Code Review / fuel.git / blob
? search:


cef23c9eef946e7d50427a3451863723d442f9aa
[fuel.git] / mcp / reclass / classes / cluster / mcp-common-ha / openstack_proxy.yml.j2
1 ##############################################################################
2 # Copyright (c) 2018 Mirantis Inc., Enea AB and others.
3 # All rights reserved. This program and the accompanying materials
4 # are made available under the terms of the Apache License, Version 2.0
5 # which accompanies this distribution, and is available at
6 # http://www.apache.org/licenses/LICENSE-2.0
7 ##############################################################################
8 ---
9 classes:
10   - system.nginx.server.single
11   - system.nginx.server.proxy.openstack_api
12   - system.nginx.server.proxy.openstack_vnc
13   - system.nginx.server.proxy.openstack_web
14   - system.nginx.server.proxy.openstack.aodh
15   - system.nginx.server.proxy.openstack.barbican
16   - system.apache.server.single
17   - system.horizon.server.single
18   - system.salt.minion.cert.proxy
19   - system.sphinx.server.doc.reclass
20   - service.keepalived.cluster.single
21   - system.keepalived.cluster.instance.openstack_web_public_vip
22   - cluster.all-mcp-arch-common.backports
23 parameters:
24   _param:
25     cluster_vip_address: ${_param:openstack_proxy_address}
26     keepalived_openstack_web_public_vip_address: ${_param:cluster_vip_address}
27     keepalived_openstack_web_public_vip_interface: ${_param:single_nic}
28     keepalived_openstack_web_public_vip_password: ${_param:opnfv_main_password}
29     keepalived_vip_address: ${_param:openstack_proxy_control_address}
30     keepalived_vip_interface: ${_param:control_nic}
31     keepalived_vip_virtual_router_id: 240
32     nginx_proxy_ssl:
33       enabled: true
34       authority: ${_param:salt_minion_ca_authority}
35       engine: salt
36       mode: secure
37     salt_minion_ca_host: cfg01.${_param:cluster_domain}
38   linux:
39     system:
40       package:
41         libapache2-mod-wsgi:
42           version: latest
43 {%- if not conf.MCP_VCP %}
44   nginx:
45     server:
46       # NOTE(armband): Define host.address for all proxies for uniformity
47       site:
48         nginx_proxy_novnc: &nginx_openstack_proxy_address
49           host:
50             address: ${_param:openstack_proxy_address}
51         nginx_proxy_openstack_api_aodh:
52           <<: *nginx_openstack_proxy_address
53         nginx_proxy_openstack_api_cinder:
54           <<: *nginx_openstack_proxy_address
55         nginx_proxy_openstack_api_glance:
56           <<: *nginx_openstack_proxy_address
57         nginx_proxy_openstack_api_heat:
58           <<: *nginx_openstack_proxy_address
59         nginx_proxy_openstack_api_heat_cfn:
60           <<: *nginx_openstack_proxy_address
61         nginx_proxy_openstack_api_heat_cloudwatch:
62           <<: *nginx_openstack_proxy_address
63           enabled: false
64         nginx_proxy_openstack_api_keystone:
65           <<: *nginx_openstack_proxy_address
66         nginx_proxy_openstack_api_keystone_private:
67           <<: *nginx_openstack_proxy_address
68         nginx_proxy_openstack_api_neutron:
69           <<: *nginx_openstack_proxy_address
70         nginx_proxy_openstack_api_nova:
71           <<: *nginx_openstack_proxy_address
72         nginx_proxy_openstack_web:
73           <<: *nginx_openstack_proxy_address
74         nginx_ssl_redirect_openstack_web:
75           <<: *nginx_openstack_proxy_address
76         nginx_static_reclass_doc:
77           <<: *nginx_openstack_proxy_address
78 {%- else %}
79   nginx:
80     server:
81       site:
82         nginx_proxy_openstack_api_heat_cloudwatch:
83           enabled: false
84 {%- endif %}
85   salt:
86     minion:
87       cert:
88         proxy:
89           alternative_names: "IP:${_param:openstack_proxy_address}"
90           key_usage: 'digitalSignature, keyEncipherment'
91   keepalived:
92     cluster:
93       vrrp_scripts:
94         check_pidof:
95           args: 'nginx'
96   apache:
97     server:
98       bind:
99         listen_default_ports: false