puppet/all-nodes-config.yaml

   1 heat_template_version: pike
   2 description: 'All Nodes Config for Puppet'
   3
   4 parameters:
   5   cloud_name_external:
   6     type: string
   7   cloud_name_internal_api:
   8     type: string
   9   cloud_name_storage:
  10     type: string
  11   cloud_name_storage_mgmt:
  12     type: string
  13   cloud_name_ctlplane:
  14     type: string
  15   enabled_services:
  16     type: comma_delimited_list
  17   controller_ips:
  18     type: comma_delimited_list
  19   service_ips:
  20     type: json
  21   service_node_names:
  22     type: json
  23   short_service_node_names:
  24     type: json
  25   short_service_bootstrap_node:
  26     type: json
  27   controller_names:
  28     type: comma_delimited_list
  29   NetVipMap:
  30     type: json
  31   RedisVirtualIP:
  32     type: string
  33     default: ''
  34   ServiceNetMap:
  35     type: json
  36   DeployIdentifier:
  37     type: string
  38     default: ''
  39     description: >
  40       Setting this to a unique value will re-run any deployment tasks which
  41       perform configuration on a Heat stack-update.
  42   UpdateIdentifier:
  43     type: string
  44     default: ''
  45     description: >
  46       Setting to a previously unused value during stack-update will trigger
  47       package update on all nodes
  48   StackAction:
  49     type: string
  50     description: >
  51       Heat action on performed top-level stack.  Note StackUpdateType is
  52       set to UPGRADE when a major-version upgrade is in progress.
  53     constraints:
  54     - allowed_values: ['CREATE', 'UPDATE']
  55   StackUpdateType:
  56     type: string
  57     description: >
  58       Type of update, to differentiate between UPGRADE and UPDATE cases
  59       when StackAction is UPDATE (both are the same stack action).
  60     constraints:
  61     - allowed_values: ['', 'UPGRADE']
  62     default: ''
  63   # NOTE(jaosorior): This is being set as IPA as it's the first
  64   # CA we'll actually be testing out. But we can change this if
  65   # people request it.
  66   CertmongerCA:
  67     type: string
  68     default: 'IPA'
  69   EnableInternalTLS:
  70     type: boolean
  71     default: false
  72
  73   InternalApiNetName:
  74     default: internal_api
  75     description: The name of the internal_api network.
  76     type: string
  77   ExternalNetName:
  78     default: external
  79     description: The name of the external network.
  80     type: string
  81   ManagementNetName:
  82     default: management
  83     description: The name of the management network.
  84     type: string
  85   StorageNetName:
  86     default: storage
  87     description: The name of the storage network.
  88     type: string
  89   StorageMgmtNetName:
  90     default: storage_mgmt
  91     description: The name of the storage_mgmt network.
  92     type: string
  93   TenantNetName:
  94     default: tenant
  95     description: The name of the tenant network.
  96     type: string
  97
  98
  99 resources:
 100
 101   allNodesConfigImpl:
 102     type: OS::Heat::StructuredConfig
 103     properties:
 104       group: hiera
 105       config:
 106         datafiles:
 107           bootstrap_node:
 108             bootstrap_nodeid: {get_input: bootstrap_nodeid}
 109             bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip}
 110           all_nodes:
 111            map_merge:
 112               - enabled_services:
 113                   yaql:
 114                     expression: $.data.distinct()
 115                     data: {get_param: enabled_services}
 116               # This writes out a mapping of service_name_enabled: 'true'
 117               # For any services not enabled, hiera foo_enabled will
 118               # return nil, as it's undefined
 119               - map_merge:
 120                   repeat:
 121                     template:
 122                       # Note this must be string 'true' due to
 123                       # https://bugs.launchpad.net/heat/+bug/1617203
 124                       SERVICE_enabled: 'true'
 125                     for_each:
 126                       SERVICE: {get_param: enabled_services}
 127               # Dynamically generate per-service network data
 128               # This works as follows (outer->inner functions)
 129               # yaql - filters services where no mapping exists in ServiceNetMap
 130               #   map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
 131               #     map_merge/repeat: generate a per-service mapping
 132               - yaql:
 133                   # This filters any entries where the value hasn't been substituted for
 134                   # a list, e.g it's still $service_network.  This happens when there is
 135                   # no network defined for the service in the ServiceNetMap, which is OK
 136                   # as not all services have to be bound to a network, so we filter them
 137                   expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
 138                   data:
 139                     map:
 140                       map_replace:
 141                         - map_merge:
 142                             repeat:
 143                               template:
 144                                 SERVICE_network: SERVICE_network
 145                               for_each:
 146                                 SERVICE: {get_param: enabled_services}
 147                         - values: {get_param: ServiceNetMap}
 148               # Keystone doesn't provide separate entries for the public
 149               # and admin endpoints, so we need to add them here manually
 150               # like we do in the vip-config below
 151               - keystone_admin_api_network: {get_param: [ServiceNetMap, keystone_admin_api_network]}
 152                 keystone_public_api_network: {get_param: [ServiceNetMap, keystone_public_api_network]}
 153               # provides a mapping of service_name_ips to a list of IPs
 154               - {get_param: service_ips}
 155               - {get_param: service_node_names}
 156               - {get_param: short_service_node_names}
 157               - {get_param: short_service_bootstrap_node}
 158               - controller_node_ips:
 159                   list_join:
 160                   - ','
 161                   - {get_param: controller_ips}
 162                 controller_node_names:
 163                   list_join:
 164                   - ','
 165                   - {get_param: controller_names}
 166                 deploy_identifier: {get_param: DeployIdentifier}
 167                 update_identifier: {get_param: UpdateIdentifier}
 168                 stack_action: {get_param: StackAction}
 169                 stack_update_type: {get_param: StackUpdateType}
 170           vip_data:
 171             map_merge:
 172               # Dynamically generate per-service VIP data based on enabled_services
 173               # This works as follows (outer->inner functions)
 174               # yaql - filters services where no mapping exists in ServiceNetMap
 175               #   map_replace: substitute e.g internal_api with the IP from NetVipMap
 176               #     map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
 177               #       map_merge/repeat: generate a per-service mapping
 178               - yaql:
 179                   # This filters any entries where the value hasn't been substituted for
 180                   # a list, e.g it's still $service_network.  This happens when there is
 181                   # no network defined for the service in the ServiceNetMap, which is OK
 182                   # as not all services have to be bound to a network, so we filter them
 183                   expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
 184                   data:
 185                     map:
 186                       map_replace:
 187                         - map_replace:
 188                             - map_merge:
 189                                 repeat:
 190                                   template:
 191                                     SERVICE_vip: SERVICE_network
 192                                   for_each:
 193                                     SERVICE: {get_param: enabled_services}
 194                             - values: {get_param: ServiceNetMap}
 195                         - values: {get_param: NetVipMap}
 196               - keystone_admin_api_vip:
 197                   get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}]
 198                 keystone_public_api_vip:
 199                   get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}]
 200                 public_virtual_ip: {get_param: [NetVipMap, {get_param: ExternalNetName}]}
 201                 controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
 202                 internal_api_virtual_ip: {get_param: [NetVipMap, {get_param: InternalApiNetName}]}
 203                 storage_virtual_ip: {get_param: [NetVipMap, {get_param: StorageNetName}]}
 204                 storage_mgmt_virtual_ip: {get_param: [NetVipMap, {get_param: StorageMgmtNetName}]}
 205                 redis_vip: {get_param: RedisVirtualIP}
 206                 # public_virtual_ip and controller_virtual_ip are needed in
 207                 # both HAproxy & keepalived.
 208                 tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, {get_param: ExternalNetName}]}
 209                 tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
 210                 tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, {get_param: ExternalNetName}]}
 211                 tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
 212                 tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, {get_param: InternalApiNetName}]}
 213                 tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, {get_param: StorageNetName}]}
 214                 tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, {get_param: StorageMgmtNetName}]}
 215                 tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP}
 216                 tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]}
 217                 cloud_name_external: {get_param: cloud_name_external}
 218                 cloud_name_internal_api: {get_param: cloud_name_internal_api}
 219                 cloud_name_storage: {get_param: cloud_name_storage}
 220                 cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt}
 221                 cloud_name_ctlplane: {get_param: cloud_name_ctlplane}
 222                 # TLS parameters
 223                 certmonger_ca: {get_param: CertmongerCA}
 224                 enable_internal_tls: {get_param: EnableInternalTLS}
 225
 226 outputs:
 227   config_id:
 228     description: The ID of the allNodesConfigImpl resource.
 229     value:
 230       {get_resource: allNodesConfigImpl}