tripleo-heat-templates/extraconfig/post_deploy/undercloud_post.yaml
Emilien Macchi 016279b71e standalone/undercloud - post: use EndpointMap to fetch Keystone URL
Using EndpointMap to ensure we get the hostname/fqdn if possible
otherwise it fallbacks to the IP for Keystone public endpoint.

This is useful when the operator uses a certificate based on
hostname/fqdn and not an IP address.

Closes-Bug #1763776
Change-Id: Ifa9d55cca90caf5be0c83507cb47447e25311fce
2019-05-21 08:41:22 -04:00

232 lines
7.2 KiB
YAML

heat_template_version: rocky
description: >
Post-deployment for the TripleO undercloud
parameters:
servers:
type: json
DeployedServerPortMap:
default: {}
type: json
UndercloudHomeDir:
description: The HOME directory where the stackrc and ssh credentials for the Undercloud will be installed. Set to /home/<user> to customize the location.
type: string
default: '/root'
AdminPassword: #supplied by tripleo-undercloud-passwords.yaml
type: string
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
hidden: True
SSLCertificate:
description: >
The content of the SSL certificate (without Key) in PEM format.
type: string
default: ""
hidden: True
PublicSSLCertificateAutogenerated:
default: false
description: >
Whether the public SSL certificate was autogenerated or not.
type: boolean
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
SnmpdReadonlyUserPassword:
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
type: string
hidden: true
MysqlRootPassword:
type: string
hidden: true
default: ''
DnsServers:
default: []
description: >
DNS servers to use for the Overcloud (2 max for some implementations).
If not set the nameservers configured in the ctlplane subnet's
dns_nameservers attribute will be used.
type: comma_delimited_list
CtlplaneLocalPhysicalNetwork:
default: ctlplane
type: string
description: Physical network name for the ctlplane network local to the undercloud
UndercloudCtlplaneSubnets:
description: >
Dictionary of subnets to configure on the Undercloud ctlplan network
default: {}
type: json
UndercloudCtlplaneLocalSubnet:
description: The subnet local to the undercloud on the ctlplane network
default: ctlplane-subnet
type: string
UndercloudEnableRoutedNetworks:
description: Enable support for routed ctlplane networks.
default: False
type: boolean
UndercloudLocalMtu: # Override this via parameter_defaults
default: 1500
description: MTU to use for the Undercloud local_interface.
type: number
constraints:
- range: { min: 1000, max: 65536 }
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
UndercloudCloudName:
type: string
default: 'undercloud'
description: Cloud name for the clouds.yaml
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
conditions:
tls_enabled:
or:
- not:
equals:
- {get_param: SSLCertificate}
- ""
- equals:
- {get_param: PublicSSLCertificateAutogenerated}
- true
ca_file_enabled:
and:
- not:
equals:
- {get_param: InternalTLSCAFile}
- ""
- tls_enabled
resources:
UndercloudPostConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
inputs:
- name: deploy_identifier
- name: admin_password
- name: auth_url
- name: internal_tls_ca_file
- name: cloud_name
config: {get_file: ./undercloud_post.sh}
UndercloudPostDeployment:
type: OS::Heat::SoftwareDeployments
properties:
name: UndercloudPostDeployment
servers: {get_param: servers}
config: {get_resource: UndercloudPostConfig}
input_values:
ssl_certificate: {get_param: SSLCertificate}
homedir: {get_param: UndercloudHomeDir}
admin_password: {get_param: AdminPassword}
cloud_name: {get_param: UndercloudCloudName}
internal_tls_ca_file:
if:
- ca_file_enabled
- {get_param: InternalTLSCAFile}
- ''
auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
CloudsYamlConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
inputs:
- name: admin_password
- name: auth_url
- name: cloud_name
- name: home_dir
- name: identity_api_version
- name: project_name
- name: project_domain_name
- name: region_name
- name: user_name
- name: user_domain_name
config: {get_file: ./clouds_yaml.py}
CloudsYamlDeployment:
type: OS::Heat::SoftwareDeployments
properties:
name: CloudsYamlDeployment
servers: {get_param: servers}
config: {get_resource: CloudsYamlConfig}
input_values:
admin_password: {get_param: AdminPassword}
auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
cloud_name: {get_param: UndercloudCloudName}
home_dir: {get_param: UndercloudHomeDir}
identity_api_version: 3
project_name: 'admin'
project_domain_name: 'Default'
region_name: {get_param: KeystoneRegion}
user_name: 'admin'
user_domain_name: 'Default'
UndercloudPostPyConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
inputs:
- name: config
config: {get_file: ./undercloud_post.py}
UndercloudPostPyDeployment:
type: OS::Heat::SoftwareDeployments
depends_on: [UndercloudPostDeployment, CloudsYamlDeployment]
properties:
name: UndercloudPostPyDeployment
servers: {get_param: servers}
config: {get_resource: UndercloudPostPyConfig}
input_values:
config:
str_replace:
template: JSON
params:
JSON:
cloud_name: {get_param: UndercloudCloudName}
home_dir: {get_param: UndercloudHomeDir}
snmp_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
undercloud_db_password: {get_param: MysqlRootPassword}
UndercloudCtlplaneNetworkConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
inputs:
- name: config
config: {get_file: ./undercloud_ctlplane_network.py}
UndercloudCtlplaneNetworkDeployment:
type: OS::Heat::SoftwareDeployments
depends_on: [UndercloudPostDeployment, CloudsYamlDeployment]
properties:
name: UndercloudCtlplaneNetworkDeployment
servers: {get_param: servers}
config: {get_resource: UndercloudCtlplaneNetworkConfig}
input_values:
config:
str_replace:
template: JSON
params:
JSON:
cloud_name: {get_param: UndercloudCloudName}
local_ip: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
local_subnet: {get_param: UndercloudCtlplaneLocalSubnet}
nameservers: {get_param: DnsServers}
physical_network: {get_param: CtlplaneLocalPhysicalNetwork}
subnets: {get_param: UndercloudCtlplaneSubnets}
enable_routed_networks: {get_param: UndercloudEnableRoutedNetworks}
mtu: {get_param: UndercloudLocalMtu}
home_dir: {get_param: UndercloudHomeDir}