[fuel.git] / mcp / reclass / classes / cluster / mcp-common-ha / openstack_proxy.yml.j2

##############################################################################
# Copyright (c) 2018 Mirantis Inc., Enea AB and others.
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
---
classes:
  - system.linux.system.repo.mcp.mirror.v1.openstack
  - system.nginx.server.single
  - system.nginx.server.proxy.openstack_api
  - system.nginx.server.proxy.openstack_vnc
  - system.nginx.server.proxy.openstack_web
  - system.nginx.server.proxy.openstack.aodh
  - system.nginx.server.proxy.openstack.ceilometer
  - system.horizon.server.single
  - system.salt.minion.cert.proxy
  - system.sphinx.server.doc.reclass
  - service.keepalived.cluster.single
  - system.keepalived.cluster.instance.openstack_web_public_vip
parameters:
  _param:
    cluster_vip_address: ${_param:openstack_proxy_address}
    keepalived_openstack_web_public_vip_address: ${_param:cluster_vip_address}
    keepalived_openstack_web_public_vip_interface: ${_param:single_nic}
    keepalived_vip_address: ${_param:openstack_proxy_control_address}
    keepalived_vip_interface: ${_param:control_nic}
    keepalived_vip_virtual_router_id: 240
    nginx_proxy_ssl:
      enabled: true
      authority: ${_param:salt_minion_ca_authority}
      engine: salt
      mode: secure
    salt_minion_ca_host: cfg01.${_param:cluster_domain}
  linux:
    system:
      package:
        libapache2-mod-wsgi:
          version: latest
{%- if not conf.MCP_VCP %}
    # Set up routes similar to prx*ovs-ha
    network:
      interface:
        br-ex:
          route:
            public:
              address: 0.0.0.0
              netmask: 0.0.0.0
              gateway: ${_param:opnfv_net_public_gw}
  nginx:
    server:
      # NOTE(armband): Define host.address for all proxies for uniformity
      site:
        nginx_proxy_novnc: &nginx_openstack_proxy_address
          host:
            address: ${_param:openstack_proxy_address}
        nginx_proxy_openstack_api_aodh:
          <<: *nginx_openstack_proxy_address
        nginx_proxy_openstack_api_ceilometer:
          <<: *nginx_openstack_proxy_address
        nginx_proxy_openstack_api_cinder:
          <<: *nginx_openstack_proxy_address
        nginx_proxy_openstack_api_glance:
          <<: *nginx_openstack_proxy_address
        nginx_proxy_openstack_api_heat:
          <<: *nginx_openstack_proxy_address
        nginx_proxy_openstack_api_heat_cfn:
          <<: *nginx_openstack_proxy_address
        nginx_proxy_openstack_api_keystone:
          <<: *nginx_openstack_proxy_address
        nginx_proxy_openstack_api_keystone_private:
          <<: *nginx_openstack_proxy_address
        nginx_proxy_openstack_api_neutron:
          <<: *nginx_openstack_proxy_address
        nginx_proxy_openstack_api_nova:
          <<: *nginx_openstack_proxy_address
        nginx_proxy_openstack_api_nova_ec2:
          <<: *nginx_openstack_proxy_address
        nginx_proxy_openstack_web:
          <<: *nginx_openstack_proxy_address
        nginx_ssl_redirect_openstack_web:
          <<: *nginx_openstack_proxy_address
        nginx_static_reclass_doc:
          <<: *nginx_openstack_proxy_address
{%- else %}
  nginx:
    server:
      site:
        nginx_proxy_openstack_api_heat_cloudwatch:
          enabled: false
{%- endif %}
  salt:
    minion:
      cert:
        proxy:
          alternative_names: "IP:${_param:openstack_proxy_address}"
          key_usage: 'digitalSignature, keyEncipherment'
  keepalived:
    cluster:
      vrrp_scripts:
        check_pidof:
          args: 'nginx'