fb0e8f62fc
With the upgrade to puppet 5, we can no longer use dots in the hieradata key lookups. This change updates the THT for firewall_rules, haproxy_endpoints and haproxy_userlists to use the colon notation. Change-Id: I6f67153e04aed191acb715fe8cfa976ee2e75878 Related-Bug: #1803024
105 lines
4.1 KiB
YAML
105 lines
4.1 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
Manila-api service configured with Puppet
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ManilaPassword:
|
|
description: The password for the manila service account.
|
|
type: string
|
|
hidden: true
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
MonitoringSubscriptionManilaApi:
|
|
default: 'overcloud-manila-api'
|
|
type: string
|
|
|
|
resources:
|
|
ManilaBase:
|
|
type: ./manila-base.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Manila-api role.
|
|
value:
|
|
service_name: manila_api
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionManilaApi}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [ManilaBase, role_data, config_settings]
|
|
- manila::keystone::authtoken::password: {get_param: ManilaPassword}
|
|
manila::keystone::authtoken::auth_uri: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
|
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
|
manila::keystone::authtoken::project_name: 'service'
|
|
manila::keystone::authtoken::user_domain_name: 'Default'
|
|
manila::keystone::authtoken::project_domain_name: 'Default'
|
|
tripleo::manila_api::firewall_rules:
|
|
'150 manila':
|
|
dport:
|
|
- 8786
|
|
- 13786
|
|
# NOTE: bind IP is found in hiera replacing the network name with the
|
|
# local node IP for the given network; replacement examples
|
|
# (eg. for internal_api):
|
|
# internal_api -> IP
|
|
# internal_api_uri -> [IP]
|
|
# internal_api_subnet - > IP/CIDR
|
|
manila::api::bind_host:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, ManilaApiNetwork]}
|
|
manila::api::enable_proxy_headers_parsing: true
|
|
manila::api::default_share_type: 'default'
|
|
step_config: |
|
|
include ::tripleo::profile::base::manila::api
|
|
service_config_settings:
|
|
map_merge:
|
|
- get_attr: [ManilaBase, role_data, service_config_settings]
|
|
- keystone:
|
|
manila::keystone::auth::tenant: 'service'
|
|
manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]}
|
|
manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]}
|
|
manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]}
|
|
manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]}
|
|
manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]}
|
|
manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]}
|
|
manila::keystone::auth::password: {get_param: ManilaPassword}
|
|
manila::keystone::auth::region: {get_param: KeystoneRegion}
|