243f80b8b9
The region_name parameter is required when Keystone stores information for multiple region_name. Although multi-domain is not yet supported by TripleO, the parameter is set globally. Change-Id: I40e6f811a47a60c6e096508ed743180dfe3be246
332 lines
13 KiB
YAML
332 lines
13 KiB
YAML
heat_template_version: wallaby
|
|
|
|
description: >
|
|
OpenStack Octavia base service. Shared for all Octavia services
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. Use
|
|
parameter_merge_strategies to merge it with the defaults.
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
Debug:
|
|
type: boolean
|
|
default: false
|
|
description: Set to True to enable debugging on all services.
|
|
OctaviaDebug:
|
|
default: false
|
|
description: Set to True to enable debugging Octavia services.
|
|
type: boolean
|
|
EnableSQLAlchemyCollectd:
|
|
type: boolean
|
|
description: >
|
|
Set to true to enable the SQLAlchemy-collectd server plugin
|
|
default: false
|
|
EnableConfigPurge:
|
|
type: boolean
|
|
default: false
|
|
description: >
|
|
Remove configuration that is not generated by TripleO. Used to avoid
|
|
configuration remnants after upgrades.
|
|
NotificationDriver:
|
|
type: comma_delimited_list
|
|
default: 'noop'
|
|
description: Driver or drivers to handle sending notifications.
|
|
OctaviaUserName:
|
|
description: The username for the Octavia database and keystone accounts.
|
|
type: string
|
|
default: 'octavia'
|
|
OctaviaPassword:
|
|
description: The password for the Octavia database and keystone accounts.
|
|
type: string
|
|
hidden: true
|
|
OctaviaProjectName:
|
|
description: The project name for the keystone Octavia account.
|
|
type: string
|
|
default: 'service'
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
OctaviaCaCertFile:
|
|
type: string
|
|
default: '/etc/octavia/certs/ca_01.pem'
|
|
description: Octavia CA certificate file path.
|
|
OctaviaCaCert:
|
|
type: string
|
|
default: ''
|
|
description: Octavia CA certificate data. If provided, this will create
|
|
or update a file on the host with the path provided in
|
|
OctaviaCaCertFile with the certificate data.
|
|
OctaviaCaKeyFile:
|
|
type: string
|
|
default: '/etc/octavia/certs/private/cakey.pem'
|
|
description: Octavia CA private key file path.
|
|
OctaviaCaKey:
|
|
type: string
|
|
default: ''
|
|
description: The private key for the certificate provided in OctaviaCaCert.
|
|
If provided, this will create or update a file on the host
|
|
with the path provided in OctaviaCaKeyFile with the key
|
|
data.
|
|
OctaviaClientCertFile:
|
|
type: string
|
|
default: '/etc/octavia/certs/client.pem'
|
|
description: Octavia client certificate for amphorae.
|
|
OctaviaClientCert:
|
|
type: string
|
|
default: ''
|
|
description: Octavia client certificate data. If provided, this will create
|
|
or update a file on the host with the path provided in
|
|
OctaviaClientCertFile with the certificate data.
|
|
OctaviaServerCertsKeyPassphrase:
|
|
constraints:
|
|
- length: { min: 32, max: 32}
|
|
description: Passphrase for encrypting Amphora Certificates and
|
|
Private Keys. Must be exactly 32 characters.
|
|
type: string
|
|
hidden: true
|
|
OctaviaCaKeyPassphrase:
|
|
description: CA private key passphrase.
|
|
type: string
|
|
hidden: true
|
|
OctaviaAmphoraImageTag:
|
|
default: 'amphora-image'
|
|
description: Glance image tag for identifying the amphora image.
|
|
type: string
|
|
OctaviaAmphoraNetworkList:
|
|
default: []
|
|
description: List of networks to attach to amphorae.
|
|
type: comma_delimited_list
|
|
OctaviaAmphoraSshKeyName:
|
|
type: string
|
|
default: 'octavia-ssh-key'
|
|
description: SSH key name.
|
|
OctaviaLoadBalancerTopology:
|
|
default: ''
|
|
description: Load balancer topology configuration.
|
|
type: string
|
|
OctaviaFlavorId:
|
|
default: '65'
|
|
description: Nova flavor ID to be used when creating the nova flavor for
|
|
amphora.
|
|
type: string
|
|
OctaviaTimeoutClientData:
|
|
default: 50000
|
|
description: Frontend client inactivity timeout.
|
|
type: number
|
|
OctaviaTimeoutMemberConnect:
|
|
default: 5000
|
|
description: Backend member connection timeout.
|
|
type: number
|
|
OctaviaTimeoutMemberData:
|
|
default: 50000
|
|
description: Backend member inactivity timeout.
|
|
type: number
|
|
OctaviaTimeoutTcpInspect:
|
|
default: 0
|
|
description: Time to wait for TCP packets for content inspection.
|
|
type: number
|
|
OctaviaConnectionMaxRetries:
|
|
default: 120
|
|
description: Retry threshold for connecting to amphorae.
|
|
type: number
|
|
OctaviaConnectionLogging:
|
|
default: true
|
|
description: When false, tenant connection flows will not be logged.
|
|
type: boolean
|
|
OctaviaBuildActiveRetries:
|
|
default: 120
|
|
description: Retry threshold for waiting for a build slot for an amphorae.
|
|
type: number
|
|
OctaviaPortDetachTimeout:
|
|
default: 300
|
|
description: Seconds to wait for a port to detach from an amphora.
|
|
type: number
|
|
OctaviaAdminLogTargets:
|
|
default: []
|
|
description: List of syslog endpoints, host:port comma separated list,
|
|
to receive administrative log messages.
|
|
type: comma_delimited_list
|
|
OctaviaAdminLogFacility:
|
|
default: 1
|
|
description: The syslog "LOG_LOCAL" facility to use for the administrative
|
|
log messages.
|
|
type: number
|
|
constraints:
|
|
- range: { min: 0, max: 7 }
|
|
description: Facility must be between 0 and 7.
|
|
OctaviaForwardAllLogs:
|
|
default: false
|
|
description: When true, all log messages from the amphora will be forwarded
|
|
to the administrative log endponts, including non-load
|
|
balancing related logs.
|
|
type: boolean
|
|
OctaviaTenantLogTargets:
|
|
default: []
|
|
description: List of syslog endpoints, host:port comma separated list,
|
|
to receive tenant traffic flow log messages.
|
|
type: comma_delimited_list
|
|
OctaviaTenantLogFacility:
|
|
default: 0
|
|
description: The syslog "LOG_LOCAL" facility to use for the tenant
|
|
traffic flow log messages.
|
|
type: number
|
|
constraints:
|
|
- range: { min: 0, max: 7 }
|
|
description: Facility must be between 0 and 7.
|
|
OctaviaUserLogFormat:
|
|
default: "{{ '{{' }} project_id {{ '}}' }} {{ '{{' }} lb_id {{ '}}' }} %f %ci %cp %t %{+Q}r %ST %B %U %[ssl_c_verify] %{+Q}[ssl_c_s_dn] %b %s %Tt %tsc"
|
|
description: The tenant traffic flow log format string.
|
|
type: string
|
|
OctaviaDisableLocalLogStorage:
|
|
default: false
|
|
description: When true, logs will not be stored on the amphora filesystem.
|
|
This includes all kernel, system, and security logs.
|
|
type: boolean
|
|
OctaviaAntiAffinity:
|
|
default: true
|
|
description: Flag to indicate if anti-affinity feature is turned on.
|
|
type: boolean
|
|
OctaviaRpcResponseTimeout:
|
|
default: 60
|
|
description: Octavia's RPC response timeout, in seconds.
|
|
type: number
|
|
|
|
conditions:
|
|
octavia_ca_cert_set:
|
|
not: {equals: [{get_param: OctaviaCaCert}, '']}
|
|
octavia_ca_key_set:
|
|
not: {equals: [{get_param: OctaviaCaKey}, '']}
|
|
octavia_client_cert_set:
|
|
not: {equals: [{get_param: OctaviaClientCert}, '']}
|
|
octavia_topology_set:
|
|
not: {equals : [{get_param: OctaviaLoadBalancerTopology}, '']}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Base role data for Octavia services
|
|
value:
|
|
service_name: octavia_base
|
|
config_settings:
|
|
octavia::logging::debug:
|
|
if:
|
|
- {get_param: OctaviaDebug}
|
|
- true
|
|
- {get_param: Debug}
|
|
octavia::purge_config: {get_param: EnableConfigPurge}
|
|
octavia::notification_driver: {get_param: NotificationDriver}
|
|
octavia::db::database_connection:
|
|
make_url:
|
|
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
|
|
username: {get_param: OctaviaUserName}
|
|
password: {get_param: OctaviaPassword}
|
|
host: {get_param: [EndpointMap, MysqlInternal, host]}
|
|
path: /octavia
|
|
query:
|
|
if:
|
|
- {get_param: EnableSQLAlchemyCollectd}
|
|
- read_default_file: /etc/my.cnf.d/tripleo.cnf
|
|
read_default_group: tripleo
|
|
plugin: collectd
|
|
collectd_program_name: octavia
|
|
collectd_host: localhost
|
|
- read_default_file: /etc/my.cnf.d/tripleo.cnf
|
|
read_default_group: tripleo
|
|
octavia::service_auth::auth_url: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
|
|
octavia::service_auth::auth_type: 'password'
|
|
octavia::service_auth::username: {get_param: OctaviaUserName}
|
|
octavia::service_auth::password: {get_param: OctaviaPassword}
|
|
octavia::service_auth::project_name: {get_param: OctaviaProjectName}
|
|
octavia::service_auth::project_domain_name: 'Default'
|
|
octavia::service_auth::user_domain_name: 'Default'
|
|
octavia::service_auth::region_name: {get_param: KeystoneRegion}
|
|
octavia::nova::endpoint_type: 'internalURL'
|
|
octavia::nova::region_name: {get_param: KeystoneRegion}
|
|
octavia::neutron::endpoint_type: 'internalURL'
|
|
octavia::neutron::region_name: {get_param: KeystoneRegion}
|
|
octavia::glance::endpoint_type: 'internalURL'
|
|
octavia::glance::region_name: {get_param: KeystoneRegion}
|
|
octavia::cinder::endpoint_type: 'internalURL'
|
|
octavia::cinder::region_name: {get_param: KeystoneRegion}
|
|
octavia::certificates::endpoint_type: 'internalURL'
|
|
octavia::certificates::ca_certificate: {get_param: OctaviaCaCertFile}
|
|
octavia::certificates::ca_private_key: {get_param: OctaviaCaKeyFile}
|
|
octavia::certificates::client_cert: {get_param: OctaviaClientCertFile}
|
|
octavia::certificates::server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase}
|
|
octavia::certificates::ca_private_key_passphrase: {get_param: OctaviaCaKeyPassphrase}
|
|
octavia::worker::manage_nova_flavor: false
|
|
octavia::controller::amp_boot_network_list: {get_param: OctaviaAmphoraNetworkList}
|
|
octavia::controller::amp_flavor_id: {get_param: OctaviaFlavorId}
|
|
octavia::controller::amp_image_tag: {get_param: OctaviaAmphoraImageTag}
|
|
octavia::controller::amp_ssh_key_name: {get_param: OctaviaAmphoraSshKeyName}
|
|
octavia::controller::enable_ssh_access: true
|
|
octavia::controller::timeout_client_data: {get_param: OctaviaTimeoutClientData}
|
|
octavia::controller::timeout_member_connect: {get_param: OctaviaTimeoutMemberConnect}
|
|
octavia::controller::timeout_member_data: {get_param: OctaviaTimeoutMemberData}
|
|
octavia::controller::timeout_tcp_inspect: {get_param: OctaviaTimeoutTcpInspect}
|
|
octavia::controller::connection_max_retries: {get_param: OctaviaConnectionMaxRetries}
|
|
octavia::controller::connection_logging: {get_param: OctaviaConnectionLogging}
|
|
octavia::controller::build_active_retries: {get_param: OctaviaBuildActiveRetries}
|
|
octavia::controller::admin_log_targets: {get_param: OctaviaAdminLogTargets}
|
|
octavia::controller::administrative_log_facility: {get_param: OctaviaAdminLogFacility}
|
|
octavia::controller::forward_all_logs: {get_param: OctaviaForwardAllLogs}
|
|
octavia::controller::tenant_log_targets: {get_param: OctaviaTenantLogTargets}
|
|
octavia::controller::user_log_facility: {get_param: OctaviaTenantLogFacility}
|
|
octavia::controller::user_log_format: {get_param: OctaviaUserLogFormat}
|
|
octavia::controller::disable_local_log_storage: {get_param: OctaviaDisableLocalLogStorage}
|
|
octavia::networking::port_detach_timeout: {get_param: OctaviaPortDetachTimeout}
|
|
octavia::nova::enable_anti_affinity: {get_param: OctaviaAntiAffinity}
|
|
octavia::rpc_response_timeout: {get_param: OctaviaRpcResponseTimeout}
|
|
octavia::controller::loadbalancer_topology:
|
|
if:
|
|
- octavia_topology_set
|
|
- {get_param: OctaviaLoadBalancerTopology}
|
|
octavia::certificates::ca_certificate_data:
|
|
if:
|
|
- octavia_ca_cert_set
|
|
- {get_param: OctaviaCaCert}
|
|
octavia::certificates::ca_private_key_data:
|
|
if:
|
|
- octavia_ca_key_set
|
|
- {get_param: OctaviaCaKey}
|
|
octavia::certificates::client_cert_data:
|
|
if:
|
|
- octavia_client_cert_set
|
|
- {get_param: OctaviaClientCert}
|
|
update_tasks: &ensure_start_up_files
|
|
- name: make sure that post-deploy.conf exists before restarting containers on update or upgrade
|
|
when: step|int == 5
|
|
block:
|
|
- name: check for octavia post-deploy.conf file
|
|
stat:
|
|
path: /var/lib/config-data/puppet-generated/octavia/etc/octavia/post-deploy.conf
|
|
register: octavia_post_deploy_stat
|
|
- name: create an empty post-deploy.conf file if it does not exist
|
|
file:
|
|
path: /var/lib/config-data/puppet-generated/octavia/etc/octavia/post-deploy.conf
|
|
state: touch
|
|
setype: container_file_t
|
|
mode: '0755'
|
|
when:
|
|
- octavia_post_deploy_stat.exists is defined and not octavia_post_deploy_stat.exists
|
|
upgrade_tasks: *ensure_start_up_files
|