puppet/all-nodes-config.yaml

   1 heat_template_version: ocata
   2 description: 'All Nodes Config for Puppet'
   3
   4 parameters:
   5   cloud_name_external:
   6     type: string
   7   cloud_name_internal_api:
   8     type: string
   9   cloud_name_storage:
  10     type: string
  11   cloud_name_storage_mgmt:
  12     type: string
  13   cloud_name_ctlplane:
  14     type: string
  15   # FIXME(shardy) this can be comma_delimited_list when
  16   # https://bugs.launchpad.net/heat/+bug/1617019 is fixed
  17   enabled_services:
  18     type: string
  19   controller_ips:
  20     type: comma_delimited_list
  21   logging_groups:
  22     type: json
  23   logging_sources:
  24     type: json
  25   service_ips:
  26     type: json
  27   service_node_names:
  28     type: json
  29   short_service_node_names:
  30     type: json
  31   short_service_bootstrap_node:
  32     type: json
  33   controller_names:
  34     type: comma_delimited_list
  35   memcache_node_ips:
  36     type: comma_delimited_list
  37   NetVipMap:
  38     type: json
  39   RedisVirtualIP:
  40     type: string
  41     default: ''
  42   ServiceNetMap:
  43     type: json
  44   DeployIdentifier:
  45     type: string
  46     default: ''
  47     description: >
  48       Setting this to a unique value will re-run any deployment tasks which
  49       perform configuration on a Heat stack-update.
  50   UpdateIdentifier:
  51     type: string
  52     description: >
  53       Setting to a previously unused value during stack-update will trigger
  54       package update on all nodes
  55   StackAction:
  56     type: string
  57     description: >
  58       Heat action on performed top-level stack.
  59     constraints:
  60     - allowed_values: ['CREATE', 'UPDATE']
  61   # NOTE(jaosorior): This is being set as IPA as it's the first
  62   # CA we'll actually be testing out. But we can change this if
  63   # people request it.
  64   CertmongerCA:
  65     type: string
  66     default: 'IPA'
  67   EnableInternalTLS:
  68     type: boolean
  69     default: false
  70
  71   InternalApiNetName:
  72     default: internal_api
  73     description: The name of the internal API network.
  74     type: string
  75   ExternalNetName:
  76     default: external
  77     description: The name of the external network.
  78     type: string
  79   ManagementNetName:
  80     default: management
  81     description: The name of the management network.
  82     type: string
  83   StorageNetName:
  84     default: storage
  85     description: The name of the storage network.
  86     type: string
  87   StorageMgmtNetName:
  88     default: storage_mgmt
  89     description: The name of the Storage management network.
  90     type: string
  91   TenantNetName:
  92     default: tenant
  93     description: The name of the tenant network.
  94     type: string
  95
  96
  97 resources:
  98
  99   allNodesConfigImpl:
 100     type: OS::Heat::StructuredConfig
 101     properties:
 102       group: hiera
 103       config:
 104         datafiles:
 105           bootstrap_node:
 106             bootstrap_nodeid: {get_input: bootstrap_nodeid}
 107             bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip}
 108           all_nodes:
 109            map_merge:
 110               - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: logging_sources}
 111               - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: logging_groups}
 112               - enabled_services: {get_param: enabled_services}
 113               # This writes out a mapping of service_name_enabled: 'true'
 114               # For any services not enabled, hiera foo_enabled will
 115               # return nil, as it's undefined
 116               - map_merge:
 117                   repeat:
 118                     template:
 119                       # Note this must be string 'true' due to
 120                       # https://bugs.launchpad.net/heat/+bug/1617203
 121                       SERVICE_enabled: 'true'
 122                     for_each:
 123                       SERVICE:
 124                         str_split: [',', {get_param: enabled_services}]
 125               # Dynamically generate per-service network data
 126               # This works as follows (outer->inner functions)
 127               # yaql - filters services where no mapping exists in ServiceNetMap
 128               #   map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
 129               #     map_merge/repeat: generate a per-service mapping
 130               - yaql:
 131                   # This filters any entries where the value hasn't been substituted for
 132                   # a list, e.g it's still $service_network.  This happens when there is
 133                   # no network defined for the service in the ServiceNetMap, which is OK
 134                   # as not all services have to be bound to a network, so we filter them
 135                   expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
 136                   data:
 137                     map:
 138                       map_replace:
 139                         - map_merge:
 140                             repeat:
 141                               template:
 142                                 SERVICE_network: SERVICE_network
 143                               for_each:
 144                                 SERVICE:
 145                                   str_split: [',', {get_param: enabled_services}]
 146                         - values: {get_param: ServiceNetMap}
 147               # Keystone doesn't provide separate entries for the public
 148               # and admin endpoints, so we need to add them here manually
 149               # like we do in the vip-config below
 150               - keystone_admin_api_network: {get_param: [ServiceNetMap, keystone_admin_api_network]}
 151                 keystone_public_api_network: {get_param: [ServiceNetMap, keystone_public_api_network]}
 152               # provides a mapping of service_name_ips to a list of IPs
 153               - {get_param: service_ips}
 154               - {get_param: service_node_names}
 155               - {get_param: short_service_node_names}
 156               - {get_param: short_service_bootstrap_node}
 157               - controller_node_ips:
 158                   list_join:
 159                   - ','
 160                   - {get_param: controller_ips}
 161                 controller_node_names:
 162                   list_join:
 163                   - ','
 164                   - {get_param: controller_names}
 165                 memcached_node_ips_v6:
 166                   repeat:
 167                     template: "inet6:[NAME]"
 168                     for_each:
 169                       NAME: {get_param: memcache_node_ips}
 170                 deploy_identifier: {get_param: DeployIdentifier}
 171                 update_identifier: {get_param: UpdateIdentifier}
 172                 stack_action: {get_param: StackAction}
 173           vip_data:
 174             map_merge:
 175               # Dynamically generate per-service VIP data based on enabled_services
 176               # This works as follows (outer->inner functions)
 177               # yaql - filters services where no mapping exists in ServiceNetMap
 178               #   map_replace: substitute e.g internal_api with the IP from NetVipMap
 179               #     map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
 180               #       map_merge/repeat: generate a per-service mapping
 181               - yaql:
 182                   # This filters any entries where the value hasn't been substituted for
 183                   # a list, e.g it's still $service_network.  This happens when there is
 184                   # no network defined for the service in the ServiceNetMap, which is OK
 185                   # as not all services have to be bound to a network, so we filter them
 186                   expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
 187                   data:
 188                     map:
 189                       map_replace:
 190                         - map_replace:
 191                             - map_merge:
 192                                 repeat:
 193                                   template:
 194                                     SERVICE_vip: SERVICE_network
 195                                   for_each:
 196                                     SERVICE:
 197                                       str_split: [',', {get_param: enabled_services}]
 198                             - values: {get_param: ServiceNetMap}
 199                         - values: {get_param: NetVipMap}
 200               - keystone_admin_api_vip:
 201                   get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}]
 202                 keystone_public_api_vip:
 203                   get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}]
 204                 public_virtual_ip: {get_param: [NetVipMap, {get_param: ExternalNetName}]}
 205                 controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
 206                 internal_api_virtual_ip: {get_param: [NetVipMap, {get_param: InternalApiNetName}]}
 207                 storage_virtual_ip: {get_param: [NetVipMap, {get_param: StorageNetName}]}
 208                 storage_mgmt_virtual_ip: {get_param: [NetVipMap, {get_param: StorageMgmtNetName}]}
 209                 redis_vip: {get_param: RedisVirtualIP}
 210                 # public_virtual_ip and controller_virtual_ip are needed in
 211                 # both HAproxy & keepalived.
 212                 tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, {get_param: ExternalNetName}]}
 213                 tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
 214                 tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, {get_param: ExternalNetName}]}
 215                 tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
 216                 tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, {get_param: InternalApiNetName}]}
 217                 tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, {get_param: StorageNetName}]}
 218                 tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, {get_param: StorageMgmtNetName}]}
 219                 tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP}
 220                 tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]}
 221                 cloud_name_external: {get_param: cloud_name_external}
 222                 cloud_name_internal_api: {get_param: cloud_name_internal_api}
 223                 cloud_name_storage: {get_param: cloud_name_storage}
 224                 cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt}
 225                 cloud_name_ctlplane: {get_param: cloud_name_ctlplane}
 226                 # TLS parameters
 227                 certmonger_ca: {get_param: CertmongerCA}
 228                 enable_internal_tls: {get_param: EnableInternalTLS}
 229
 230 outputs:
 231   config_id:
 232     description: The ID of the allNodesConfigImpl resource.
 233     value:
 234       {get_resource: allNodesConfigImpl}