puppet/hieradata/controller.yaml

   1 # Hiera data here applies to all controller nodes
   2
   3 nova::api::enabled: true
   4 nova::conductor::enabled: true
   5 nova::consoleauth::enabled: true
   6 nova::vncproxy::enabled: true
   7 nova::scheduler::enabled: true
   8
   9 # gnocchi
  10 gnocchi::db::sync::extra_opts: '--skip-storage'
  11 gnocchi::storage::swift::swift_user: 'service:gnocchi'
  12 gnocchi::storage::swift::swift_auth_version: 2
  13 gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26'
  14 gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3'
  15 gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616'
  16 gnocchi::statsd::flush_delay: 10
  17 gnocchi::statsd::archive_policy_name: 'low'
  18
  19 # rabbitmq
  20 rabbitmq::delete_guest_user: false
  21 rabbitmq::wipe_db_on_cookie_change: true
  22 rabbitmq::port: '5672'
  23 rabbitmq::package_source: undef
  24 rabbitmq::repos_ensure: false
  25 rabbitmq_environment:
  26   RABBITMQ_NODENAME: "rabbit@%{::hostname}"
  27   RABBITMQ_SERVER_ERL_ARGS: '"+K true +A30 +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"'
  28 rabbitmq_kernel_variables:
  29   inet_dist_listen_min: '35672'
  30   inet_dist_listen_max: '35672'
  31 rabbitmq_config_variables:
  32   tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]'
  33   cluster_partition_handling: 'pause_minority'
  34   loopback_users: '[]'
  35
  36 mongodb::server::replset: tripleo
  37 mongodb::server::journal: false
  38
  39 redis::port: 6379
  40 redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}"
  41 redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}"
  42 redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'
  43
  44 # keystone
  45 keystone::roles::admin::email: 'root@localhost'
  46
  47 # service tenant
  48 glance::api::keystone_tenant: 'service'
  49 aodh::api::keystone_tenant: 'service'
  50 glance::registry::keystone_tenant: 'service'
  51 neutron::server::auth_tenant: 'service'
  52 neutron::agents::metadata::auth_tenant: 'service'
  53 neutron::agents::l3::router_delete_namespaces: True
  54 cinder::api::keystone_tenant: 'service'
  55 swift::proxy::authtoken::admin_tenant_name: 'service'
  56 ceilometer::api::keystone_tenant: 'service'
  57 gnocchi::api::keystone_tenant: 'service'
  58 heat::keystone_tenant: 'service'
  59 sahara::admin_tenant_name: 'service'
  60 aodh::keystone::auth::tenant: 'service'
  61 ceilometer::keystone::auth::tenant: 'service'
  62 cinder::keystone::auth::tenant: 'service'
  63 glance::keystone::auth::tenant: 'service'
  64 gnocchi::keystone::auth::tenant: 'service'
  65 heat::keystone::auth::tenant: 'service'
  66 neutron::keystone::auth::tenant: 'service'
  67 nova::keystone::auth::tenant: 'service'
  68 sahara::keystone::auth::tenant: 'service'
  69 swift::keystone::auth::tenant: 'service'
  70
  71 # keystone
  72 keystone::cron::token_flush::maxdelay: 3600
  73 keystone::roles::admin::service_tenant: 'service'
  74 keystone::roles::admin::admin_tenant: 'admin'
  75 keystone::cron::token_flush::destination: '/dev/null'
  76 keystone::config::keystone_config:
  77   DEFAULT/secure_proxy_ssl_header:
  78     value: 'HTTP_X_FORWARDED_PROTO'
  79   ec2/driver:
  80     value: 'keystone.contrib.ec2.backends.sql.Ec2'
  81 keystone::service_name: 'httpd'
  82 keystone::wsgi::apache::ssl: false
  83
  84 #swift
  85 swift::proxy::pipeline:
  86   - 'catch_errors'
  87   - 'healthcheck'
  88   - 'cache'
  89   - 'ratelimit'
  90   - 'tempurl'
  91   - 'formpost'
  92   - 'authtoken'
  93   - 'keystone'
  94   - 'staticweb'
  95   - 'proxy-logging'
  96   - 'proxy-server'
  97
  98 swift::proxy::account_autocreate: true
  99 swift::keystone::auth::configure_s3_endpoint: false
 100 swift::keystone::auth::operator_roles:
 101   - admin
 102   - swiftoperator
 103
 104 # glance
 105 glance::api::pipeline: 'keystone'
 106 glance::api::show_image_direct_url: true
 107 glance::registry::pipeline: 'keystone'
 108 glance::backend::swift::swift_store_create_container_on_put: true
 109 glance_file_pcmk_directory: '/var/lib/glance/images'
 110
 111 # neutron
 112 neutron::server::sync_db: true
 113
 114 # nova
 115 nova::notify_on_state_change: 'vm_and_task_state'
 116 nova::api::default_floating_pool: 'public'
 117 nova::api::sync_db_api: true
 118 nova::api::enable_proxy_headers_parsing: true
 119 nova::scheduler::filter::ram_allocation_ratio: '1.0'
 120 nova::cron::archive_deleted_rows::hour: '*/12'
 121 nova::cron::archive_deleted_rows::destination: '/dev/null'
 122 nova::notification_driver: messaging
 123
 124 # ceilometer
 125 ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
 126
 127 # cinder
 128 cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
 129 cinder::cron::db_purge::destination: '/dev/null'
 130 cinder::host: hostgroup
 131 cinder_user_enabled_backends: []
 132
 133 # TODO(jaosorior): Move to cinder profile once cinder is moved as a composable
 134 # service.
 135 cinder::api::enable_proxy_headers_parsing: true
 136
 137 # heat
 138 heat::engine::configure_delegated_roles: false
 139 heat::engine::trusts_delegated_roles: []
 140 heat::instance_user: ''
 141 heat::cron::purge_deleted::age: 30
 142 heat::cron::purge_deleted::age_type: 'days'
 143 heat::cron::purge_deleted::maxdelay: 3600
 144 heat::cron::purge_deleted::destination: '/dev/null'
 145 heat::keystone::domain::domain_name: 'heat_stack'
 146 heat::keystone::domain::domain_admin: 'heat_stack_domain_admin'
 147 heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost'
 148 heat::auth_plugin: 'password'
 149
 150 # pacemaker
 151 pacemaker::corosync::cluster_name: 'tripleo_cluster'
 152 pacemaker::corosync::manage_fw: false
 153 pacemaker::resource_defaults::defaults:
 154   resource-stickiness: { value: INFINITY }
 155 corosync_token_timeout: 10000
 156
 157 # horizon
 158 horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
 159 horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
 160 horizon::vhost_extra_params:
 161   add_listen: false
 162   priority: 10
 163   access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
 164
 165 # mysql
 166 mysql::server::manage_config_file: true
 167
 168
 169 tripleo::haproxy::keystone_admin: true
 170 tripleo::haproxy::keystone_public: true
 171 tripleo::haproxy::neutron: true
 172 tripleo::haproxy::cinder: true
 173 tripleo::haproxy::glance_api: true
 174 tripleo::haproxy::glance_registry: true
 175 tripleo::haproxy::nova_osapi: true
 176 tripleo::haproxy::nova_metadata: true
 177 tripleo::haproxy::nova_novncproxy: true
 178 tripleo::haproxy::mysql: true
 179 tripleo::haproxy::redis: true
 180 tripleo::haproxy::sahara: true
 181 tripleo::haproxy::swift_proxy_server: true
 182 tripleo::haproxy::ceilometer: true
 183 tripleo::haproxy::aodh: true
 184 tripleo::haproxy::gnocchi: true
 185 tripleo::haproxy::heat_api: true
 186 tripleo::haproxy::heat_cloudwatch: true
 187 tripleo::haproxy::heat_cfn: true
 188 tripleo::haproxy::horizon: true
 189
 190 controller_classes: []
 191 # firewall
 192 tripleo::firewall::firewall_rules:
 193   '101 mongodb_config':
 194     port: 27019
 195   '102 mongodb_sharding':
 196     port: 27018
 197   '103 mongod':
 198     port: 27017
 199   '104 mysql galera':
 200     port:
 201       - 873
 202       - 3306
 203       - 4444
 204       - 4567
 205       - 4568
 206       - 9200
 207   '105 ntp':
 208     port: 123
 209     proto: udp
 210   '106 vrrp':
 211     proto: vrrp
 212   '107 haproxy stats':
 213     port: 1993
 214   '108 redis':
 215     port:
 216       - 6379
 217       - 26379
 218   '109 rabbitmq':
 219     port:
 220       - 5672
 221       - 35672
 222   '110 ceph':
 223     port:
 224       - 6789
 225       - '6800-6810'
 226   '111 keystone':
 227     port:
 228       - 5000
 229       - 13000
 230       - 35357
 231       - 13357
 232   '112 glance':
 233     port:
 234       - 9292
 235       - 9191
 236       - 13292
 237   '113 nova':
 238     port:
 239       - 6080
 240       - 13080
 241       - 8773
 242       - 3773
 243       - 8774
 244       - 13774
 245       - 8775
 246   '114 neutron server':
 247     port:
 248       - 9696
 249       - 13696
 250   '115 neutron dhcp input':
 251     proto: 'udp'
 252     port: 67
 253   '116 neutron dhcp output':
 254     proto: 'udp'
 255     chain: 'OUTPUT'
 256     port: 68
 257   '118 neutron vxlan networks':
 258     proto: 'udp'
 259     port: 4789
 260   '119 cinder':
 261     port:
 262       - 8776
 263       - 13776
 264   '120 iscsi initiator':
 265     port: 3260
 266   '121 memcached':
 267     port: 11211
 268   '122 swift proxy':
 269     port:
 270       - 8080
 271       - 13808
 272   '123 swift storage':
 273     port:
 274       - 873
 275       - 6000
 276       - 6001
 277       - 6002
 278   '124 ceilometer':
 279     port:
 280       - 8777
 281       - 13777
 282   '125 heat':
 283     port:
 284       - 8000
 285       - 13800
 286       - 8003
 287       - 13003
 288       - 8004
 289       - 13004
 290   '126 horizon':
 291     port:
 292       - 80
 293       - 443
 294   '127 snmp':
 295     port: 161
 296     proto: 'udp'
 297   '128 aodh':
 298     port:
 299       - 8042
 300       - 13042
 301   '129 gnocchi-api':
 302     port:
 303       - 8041
 304       - 13041