puppet/all-nodes-config.yaml

   1 heat_template_version: pike
   2 description: 'All Nodes Config for Puppet'
   3
   4 parameters:
   5   cloud_name_external:
   6     type: string
   7   cloud_name_internal_api:
   8     type: string
   9   cloud_name_storage:
  10     type: string
  11   cloud_name_storage_mgmt:
  12     type: string
  13   cloud_name_ctlplane:
  14     type: string
  15   enabled_services:
  16     type: comma_delimited_list
  17   controller_ips:
  18     type: comma_delimited_list
  19   logging_groups:
  20     type: json
  21   logging_sources:
  22     type: json
  23   service_ips:
  24     type: json
  25   service_node_names:
  26     type: json
  27   short_service_node_names:
  28     type: json
  29   short_service_bootstrap_node:
  30     type: json
  31   controller_names:
  32     type: comma_delimited_list
  33   NetVipMap:
  34     type: json
  35   RedisVirtualIP:
  36     type: string
  37     default: ''
  38   ServiceNetMap:
  39     type: json
  40   DeployIdentifier:
  41     type: string
  42     default: ''
  43     description: >
  44       Setting this to a unique value will re-run any deployment tasks which
  45       perform configuration on a Heat stack-update.
  46   UpdateIdentifier:
  47     type: string
  48     description: >
  49       Setting to a previously unused value during stack-update will trigger
  50       package update on all nodes
  51   StackAction:
  52     type: string
  53     description: >
  54       Heat action on performed top-level stack.  Note StackUpdateType is
  55       set to UPGRADE when a major-version upgrade is in progress.
  56     constraints:
  57     - allowed_values: ['CREATE', 'UPDATE']
  58   StackUpdateType:
  59     type: string
  60     description: >
  61       Type of update, to differentiate between UPGRADE and UPDATE cases
  62       when StackAction is UPDATE (both are the same stack action).
  63     constraints:
  64     - allowed_values: ['', 'UPGRADE']
  65     default: ''
  66   # NOTE(jaosorior): This is being set as IPA as it's the first
  67   # CA we'll actually be testing out. But we can change this if
  68   # people request it.
  69   CertmongerCA:
  70     type: string
  71     default: 'IPA'
  72   EnableInternalTLS:
  73     type: boolean
  74     default: false
  75
  76   InternalApiNetName:
  77     default: internal_api
  78     description: The name of the internal API network.
  79     type: string
  80   ExternalNetName:
  81     default: external
  82     description: The name of the external network.
  83     type: string
  84   ManagementNetName:
  85     default: management
  86     description: The name of the management network.
  87     type: string
  88   StorageNetName:
  89     default: storage
  90     description: The name of the storage network.
  91     type: string
  92   StorageMgmtNetName:
  93     default: storage_mgmt
  94     description: The name of the Storage management network.
  95     type: string
  96   TenantNetName:
  97     default: tenant
  98     description: The name of the tenant network.
  99     type: string
 100
 101
 102 resources:
 103
 104   allNodesConfigImpl:
 105     type: OS::Heat::StructuredConfig
 106     properties:
 107       group: hiera
 108       config:
 109         datafiles:
 110           bootstrap_node:
 111             bootstrap_nodeid: {get_input: bootstrap_nodeid}
 112             bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip}
 113           all_nodes:
 114            map_merge:
 115               - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: logging_sources}
 116               - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: logging_groups}
 117               - enabled_services:
 118                   yaql:
 119                     expression: $.data.distinct()
 120                     data: {get_param: enabled_services}
 121               # This writes out a mapping of service_name_enabled: 'true'
 122               # For any services not enabled, hiera foo_enabled will
 123               # return nil, as it's undefined
 124               - map_merge:
 125                   repeat:
 126                     template:
 127                       # Note this must be string 'true' due to
 128                       # https://bugs.launchpad.net/heat/+bug/1617203
 129                       SERVICE_enabled: 'true'
 130                     for_each:
 131                       SERVICE: {get_param: enabled_services}
 132               # Dynamically generate per-service network data
 133               # This works as follows (outer->inner functions)
 134               # yaql - filters services where no mapping exists in ServiceNetMap
 135               #   map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
 136               #     map_merge/repeat: generate a per-service mapping
 137               - yaql:
 138                   # This filters any entries where the value hasn't been substituted for
 139                   # a list, e.g it's still $service_network.  This happens when there is
 140                   # no network defined for the service in the ServiceNetMap, which is OK
 141                   # as not all services have to be bound to a network, so we filter them
 142                   expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
 143                   data:
 144                     map:
 145                       map_replace:
 146                         - map_merge:
 147                             repeat:
 148                               template:
 149                                 SERVICE_network: SERVICE_network
 150                               for_each:
 151                                 SERVICE: {get_param: enabled_services}
 152                         - values: {get_param: ServiceNetMap}
 153               # Keystone doesn't provide separate entries for the public
 154               # and admin endpoints, so we need to add them here manually
 155               # like we do in the vip-config below
 156               - keystone_admin_api_network: {get_param: [ServiceNetMap, keystone_admin_api_network]}
 157                 keystone_public_api_network: {get_param: [ServiceNetMap, keystone_public_api_network]}
 158               # provides a mapping of service_name_ips to a list of IPs
 159               - {get_param: service_ips}
 160               - {get_param: service_node_names}
 161               - {get_param: short_service_node_names}
 162               - {get_param: short_service_bootstrap_node}
 163               - controller_node_ips:
 164                   list_join:
 165                   - ','
 166                   - {get_param: controller_ips}
 167                 controller_node_names:
 168                   list_join:
 169                   - ','
 170                   - {get_param: controller_names}
 171                 deploy_identifier: {get_param: DeployIdentifier}
 172                 update_identifier: {get_param: UpdateIdentifier}
 173                 stack_action: {get_param: StackAction}
 174                 stack_update_type: {get_param: StackUpdateType}
 175           vip_data:
 176             map_merge:
 177               # Dynamically generate per-service VIP data based on enabled_services
 178               # This works as follows (outer->inner functions)
 179               # yaql - filters services where no mapping exists in ServiceNetMap
 180               #   map_replace: substitute e.g internal_api with the IP from NetVipMap
 181               #     map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
 182               #       map_merge/repeat: generate a per-service mapping
 183               - yaql:
 184                   # This filters any entries where the value hasn't been substituted for
 185                   # a list, e.g it's still $service_network.  This happens when there is
 186                   # no network defined for the service in the ServiceNetMap, which is OK
 187                   # as not all services have to be bound to a network, so we filter them
 188                   expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
 189                   data:
 190                     map:
 191                       map_replace:
 192                         - map_replace:
 193                             - map_merge:
 194                                 repeat:
 195                                   template:
 196                                     SERVICE_vip: SERVICE_network
 197                                   for_each:
 198                                     SERVICE: {get_param: enabled_services}
 199                             - values: {get_param: ServiceNetMap}
 200                         - values: {get_param: NetVipMap}
 201               - keystone_admin_api_vip:
 202                   get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}]
 203                 keystone_public_api_vip:
 204                   get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}]
 205                 public_virtual_ip: {get_param: [NetVipMap, {get_param: ExternalNetName}]}
 206                 controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
 207                 internal_api_virtual_ip: {get_param: [NetVipMap, {get_param: InternalApiNetName}]}
 208                 storage_virtual_ip: {get_param: [NetVipMap, {get_param: StorageNetName}]}
 209                 storage_mgmt_virtual_ip: {get_param: [NetVipMap, {get_param: StorageMgmtNetName}]}
 210                 redis_vip: {get_param: RedisVirtualIP}
 211                 # public_virtual_ip and controller_virtual_ip are needed in
 212                 # both HAproxy & keepalived.
 213                 tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, {get_param: ExternalNetName}]}
 214                 tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
 215                 tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, {get_param: ExternalNetName}]}
 216                 tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
 217                 tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, {get_param: InternalApiNetName}]}
 218                 tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, {get_param: StorageNetName}]}
 219                 tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, {get_param: StorageMgmtNetName}]}
 220                 tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP}
 221                 tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]}
 222                 cloud_name_external: {get_param: cloud_name_external}
 223                 cloud_name_internal_api: {get_param: cloud_name_internal_api}
 224                 cloud_name_storage: {get_param: cloud_name_storage}
 225                 cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt}
 226                 cloud_name_ctlplane: {get_param: cloud_name_ctlplane}
 227                 # TLS parameters
 228                 certmonger_ca: {get_param: CertmongerCA}
 229                 enable_internal_tls: {get_param: EnableInternalTLS}
 230
 231 outputs:
 232   config_id:
 233     description: The ID of the allNodesConfigImpl resource.
 234     value:
 235       {get_resource: allNodesConfigImpl}