puppet/all-nodes-config.yaml

   1 heat_template_version: 2016-10-14
   2 description: 'All Nodes Config for Puppet'
   3
   4 parameters:
   5   cloud_name_external:
   6     type: string
   7   cloud_name_internal_api:
   8     type: string
   9   cloud_name_storage:
  10     type: string
  11   cloud_name_storage_mgmt:
  12     type: string
  13   cloud_name_ctlplane:
  14     type: string
  15   # FIXME(shardy) this can be comma_delimited_list when
  16   # https://bugs.launchpad.net/heat/+bug/1617019 is fixed
  17   enabled_services:
  18     type: string
  19   controller_ips:
  20     type: comma_delimited_list
  21   logging_groups:
  22     type: json
  23   logging_sources:
  24     type: json
  25   service_ips:
  26     type: json
  27   service_node_names:
  28     type: json
  29   short_service_node_names:
  30     type: json
  31   controller_names:
  32     type: comma_delimited_list
  33   memcache_node_ips:
  34     type: comma_delimited_list
  35   NetVipMap:
  36     type: json
  37   RedisVirtualIP:
  38     type: string
  39     default: ''
  40   ServiceNetMap:
  41     type: json
  42   DeployIdentifier:
  43     type: string
  44     default: ''
  45     description: >
  46       Setting this to a unique value will re-run any deployment tasks which
  47       perform configuration on a Heat stack-update.
  48   UpdateIdentifier:
  49     type: string
  50     description: >
  51       Setting to a previously unused value during stack-update will trigger
  52       package update on all nodes
  53   StackAction:
  54     type: string
  55     description: >
  56       Heat action on performed top-level stack.
  57     constraints:
  58     - allowed_values: ['CREATE', 'UPDATE']
  59   # NOTE(jaosorior): This is being set as IPA as it's the first
  60   # CA we'll actually be testing out. But we can change this if
  61   # people request it.
  62   CertmongerCA:
  63     type: string
  64     default: 'IPA'
  65   EnableInternalTLS:
  66     type: boolean
  67     default: false
  68
  69 resources:
  70
  71   allNodesConfigImpl:
  72     type: OS::Heat::StructuredConfig
  73     properties:
  74       group: hiera
  75       config:
  76         datafiles:
  77           bootstrap_node:
  78             bootstrap_nodeid: {get_input: bootstrap_nodeid}
  79             bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip}
  80           all_nodes:
  81            map_merge:
  82               - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: logging_sources}
  83               - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: logging_groups}
  84               - enabled_services: {get_param: enabled_services}
  85               # This writes out a mapping of service_name_enabled: 'true'
  86               # For any services not enabled, hiera foo_enabled will
  87               # return nil, as it's undefined
  88               - map_merge:
  89                   repeat:
  90                     template:
  91                       # Note this must be string 'true' due to
  92                       # https://bugs.launchpad.net/heat/+bug/1617203
  93                       SERVICE_enabled: 'true'
  94                     for_each:
  95                       SERVICE:
  96                         str_split: [',', {get_param: enabled_services}]
  97               # Dynamically generate per-service network data
  98               # This works as follows (outer->inner functions)
  99               # yaql - filters services where no mapping exists in ServiceNetMap
 100               #   map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
 101               #     map_merge/repeat: generate a per-service mapping
 102               - yaql:
 103                   # This filters any entries where the value hasn't been substituted for
 104                   # a list, e.g it's still $service_network.  This happens when there is
 105                   # no network defined for the service in the ServiceNetMap, which is OK
 106                   # as not all services have to be bound to a network, so we filter them
 107                   expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
 108                   data:
 109                     map:
 110                       map_replace:
 111                         - map_merge:
 112                             repeat:
 113                               template:
 114                                 SERVICE_network: SERVICE_network
 115                               for_each:
 116                                 SERVICE:
 117                                   str_split: [',', {get_param: enabled_services}]
 118                         - values: {get_param: ServiceNetMap}
 119               # Keystone doesn't provide separate entries for the public
 120               # and admin endpoints, so we need to add them here manually
 121               # like we do in the vip-config below
 122               - keystone_admin_api_network: {get_param: [ServiceNetMap, keystone_admin_api_network]}
 123                 keystone_public_api_network: {get_param: [ServiceNetMap, keystone_public_api_network]}
 124               # provides a mapping of service_name_ips to a list of IPs
 125               - {get_param: service_ips}
 126               - {get_param: service_node_names}
 127               - {get_param: short_service_node_names}
 128               - controller_node_ips:
 129                   list_join:
 130                   - ','
 131                   - {get_param: controller_ips}
 132                 controller_node_names:
 133                   list_join:
 134                   - ','
 135                   - {get_param: controller_names}
 136                 memcached_node_ips_v6:
 137                   repeat:
 138                     template: "inet6:[NAME]"
 139                     for_each:
 140                       NAME: {get_param: memcache_node_ips}
 141                 deploy_identifier: {get_param: DeployIdentifier}
 142                 update_identifier: {get_param: UpdateIdentifier}
 143                 stack_action: {get_param: StackAction}
 144           vip_data:
 145             map_merge:
 146               # Dynamically generate per-service VIP data based on enabled_services
 147               # This works as follows (outer->inner functions)
 148               # yaql - filters services where no mapping exists in ServiceNetMap
 149               #   map_replace: substitute e.g internal_api with the IP from NetVipMap
 150               #     map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
 151               #       map_merge/repeat: generate a per-service mapping
 152               - yaql:
 153                   # This filters any entries where the value hasn't been substituted for
 154                   # a list, e.g it's still $service_network.  This happens when there is
 155                   # no network defined for the service in the ServiceNetMap, which is OK
 156                   # as not all services have to be bound to a network, so we filter them
 157                   expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
 158                   data:
 159                     map:
 160                       map_replace:
 161                         - map_replace:
 162                             - map_merge:
 163                                 repeat:
 164                                   template:
 165                                     SERVICE_vip: SERVICE_network
 166                                   for_each:
 167                                     SERVICE:
 168                                       str_split: [',', {get_param: enabled_services}]
 169                             - values: {get_param: ServiceNetMap}
 170                         - values: {get_param: NetVipMap}
 171               - keystone_admin_api_vip:
 172                   get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}]
 173                 keystone_public_api_vip:
 174                   get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}]
 175                 public_virtual_ip: {get_param: [NetVipMap, external]}
 176                 controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
 177                 internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
 178                 storage_virtual_ip: {get_param: [NetVipMap, storage]}
 179                 storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
 180                 redis_vip: {get_param: RedisVirtualIP}
 181                 # public_virtual_ip and controller_virtual_ip are needed in
 182                 # both HAproxy & keepalived.
 183                 tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, external]}
 184                 tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
 185                 tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, external]}
 186                 tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
 187                 tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
 188                 tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, storage]}
 189                 tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
 190                 tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP}
 191                 tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]}
 192                 cloud_name_external: {get_param: cloud_name_external}
 193                 cloud_name_internal_api: {get_param: cloud_name_internal_api}
 194                 cloud_name_storage: {get_param: cloud_name_storage}
 195                 cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt}
 196                 cloud_name_ctlplane: {get_param: cloud_name_ctlplane}
 197                 # TLS parameters
 198                 certmonger_ca: {get_param: CertmongerCA}
 199                 enable_internal_tls: {get_param: EnableInternalTLS}
 200
 201 outputs:
 202   config_id:
 203     description: The ID of the allNodesConfigImpl resource.
 204     value:
 205       {get_resource: allNodesConfigImpl}