puppet/all-nodes-config.yaml

   1 heat_template_version: 2016-10-14
   2 description: 'All Nodes Config for Puppet'
   3
   4 parameters:
   5   cloud_name_external:
   6     type: string
   7   cloud_name_internal_api:
   8     type: string
   9   cloud_name_storage:
  10     type: string
  11   cloud_name_storage_mgmt:
  12     type: string
  13   cloud_name_ctlplane:
  14     type: string
  15   hosts:
  16     type: comma_delimited_list
  17   # FIXME(shardy) this can be comma_delimited_list when
  18   # https://bugs.launchpad.net/heat/+bug/1617019 is fixed
  19   enabled_services:
  20     type: string
  21   controller_ips:
  22     type: comma_delimited_list
  23   service_ips:
  24     type: json
  25   service_node_names:
  26     type: json
  27   controller_names:
  28     type: comma_delimited_list
  29   memcache_node_ips:
  30     type: comma_delimited_list
  31   keystone_public_api_node_ips:
  32     type: comma_delimited_list
  33   keystone_admin_api_node_ips:
  34     type: comma_delimited_list
  35   NetVipMap:
  36     type: json
  37   RedisVirtualIP:
  38     type: string
  39     default: ''
  40   ServiceNetMap:
  41     type: json
  42   DeployIdentifier:
  43     type: string
  44     default: ''
  45     description: >
  46       Setting this to a unique value will re-run any deployment tasks which
  47       perform configuration on a Heat stack-update.
  48   UpdateIdentifier:
  49     type: string
  50     description: >
  51       Setting to a previously unused value during stack-update will trigger
  52       package update on all nodes
  53   StackAction:
  54     type: string
  55     description: >
  56       Heat action on performed top-level stack.
  57     constraints:
  58     - allowed_values: ['CREATE', 'UPDATE']
  59   # NOTE(jaosorior): This is being set as IPA as it's the first
  60   # CA we'll actually be testing out. But we can change this if
  61   # people request it.
  62   CertmongerCA:
  63     type: string
  64     default: 'IPA'
  65   EnableInternalTLS:
  66     type: boolean
  67     default: false
  68
  69 resources:
  70
  71   allNodesConfigImpl:
  72     type: OS::Heat::StructuredConfig
  73     properties:
  74       group: os-apply-config
  75       config:
  76         hosts:
  77           list_join:
  78           - "\n"
  79           - {get_param: hosts}
  80         hiera:
  81           datafiles:
  82             bootstrap_node:
  83               mapped_data:
  84                 bootstrap_nodeid: {get_input: bootstrap_nodeid}
  85                 bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip}
  86             all_nodes:
  87               mapped_data:
  88                 map_merge:
  89                   - enabled_services: {get_param: enabled_services}
  90                   # This writes out a mapping of service_name_enabled: 'true'
  91                   # For any services not enabled, hiera foo_enabled will
  92                   # return nil, as it's undefined
  93                   - map_merge:
  94                       repeat:
  95                         template:
  96                           # Note this must be string 'true' due to
  97                           # https://bugs.launchpad.net/heat/+bug/1617203
  98                           SERVICE_enabled: 'true'
  99                         for_each:
 100                           SERVICE:
 101                             str_split: [',', {get_param: enabled_services}]
 102                   # Dynamically generate per-service network data
 103                   # This works as follows (outer->inner functions)
 104                   # yaql - filters services where no mapping exists in ServiceNetMap
 105                   #   map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
 106                   #     map_merge/repeat: generate a per-service mapping
 107                   - yaql:
 108                       # This filters any entries where the value hasn't been substituted for
 109                       # a list, e.g it's still $service_network.  This happens when there is
 110                       # no network defined for the service in the ServiceNetMap, which is OK
 111                       # as not all services have to be bound to a network, so we filter them
 112                       expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
 113                       data:
 114                         map:
 115                           map_replace:
 116                             - map_merge:
 117                                 repeat:
 118                                   template:
 119                                     SERVICE_network: SERVICE_network
 120                                   for_each:
 121                                     SERVICE:
 122                                       str_split: [',', {get_param: enabled_services}]
 123                             - values: {get_param: ServiceNetMap}
 124                   # Keystone doesn't provide separate entries for the public
 125                   # and admin endpoints, so we need to add them here manually
 126                   # like we do in the vip-config below
 127                   - keystone_admin_api_network: {get_param: [ServiceNetMap, keystone_admin_api_network]}
 128                     keystone_public_api_network: {get_param: [ServiceNetMap, keystone_public_api_network]}
 129                   # provides a mapping of service_name_ips to a list of IPs
 130                   - {get_param: service_ips}
 131                   - {get_param: service_node_names}
 132                   - controller_node_ips:
 133                       list_join:
 134                       - ','
 135                       - {get_param: controller_ips}
 136                     controller_node_names:
 137                       list_join:
 138                       - ','
 139                       - {get_param: controller_names}
 140                     memcached_node_ips_v6:
 141                       str_replace:
 142                         template: "['inet6:[SERVERS_LIST]']"
 143                         params:
 144                           SERVERS_LIST:
 145                             list_join:
 146                             - "]','inet6:["
 147                             - {get_param: memcache_node_ips}
 148                     keystone_public_api_node_ips:
 149                       str_replace:
 150                         template: "['SERVERS_LIST']"
 151                         params:
 152                           SERVERS_LIST:
 153                             list_join:
 154                             - "','"
 155                             - {get_param: keystone_public_api_node_ips}
 156                     keystone_admin_api_node_ips:
 157                       str_replace:
 158                         template: "['SERVERS_LIST']"
 159                         params:
 160                           SERVERS_LIST:
 161                             list_join:
 162                             - "','"
 163                             - {get_param: keystone_admin_api_node_ips}
 164
 165                     deploy_identifier: {get_param: DeployIdentifier}
 166                     update_identifier: {get_param: UpdateIdentifier}
 167                     stack_action: {get_param: StackAction}
 168             vip_data:
 169               mapped_data:
 170                 map_merge:
 171                   # Dynamically generate per-service VIP data based on enabled_services
 172                   # This works as follows (outer->inner functions)
 173                   # yaql - filters services where no mapping exists in ServiceNetMap
 174                   #   map_replace: substitute e.g internal_api with the IP from NetVipMap
 175                   #     map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
 176                   #       map_merge/repeat: generate a per-service mapping
 177                   - yaql:
 178                       # This filters any entries where the value hasn't been substituted for
 179                       # a list, e.g it's still $service_network.  This happens when there is
 180                       # no network defined for the service in the ServiceNetMap, which is OK
 181                       # as not all services have to be bound to a network, so we filter them
 182                       expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
 183                       data:
 184                         map:
 185                           map_replace:
 186                             - map_replace:
 187                                 - map_merge:
 188                                     repeat:
 189                                       template:
 190                                         SERVICE_vip: SERVICE_network
 191                                       for_each:
 192                                         SERVICE:
 193                                           str_split: [',', {get_param: enabled_services}]
 194                                 - values: {get_param: ServiceNetMap}
 195                             - values: {get_param: NetVipMap}
 196                   - keystone_admin_api_vip:
 197                       get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}]
 198                     keystone_public_api_vip:
 199                       get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}]
 200                     public_virtual_ip: {get_param: [NetVipMap, external]}
 201                     controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
 202                     internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
 203                     storage_virtual_ip: {get_param: [NetVipMap, storage]}
 204                     storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
 205                     redis_vip: {get_param: RedisVirtualIP}
 206                     # public_virtual_ip and controller_virtual_ip are needed in
 207                     # both HAproxy & keepalived.
 208                     tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, external]}
 209                     tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
 210                     tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, external]}
 211                     tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
 212                     tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
 213                     tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, storage]}
 214                     tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
 215                     tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP}
 216                     tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]}
 217                     cloud_name_external: {get_param: cloud_name_external}
 218                     cloud_name_internal_api: {get_param: cloud_name_internal_api}
 219                     cloud_name_storage: {get_param: cloud_name_storage}
 220                     cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt}
 221                     cloud_name_ctlplane: {get_param: cloud_name_ctlplane}
 222                     # TLS parameters
 223                     certmonger_ca: {get_param: CertmongerCA}
 224                     enable_internal_tls: {get_param: EnableInternalTLS}
 225
 226 outputs:
 227   config_id:
 228     description: The ID of the allNodesConfigImpl resource.
 229     value:
 230       {get_resource: allNodesConfigImpl}
 231   hosts_entries:
 232     description: |
 233       The content that should be appended to your /etc/hosts if you want to get
 234       hostname-based access to the deployed nodes (useful for testing without
 235       setting up a DNS).
 236     value: {get_attr: [allNodesConfigImpl, config, hosts]}