puppet/all-nodes-config.yaml

   1 heat_template_version: 2016-10-14
   2 description: 'All Nodes Config for Puppet'
   3
   4 parameters:
   5   cloud_name_external:
   6     type: string
   7   cloud_name_internal_api:
   8     type: string
   9   cloud_name_storage:
  10     type: string
  11   cloud_name_storage_mgmt:
  12     type: string
  13   cloud_name_ctlplane:
  14     type: string
  15   hosts:
  16     type: comma_delimited_list
  17   # FIXME(shardy) this can be comma_delimited_list when
  18   # https://bugs.launchpad.net/heat/+bug/1617019 is fixed
  19   enabled_services:
  20     type: string
  21   controller_ips:
  22     type: comma_delimited_list
  23   logging_groups:
  24     type: json
  25   logging_sources:
  26     type: json
  27   service_ips:
  28     type: json
  29   service_node_names:
  30     type: json
  31   short_service_node_names:
  32     type: json
  33   controller_names:
  34     type: comma_delimited_list
  35   memcache_node_ips:
  36     type: comma_delimited_list
  37   NetVipMap:
  38     type: json
  39   RedisVirtualIP:
  40     type: string
  41     default: ''
  42   ServiceNetMap:
  43     type: json
  44   DeployIdentifier:
  45     type: string
  46     default: ''
  47     description: >
  48       Setting this to a unique value will re-run any deployment tasks which
  49       perform configuration on a Heat stack-update.
  50   UpdateIdentifier:
  51     type: string
  52     description: >
  53       Setting to a previously unused value during stack-update will trigger
  54       package update on all nodes
  55   StackAction:
  56     type: string
  57     description: >
  58       Heat action on performed top-level stack.
  59     constraints:
  60     - allowed_values: ['CREATE', 'UPDATE']
  61   # NOTE(jaosorior): This is being set as IPA as it's the first
  62   # CA we'll actually be testing out. But we can change this if
  63   # people request it.
  64   CertmongerCA:
  65     type: string
  66     default: 'IPA'
  67   EnableInternalTLS:
  68     type: boolean
  69     default: false
  70
  71 resources:
  72
  73   allNodesConfigImpl:
  74     type: OS::Heat::StructuredConfig
  75     properties:
  76       group: os-apply-config
  77       config:
  78         hosts:
  79           list_join:
  80           - "\n"
  81           - {get_param: hosts}
  82         hiera:
  83           datafiles:
  84             bootstrap_node:
  85               mapped_data:
  86                 bootstrap_nodeid: {get_input: bootstrap_nodeid}
  87                 bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip}
  88             all_nodes:
  89               mapped_data:
  90                 map_merge:
  91                   - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: logging_sources}
  92                   - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: logging_groups}
  93                   - enabled_services: {get_param: enabled_services}
  94                   # This writes out a mapping of service_name_enabled: 'true'
  95                   # For any services not enabled, hiera foo_enabled will
  96                   # return nil, as it's undefined
  97                   - map_merge:
  98                       repeat:
  99                         template:
 100                           # Note this must be string 'true' due to
 101                           # https://bugs.launchpad.net/heat/+bug/1617203
 102                           SERVICE_enabled: 'true'
 103                         for_each:
 104                           SERVICE:
 105                             str_split: [',', {get_param: enabled_services}]
 106                   # Dynamically generate per-service network data
 107                   # This works as follows (outer->inner functions)
 108                   # yaql - filters services where no mapping exists in ServiceNetMap
 109                   #   map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
 110                   #     map_merge/repeat: generate a per-service mapping
 111                   - yaql:
 112                       # This filters any entries where the value hasn't been substituted for
 113                       # a list, e.g it's still $service_network.  This happens when there is
 114                       # no network defined for the service in the ServiceNetMap, which is OK
 115                       # as not all services have to be bound to a network, so we filter them
 116                       expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
 117                       data:
 118                         map:
 119                           map_replace:
 120                             - map_merge:
 121                                 repeat:
 122                                   template:
 123                                     SERVICE_network: SERVICE_network
 124                                   for_each:
 125                                     SERVICE:
 126                                       str_split: [',', {get_param: enabled_services}]
 127                             - values: {get_param: ServiceNetMap}
 128                   # Keystone doesn't provide separate entries for the public
 129                   # and admin endpoints, so we need to add them here manually
 130                   # like we do in the vip-config below
 131                   - keystone_admin_api_network: {get_param: [ServiceNetMap, keystone_admin_api_network]}
 132                     keystone_public_api_network: {get_param: [ServiceNetMap, keystone_public_api_network]}
 133                   # provides a mapping of service_name_ips to a list of IPs
 134                   - {get_param: service_ips}
 135                   - {get_param: service_node_names}
 136                   - {get_param: short_service_node_names}
 137                   - controller_node_ips:
 138                       list_join:
 139                       - ','
 140                       - {get_param: controller_ips}
 141                     controller_node_names:
 142                       list_join:
 143                       - ','
 144                       - {get_param: controller_names}
 145                     memcached_node_ips_v6:
 146                       str_replace:
 147                         template: "['inet6:[SERVERS_LIST]']"
 148                         params:
 149                           SERVERS_LIST:
 150                             list_join:
 151                             - "]','inet6:["
 152                             - {get_param: memcache_node_ips}
 153
 154                     deploy_identifier: {get_param: DeployIdentifier}
 155                     update_identifier: {get_param: UpdateIdentifier}
 156                     stack_action: {get_param: StackAction}
 157             vip_data:
 158               mapped_data:
 159                 map_merge:
 160                   # Dynamically generate per-service VIP data based on enabled_services
 161                   # This works as follows (outer->inner functions)
 162                   # yaql - filters services where no mapping exists in ServiceNetMap
 163                   #   map_replace: substitute e.g internal_api with the IP from NetVipMap
 164                   #     map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
 165                   #       map_merge/repeat: generate a per-service mapping
 166                   - yaql:
 167                       # This filters any entries where the value hasn't been substituted for
 168                       # a list, e.g it's still $service_network.  This happens when there is
 169                       # no network defined for the service in the ServiceNetMap, which is OK
 170                       # as not all services have to be bound to a network, so we filter them
 171                       expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
 172                       data:
 173                         map:
 174                           map_replace:
 175                             - map_replace:
 176                                 - map_merge:
 177                                     repeat:
 178                                       template:
 179                                         SERVICE_vip: SERVICE_network
 180                                       for_each:
 181                                         SERVICE:
 182                                           str_split: [',', {get_param: enabled_services}]
 183                                 - values: {get_param: ServiceNetMap}
 184                             - values: {get_param: NetVipMap}
 185                   - keystone_admin_api_vip:
 186                       get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}]
 187                     keystone_public_api_vip:
 188                       get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}]
 189                     public_virtual_ip: {get_param: [NetVipMap, external]}
 190                     controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
 191                     internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
 192                     storage_virtual_ip: {get_param: [NetVipMap, storage]}
 193                     storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
 194                     redis_vip: {get_param: RedisVirtualIP}
 195                     # public_virtual_ip and controller_virtual_ip are needed in
 196                     # both HAproxy & keepalived.
 197                     tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, external]}
 198                     tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
 199                     tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, external]}
 200                     tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
 201                     tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
 202                     tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, storage]}
 203                     tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
 204                     tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP}
 205                     tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]}
 206                     cloud_name_external: {get_param: cloud_name_external}
 207                     cloud_name_internal_api: {get_param: cloud_name_internal_api}
 208                     cloud_name_storage: {get_param: cloud_name_storage}
 209                     cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt}
 210                     cloud_name_ctlplane: {get_param: cloud_name_ctlplane}
 211                     # TLS parameters
 212                     certmonger_ca: {get_param: CertmongerCA}
 213                     enable_internal_tls: {get_param: EnableInternalTLS}
 214
 215 outputs:
 216   config_id:
 217     description: The ID of the allNodesConfigImpl resource.
 218     value:
 219       {get_resource: allNodesConfigImpl}
 220   hosts_entries:
 221     description: |
 222       The content that should be appended to your /etc/hosts if you want to get
 223       hostname-based access to the deployed nodes (useful for testing without
 224       setting up a DNS).
 225     value: {get_attr: [allNodesConfigImpl, config, hosts]}