openstack/tripleo-heat-templates
Code Issues Proposed changes
ffd62b223f
tripleo-heat-templates/puppet/services/swift-proxy.yaml
Steven Hardy 3c6ec654b4 Bump template version for all templates to "ocata" 
Heat now supports release name aliases, so we can replace
the inconsistent mix of date related versions with one consistent
version that aligns with the supported version of heat for this
t-h-t branch.

This should also help new users who sometimes copy/paste old templates
and discover intrinsic functions in the t-h-t docs don't work because
their template version is too old.

Change-Id: Ib415e7290fea27447460baa280291492df197e54
2016-12-23 11:43:39 +00:00

160 lines
6.1 KiB
YAML
Raw Blame History

heat_template_version: ocata
description: >
OpenStack Swift Proxy service configured with Puppet
parameters:
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
Debug:
default: ''
description: Set to True to enable debugging on all services.
type: string
SwiftPassword:
description: The password for the swift service account, used by the swift proxy services.
type: string
hidden: true
SwiftProxyNodeTimeout:
default: 60
description: Timeout for requests going from swift-proxy to swift a/c/o services.
type: number
SwiftWorkers:
default: 0
description: Number of workers for Swift service.
type: number
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
MonitoringSubscriptionSwiftProxy:
default: 'overcloud-swift-proxy'
type: string
RabbitPassword:
description: The password for RabbitMQ
type: string
hidden: true
RabbitUserName:
default: guest
description: The username for RabbitMQ
type: string
SwiftCeilometerPipelineEnabled:
description: Set to False to disable the swift proxy ceilometer pipeline.
default: True
type: boolean
RabbitClientPort:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
conditions:
ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, True]}
resources:
SwiftBase:
type: ./swift-base.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Swift proxy service.
value:
service_name: swift_proxy
monitoring_subscription: {get_param: MonitoringSubscriptionSwiftProxy}
config_settings:
map_merge:
- get_attr: [SwiftBase, role_data, config_settings]
- swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
swift::proxy::authtoken::password: {get_param: SwiftPassword}
swift::proxy::authtoken::project_name: 'service'
swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
swift::proxy::workers: {get_param: SwiftWorkers}
swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName}
swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword}
swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]}
swift::proxy::ceilometer::nonblocking_notify: true
tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort}
tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled}
tripleo.swift_proxy.firewall_rules:
'122 swift proxy':
dport:
- 8080
- 13808
swift::proxy::keystone::operator_roles:
- admin
- swiftoperator
- ResellerAdmin
swift::proxy::versioned_writes::allow_versioned_writes: true
swift::proxy::pipeline:
yaql:
expression: $.data.pipeline.where($ != '')
data:
pipeline:
- 'catch_errors'
- 'healthcheck'
- 'proxy-logging'
- 'cache'
- 'ratelimit'
- 'bulk'
- 'tempurl'
- 'formpost'
- 'authtoken'
- 'keystone'
- 'staticweb'
- 'copy'
- 'container-quotas'
- 'account-quotas'
- 'slo'
- 'dlo'
- 'versioned_writes'
-
if:
- ceilometer_pipeline_enabled
- 'ceilometer'
- ''
- 'proxy-logging'
- 'proxy-server'
swift::proxy::account_autocreate: true
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
swift::proxy::proxy_local_net_ip: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
step_config: |
include ::tripleo::profile::base::swift::proxy
service_config_settings:
keystone:
swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
swift::keystone::auth::password: {get_param: SwiftPassword}
swift::keystone::auth::region: {get_param: KeystoneRegion}
swift::keystone::auth::tenant: 'service'
swift::keystone::auth::configure_s3_endpoint: false
swift::keystone::auth::operator_roles:
- admin
- swiftoperator
- ResellerAdmin
View Git Blame Copy Permalink