tripleo-heat-templates/deployment/octavia/octavia-base.yaml
Takashi Kajinami 243f80b8b9 Octavia: Add missing region_name parameters
The region_name parameter is required when Keystone stores information
for multiple region_name. Although multi-domain is not yet supported
by TripleO, the parameter is set globally.

Change-Id: I40e6f811a47a60c6e096508ed743180dfe3be246
2022-03-07 22:10:29 +09:00

332 lines
13 KiB
YAML

heat_template_version: wallaby
description: >
OpenStack Octavia base service. Shared for all Octavia services
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. Use
parameter_merge_strategies to merge it with the defaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
Debug:
type: boolean
default: false
description: Set to True to enable debugging on all services.
OctaviaDebug:
default: false
description: Set to True to enable debugging Octavia services.
type: boolean
EnableSQLAlchemyCollectd:
type: boolean
description: >
Set to true to enable the SQLAlchemy-collectd server plugin
default: false
EnableConfigPurge:
type: boolean
default: false
description: >
Remove configuration that is not generated by TripleO. Used to avoid
configuration remnants after upgrades.
NotificationDriver:
type: comma_delimited_list
default: 'noop'
description: Driver or drivers to handle sending notifications.
OctaviaUserName:
description: The username for the Octavia database and keystone accounts.
type: string
default: 'octavia'
OctaviaPassword:
description: The password for the Octavia database and keystone accounts.
type: string
hidden: true
OctaviaProjectName:
description: The project name for the keystone Octavia account.
type: string
default: 'service'
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
OctaviaCaCertFile:
type: string
default: '/etc/octavia/certs/ca_01.pem'
description: Octavia CA certificate file path.
OctaviaCaCert:
type: string
default: ''
description: Octavia CA certificate data. If provided, this will create
or update a file on the host with the path provided in
OctaviaCaCertFile with the certificate data.
OctaviaCaKeyFile:
type: string
default: '/etc/octavia/certs/private/cakey.pem'
description: Octavia CA private key file path.
OctaviaCaKey:
type: string
default: ''
description: The private key for the certificate provided in OctaviaCaCert.
If provided, this will create or update a file on the host
with the path provided in OctaviaCaKeyFile with the key
data.
OctaviaClientCertFile:
type: string
default: '/etc/octavia/certs/client.pem'
description: Octavia client certificate for amphorae.
OctaviaClientCert:
type: string
default: ''
description: Octavia client certificate data. If provided, this will create
or update a file on the host with the path provided in
OctaviaClientCertFile with the certificate data.
OctaviaServerCertsKeyPassphrase:
constraints:
- length: { min: 32, max: 32}
description: Passphrase for encrypting Amphora Certificates and
Private Keys. Must be exactly 32 characters.
type: string
hidden: true
OctaviaCaKeyPassphrase:
description: CA private key passphrase.
type: string
hidden: true
OctaviaAmphoraImageTag:
default: 'amphora-image'
description: Glance image tag for identifying the amphora image.
type: string
OctaviaAmphoraNetworkList:
default: []
description: List of networks to attach to amphorae.
type: comma_delimited_list
OctaviaAmphoraSshKeyName:
type: string
default: 'octavia-ssh-key'
description: SSH key name.
OctaviaLoadBalancerTopology:
default: ''
description: Load balancer topology configuration.
type: string
OctaviaFlavorId:
default: '65'
description: Nova flavor ID to be used when creating the nova flavor for
amphora.
type: string
OctaviaTimeoutClientData:
default: 50000
description: Frontend client inactivity timeout.
type: number
OctaviaTimeoutMemberConnect:
default: 5000
description: Backend member connection timeout.
type: number
OctaviaTimeoutMemberData:
default: 50000
description: Backend member inactivity timeout.
type: number
OctaviaTimeoutTcpInspect:
default: 0
description: Time to wait for TCP packets for content inspection.
type: number
OctaviaConnectionMaxRetries:
default: 120
description: Retry threshold for connecting to amphorae.
type: number
OctaviaConnectionLogging:
default: true
description: When false, tenant connection flows will not be logged.
type: boolean
OctaviaBuildActiveRetries:
default: 120
description: Retry threshold for waiting for a build slot for an amphorae.
type: number
OctaviaPortDetachTimeout:
default: 300
description: Seconds to wait for a port to detach from an amphora.
type: number
OctaviaAdminLogTargets:
default: []
description: List of syslog endpoints, host:port comma separated list,
to receive administrative log messages.
type: comma_delimited_list
OctaviaAdminLogFacility:
default: 1
description: The syslog "LOG_LOCAL" facility to use for the administrative
log messages.
type: number
constraints:
- range: { min: 0, max: 7 }
description: Facility must be between 0 and 7.
OctaviaForwardAllLogs:
default: false
description: When true, all log messages from the amphora will be forwarded
to the administrative log endponts, including non-load
balancing related logs.
type: boolean
OctaviaTenantLogTargets:
default: []
description: List of syslog endpoints, host:port comma separated list,
to receive tenant traffic flow log messages.
type: comma_delimited_list
OctaviaTenantLogFacility:
default: 0
description: The syslog "LOG_LOCAL" facility to use for the tenant
traffic flow log messages.
type: number
constraints:
- range: { min: 0, max: 7 }
description: Facility must be between 0 and 7.
OctaviaUserLogFormat:
default: "{{ '{{' }} project_id {{ '}}' }} {{ '{{' }} lb_id {{ '}}' }} %f %ci %cp %t %{+Q}r %ST %B %U %[ssl_c_verify] %{+Q}[ssl_c_s_dn] %b %s %Tt %tsc"
description: The tenant traffic flow log format string.
type: string
OctaviaDisableLocalLogStorage:
default: false
description: When true, logs will not be stored on the amphora filesystem.
This includes all kernel, system, and security logs.
type: boolean
OctaviaAntiAffinity:
default: true
description: Flag to indicate if anti-affinity feature is turned on.
type: boolean
OctaviaRpcResponseTimeout:
default: 60
description: Octavia's RPC response timeout, in seconds.
type: number
conditions:
octavia_ca_cert_set:
not: {equals: [{get_param: OctaviaCaCert}, '']}
octavia_ca_key_set:
not: {equals: [{get_param: OctaviaCaKey}, '']}
octavia_client_cert_set:
not: {equals: [{get_param: OctaviaClientCert}, '']}
octavia_topology_set:
not: {equals : [{get_param: OctaviaLoadBalancerTopology}, '']}
outputs:
role_data:
description: Base role data for Octavia services
value:
service_name: octavia_base
config_settings:
octavia::logging::debug:
if:
- {get_param: OctaviaDebug}
- true
- {get_param: Debug}
octavia::purge_config: {get_param: EnableConfigPurge}
octavia::notification_driver: {get_param: NotificationDriver}
octavia::db::database_connection:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
username: {get_param: OctaviaUserName}
password: {get_param: OctaviaPassword}
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /octavia
query:
if:
- {get_param: EnableSQLAlchemyCollectd}
- read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
plugin: collectd
collectd_program_name: octavia
collectd_host: localhost
- read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
octavia::service_auth::auth_url: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
octavia::service_auth::auth_type: 'password'
octavia::service_auth::username: {get_param: OctaviaUserName}
octavia::service_auth::password: {get_param: OctaviaPassword}
octavia::service_auth::project_name: {get_param: OctaviaProjectName}
octavia::service_auth::project_domain_name: 'Default'
octavia::service_auth::user_domain_name: 'Default'
octavia::service_auth::region_name: {get_param: KeystoneRegion}
octavia::nova::endpoint_type: 'internalURL'
octavia::nova::region_name: {get_param: KeystoneRegion}
octavia::neutron::endpoint_type: 'internalURL'
octavia::neutron::region_name: {get_param: KeystoneRegion}
octavia::glance::endpoint_type: 'internalURL'
octavia::glance::region_name: {get_param: KeystoneRegion}
octavia::cinder::endpoint_type: 'internalURL'
octavia::cinder::region_name: {get_param: KeystoneRegion}
octavia::certificates::endpoint_type: 'internalURL'
octavia::certificates::ca_certificate: {get_param: OctaviaCaCertFile}
octavia::certificates::ca_private_key: {get_param: OctaviaCaKeyFile}
octavia::certificates::client_cert: {get_param: OctaviaClientCertFile}
octavia::certificates::server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase}
octavia::certificates::ca_private_key_passphrase: {get_param: OctaviaCaKeyPassphrase}
octavia::worker::manage_nova_flavor: false
octavia::controller::amp_boot_network_list: {get_param: OctaviaAmphoraNetworkList}
octavia::controller::amp_flavor_id: {get_param: OctaviaFlavorId}
octavia::controller::amp_image_tag: {get_param: OctaviaAmphoraImageTag}
octavia::controller::amp_ssh_key_name: {get_param: OctaviaAmphoraSshKeyName}
octavia::controller::enable_ssh_access: true
octavia::controller::timeout_client_data: {get_param: OctaviaTimeoutClientData}
octavia::controller::timeout_member_connect: {get_param: OctaviaTimeoutMemberConnect}
octavia::controller::timeout_member_data: {get_param: OctaviaTimeoutMemberData}
octavia::controller::timeout_tcp_inspect: {get_param: OctaviaTimeoutTcpInspect}
octavia::controller::connection_max_retries: {get_param: OctaviaConnectionMaxRetries}
octavia::controller::connection_logging: {get_param: OctaviaConnectionLogging}
octavia::controller::build_active_retries: {get_param: OctaviaBuildActiveRetries}
octavia::controller::admin_log_targets: {get_param: OctaviaAdminLogTargets}
octavia::controller::administrative_log_facility: {get_param: OctaviaAdminLogFacility}
octavia::controller::forward_all_logs: {get_param: OctaviaForwardAllLogs}
octavia::controller::tenant_log_targets: {get_param: OctaviaTenantLogTargets}
octavia::controller::user_log_facility: {get_param: OctaviaTenantLogFacility}
octavia::controller::user_log_format: {get_param: OctaviaUserLogFormat}
octavia::controller::disable_local_log_storage: {get_param: OctaviaDisableLocalLogStorage}
octavia::networking::port_detach_timeout: {get_param: OctaviaPortDetachTimeout}
octavia::nova::enable_anti_affinity: {get_param: OctaviaAntiAffinity}
octavia::rpc_response_timeout: {get_param: OctaviaRpcResponseTimeout}
octavia::controller::loadbalancer_topology:
if:
- octavia_topology_set
- {get_param: OctaviaLoadBalancerTopology}
octavia::certificates::ca_certificate_data:
if:
- octavia_ca_cert_set
- {get_param: OctaviaCaCert}
octavia::certificates::ca_private_key_data:
if:
- octavia_ca_key_set
- {get_param: OctaviaCaKey}
octavia::certificates::client_cert_data:
if:
- octavia_client_cert_set
- {get_param: OctaviaClientCert}
update_tasks: &ensure_start_up_files
- name: make sure that post-deploy.conf exists before restarting containers on update or upgrade
when: step|int == 5
block:
- name: check for octavia post-deploy.conf file
stat:
path: /var/lib/config-data/puppet-generated/octavia/etc/octavia/post-deploy.conf
register: octavia_post_deploy_stat
- name: create an empty post-deploy.conf file if it does not exist
file:
path: /var/lib/config-data/puppet-generated/octavia/etc/octavia/post-deploy.conf
state: touch
setype: container_file_t
mode: '0755'
when:
- octavia_post_deploy_stat.exists is defined and not octavia_post_deploy_stat.exists
upgrade_tasks: *ensure_start_up_files