis::sentinel_auth_pass: {get_param: RedisPassword}
|
|
redis_ipv6: {get_param: RedisIPv6}
|
|
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
|
# for the given network; replacement examples (eg. for internal_api):
|
|
# internal_api -> IP
|
|
# internal_api_uri -> [IP]
|
|
# internal_api_subnet - > IP/CIDR
|
|
# Bind to localhost if internal TLS is enabled, since we put a TLs
|
|
# proxy in front.
|
|
redis::bind:
|
|
if:
|
|
- use_tls_proxy
|
|
- if:
|
|
- redis_ipv6
|
|
- '::1'
|
|
- '127.0.0.1'
|
|
- str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
|
|
redis::port: 6379
|
|
redis::sentinel::master_name: "%{hiera('redis_short_bootstrap_node_name')}"
|
|
redis::sentinel::redis_host: "%{hiera('redis_bootstrap_node_ip')}"
|
|
redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'
|
|
redis::sentinel::sentinel_bind:
|
|
if:
|
|
- use_tls_proxy
|
|
- if:
|
|
- redis_ipv6
|
|
- '::1'
|
|
- '127.0.0.1'
|
|
- str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
|
|
redis::ulimit: {get_param: RedisFDLimit}
|