1 heat_template_version: ocata
4 OpenStack Swift Proxy service configured with Puppet
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Mapping of service endpoint -> protocol. Typically set
19 via parameter_defaults in the resource registry.
23 description: Set to True to enable debugging on all services.
26 description: The password for the swift service account, used by the swift proxy services.
29 SwiftProxyNodeTimeout:
31 description: Timeout for requests going from swift-proxy to swift a/c/o services.
35 description: Number of workers for Swift service.
40 description: Keystone region for endpoint
41 MonitoringSubscriptionSwiftProxy:
42 default: 'overcloud-swift-proxy'
45 description: The password for RabbitMQ
50 description: The username for RabbitMQ
52 SwiftCeilometerPipelineEnabled:
53 description: Set to False to disable the swift proxy ceilometer pipeline.
58 description: Set rabbit subscriber port, change this if using SSL
63 Rabbit client subscriber parameter to specify
64 an SSL connection to the RabbitMQ host.
72 ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, True]}
73 use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
77 type: ./swift-base.yaml
79 ServiceNetMap: {get_param: ServiceNetMap}
80 DefaultPasswords: {get_param: DefaultPasswords}
81 EndpointMap: {get_param: EndpointMap}
84 type: OS::TripleO::Services::TLSProxyBase
86 ServiceNetMap: {get_param: ServiceNetMap}
87 DefaultPasswords: {get_param: DefaultPasswords}
88 EndpointMap: {get_param: EndpointMap}
89 EnableInternalTLS: {get_param: EnableInternalTLS}
93 description: Role data for the Swift proxy service.
95 service_name: swift_proxy
96 monitoring_subscription: {get_param: MonitoringSubscriptionSwiftProxy}
99 - get_attr: [SwiftBase, role_data, config_settings]
100 - get_attr: [TLSProxyBase, role_data, config_settings]
101 - swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
102 swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
103 swift::proxy::authtoken::password: {get_param: SwiftPassword}
104 swift::proxy::authtoken::project_name: 'service'
105 swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
106 swift::proxy::workers: {get_param: SwiftWorkers}
107 swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName}
108 swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword}
109 swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]}
110 swift::proxy::ceilometer::nonblocking_notify: true
111 tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort}
112 tripleo::profile::base::swift::proxy::ceilometer_messaging_use_ssl: {get_param: RabbitClientUseSSL}
113 tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled}
114 tripleo.swift_proxy.firewall_rules:
119 swift::proxy::keystone::operator_roles:
123 swift::proxy::versioned_writes::allow_versioned_writes: true
124 swift::proxy::pipeline:
126 expression: $.data.pipeline.where($ != '')
148 - ceilometer_pipeline_enabled
153 swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
154 swift::proxy::account_autocreate: true
155 # NOTE: bind IP is found in Heat replacing the network name with the
156 # local node IP for the given network; replacement examples
157 # (eg. for internal_api):
159 # internal_api_uri -> [IP]
160 # internal_api_subnet - > IP/CIDR
161 tripleo::profile::base::swift::proxy::tls_proxy_bind_ip:
162 get_param: [ServiceNetMap, SwiftProxyNetwork]
163 tripleo::profile::base::swift::proxy::tls_proxy_fqdn:
166 "%{hiera('fqdn_$NETWORK')}"
168 $NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
169 tripleo::profile::base::swift::proxy::tls_proxy_port:
170 get_param: [EndpointMap, SwiftInternal, port]
171 swift::proxy::port: {get_param: [EndpointMap, SwiftInternal, port]}
172 swift::proxy::proxy_local_net_ip:
176 - {get_param: [ServiceNetMap, SwiftProxyNetwork]}
178 include ::tripleo::profile::base::swift::proxy
179 service_config_settings:
181 swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
182 swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
183 swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
184 swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
185 swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
186 swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
187 swift::keystone::auth::password: {get_param: SwiftPassword}
188 swift::keystone::auth::region: {get_param: KeystoneRegion}
189 swift::keystone::auth::tenant: 'service'
190 swift::keystone::auth::configure_s3_endpoint: false
191 swift::keystone::auth::operator_roles:
196 - name: Stop swift_proxy service
198 service: name=openstack-swift-proxy state=stopped
200 get_attr: [TLSProxyBase, role_data, metadata_settings]