f762bbc361
This generates tons of unnecessary events when gnocchi uses swift backend.
We end up filtering most of these anyway. So lets disable this so it
doesn't put useless load. Also changing the default project to service as
thats what gnocchi uses to authenticate with swift.
Closes-bug: #1693339
Change-Id: I40f47d46fdb06f31a739b590bf653bca71e33f61
(cherry picked from commit 142b5a2889)
185 lines
7.2 KiB
YAML
185 lines
7.2 KiB
YAML
heat_template_version: ocata
|
|
|
|
description: >
|
|
OpenStack Swift Proxy service configured with Puppet
|
|
|
|
parameters:
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
Debug:
|
|
default: ''
|
|
description: Set to True to enable debugging on all services.
|
|
type: string
|
|
SwiftPassword:
|
|
description: The password for the swift service account, used by the swift proxy services.
|
|
type: string
|
|
hidden: true
|
|
SwiftProxyNodeTimeout:
|
|
default: 60
|
|
description: Timeout for requests going from swift-proxy to swift a/c/o services.
|
|
type: number
|
|
SwiftWorkers:
|
|
default: 0
|
|
description: Number of workers for Swift service.
|
|
type: number
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
MonitoringSubscriptionSwiftProxy:
|
|
default: 'overcloud-swift-proxy'
|
|
type: string
|
|
RabbitPassword:
|
|
description: The password for RabbitMQ
|
|
type: string
|
|
hidden: true
|
|
RabbitUserName:
|
|
default: guest
|
|
description: The username for RabbitMQ
|
|
type: string
|
|
SwiftCeilometerPipelineEnabled:
|
|
description: Set to False to disable the swift proxy ceilometer pipeline.
|
|
default: false
|
|
type: boolean
|
|
SwiftCeilometerIgnoreProjects:
|
|
default: ['service']
|
|
description: Comma-seperated list of project names to ignore.
|
|
type: comma_delimited_list
|
|
RabbitClientPort:
|
|
default: 5672
|
|
description: Set rabbit subscriber port, change this if using SSL
|
|
type: number
|
|
RabbitClientUseSSL:
|
|
default: false
|
|
description: >
|
|
Rabbit client subscriber parameter to specify
|
|
an SSL connection to the RabbitMQ host.
|
|
type: string
|
|
|
|
conditions:
|
|
|
|
ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, true]}
|
|
|
|
resources:
|
|
SwiftBase:
|
|
type: ./swift-base.yaml
|
|
properties:
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Swift proxy service.
|
|
value:
|
|
service_name: swift_proxy
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionSwiftProxy}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [SwiftBase, role_data, config_settings]
|
|
|
|
- swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
|
swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
swift::proxy::authtoken::password: {get_param: SwiftPassword}
|
|
swift::proxy::authtoken::project_name: 'service'
|
|
swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
|
|
swift::proxy::workers: {get_param: SwiftWorkers}
|
|
-
|
|
if:
|
|
- ceilometer_pipeline_enabled
|
|
-
|
|
swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName}
|
|
swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword}
|
|
swift::proxy::ceilometer::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
|
swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
swift::proxy::ceilometer::password: {get_param: SwiftPassword}
|
|
swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects}
|
|
swift::proxy::ceilometer::nonblocking_notify: true
|
|
swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
|
|
- {}
|
|
- swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]}
|
|
tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort}
|
|
tripleo::profile::base::swift::proxy::ceilometer_messaging_use_ssl: {get_param: RabbitClientUseSSL}
|
|
tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled}
|
|
tripleo.swift_proxy.firewall_rules:
|
|
'122 swift proxy':
|
|
dport:
|
|
- 8080
|
|
- 13808
|
|
swift::proxy::keystone::operator_roles:
|
|
- admin
|
|
- swiftoperator
|
|
- ResellerAdmin
|
|
swift::proxy::versioned_writes::allow_versioned_writes: true
|
|
swift::proxy::pipeline:
|
|
yaql:
|
|
expression: $.data.pipeline.where($ != '')
|
|
data:
|
|
pipeline:
|
|
- 'catch_errors'
|
|
- 'healthcheck'
|
|
- 'proxy-logging'
|
|
- 'cache'
|
|
- 'ratelimit'
|
|
- 'bulk'
|
|
- 'tempurl'
|
|
- 'formpost'
|
|
- 'authtoken'
|
|
- 'keystone'
|
|
- 'staticweb'
|
|
- 'copy'
|
|
- 'container_quotas'
|
|
- 'account_quotas'
|
|
- 'slo'
|
|
- 'dlo'
|
|
- 'versioned_writes'
|
|
-
|
|
if:
|
|
- ceilometer_pipeline_enabled
|
|
- 'ceilometer'
|
|
- ''
|
|
- 'proxy-logging'
|
|
- 'proxy-server'
|
|
swift::proxy::account_autocreate: true
|
|
# NOTE: bind IP is found in Heat replacing the network name with the
|
|
# local node IP for the given network; replacement examples
|
|
# (eg. for internal_api):
|
|
# internal_api -> IP
|
|
# internal_api_uri -> [IP]
|
|
# internal_api_subnet - > IP/CIDR
|
|
swift::proxy::proxy_local_net_ip: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
|
|
step_config: |
|
|
include ::tripleo::profile::base::swift::proxy
|
|
service_config_settings:
|
|
keystone:
|
|
swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
|
|
swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
|
|
swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
|
|
swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
|
|
swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
|
|
swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
|
|
swift::keystone::auth::password: {get_param: SwiftPassword}
|
|
swift::keystone::auth::region: {get_param: KeystoneRegion}
|
|
swift::keystone::auth::tenant: 'service'
|
|
swift::keystone::auth::configure_s3_endpoint: false
|
|
swift::keystone::auth::operator_roles:
|
|
- admin
|
|
- swiftoperator
|
|
- ResellerAdmin
|
|
upgrade_tasks:
|
|
- name: Stop swift_proxy service
|
|
tags: step1
|
|
service: name=openstack-swift-proxy state=stopped
|