1 heat_template_version: pike
4 OpenStack Swift Proxy service configured with Puppet
9 description: Dictionary packing service data
13 description: Mapping of service_name -> network name. Typically set
14 via parameter_defaults in the resource registry. This
15 mapping overrides those in ServiceNetMapDefaults.
22 description: Role name on which the service is applied
26 description: Parameters specific to the role
30 description: Mapping of service endpoint -> protocol. Typically set
31 via parameter_defaults in the resource registry.
35 description: Set to True to enable debugging on all services.
38 description: The password for the swift service account
41 SwiftProxyNodeTimeout:
43 description: Timeout for requests going from swift-proxy to swift a/c/o services.
47 description: Number of workers for Swift service.
52 description: Keystone region for endpoint
53 MonitoringSubscriptionSwiftProxy:
54 default: 'overcloud-swift-proxy'
57 description: The password for RabbitMQ
62 description: The username for RabbitMQ
64 SwiftCeilometerPipelineEnabled:
65 description: Set to False to disable the swift proxy ceilometer pipeline.
68 SwiftCeilometerIgnoreProjects:
70 description: Comma-seperated list of project names to ignore.
71 type: comma_delimited_list
74 description: Set rabbit subscriber port, change this if using SSL
79 Rabbit client subscriber parameter to specify
80 an SSL connection to the RabbitMQ host.
88 ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, true]}
89 use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
93 type: ./swift-base.yaml
95 ServiceData: {get_param: ServiceData}
96 ServiceNetMap: {get_param: ServiceNetMap}
97 DefaultPasswords: {get_param: DefaultPasswords}
98 EndpointMap: {get_param: EndpointMap}
99 RoleName: {get_param: RoleName}
100 RoleParameters: {get_param: RoleParameters}
103 type: OS::TripleO::Services::TLSProxyBase
105 ServiceData: {get_param: ServiceData}
106 ServiceNetMap: {get_param: ServiceNetMap}
107 DefaultPasswords: {get_param: DefaultPasswords}
108 EndpointMap: {get_param: EndpointMap}
109 EnableInternalTLS: {get_param: EnableInternalTLS}
113 description: Role data for the Swift proxy service.
115 service_name: swift_proxy
116 monitoring_subscription: {get_param: MonitoringSubscriptionSwiftProxy}
119 - get_attr: [SwiftBase, role_data, config_settings]
120 - get_attr: [TLSProxyBase, role_data, config_settings]
121 - swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
122 swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
123 swift::proxy::authtoken::password: {get_param: SwiftPassword}
124 swift::proxy::authtoken::project_name: 'service'
125 swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
126 swift::proxy::workers: {get_param: SwiftWorkers}
129 - ceilometer_pipeline_enabled
131 swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName}
132 swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword}
133 swift::proxy::ceilometer::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
134 swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
135 swift::proxy::ceilometer::password: {get_param: SwiftPassword}
136 swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects}
137 swift::proxy::ceilometer::nonblocking_notify: true
138 swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
140 - swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]}
141 tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort}
142 tripleo::profile::base::swift::proxy::ceilometer_messaging_use_ssl: {get_param: RabbitClientUseSSL}
143 tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled}
144 tripleo.swift_proxy.firewall_rules:
149 swift::proxy::keystone::operator_roles:
153 swift::proxy::versioned_writes::allow_versioned_writes: true
154 swift::proxy::pipeline:
156 expression: $.data.pipeline.where($ != '')
178 - ceilometer_pipeline_enabled
183 swift::proxy::account_autocreate: true
184 # NOTE: bind IP is found in Heat replacing the network name with the
185 # local node IP for the given network; replacement examples
186 # (eg. for internal_api):
188 # internal_api_uri -> [IP]
189 # internal_api_subnet - > IP/CIDR
190 tripleo::profile::base::swift::proxy::tls_proxy_bind_ip:
191 get_param: [ServiceNetMap, SwiftProxyNetwork]
192 tripleo::profile::base::swift::proxy::tls_proxy_fqdn:
195 "%{hiera('fqdn_$NETWORK')}"
197 $NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
198 tripleo::profile::base::swift::proxy::tls_proxy_port:
199 get_param: [EndpointMap, SwiftInternal, port]
200 swift::proxy::port: {get_param: [EndpointMap, SwiftInternal, port]}
201 swift::proxy::proxy_local_net_ip:
205 - {get_param: [ServiceNetMap, SwiftProxyNetwork]}
207 include ::tripleo::profile::base::swift::proxy
208 service_config_settings:
210 swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
211 swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
212 swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
213 swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
214 swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
215 swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
216 swift::keystone::auth::password: {get_param: SwiftPassword}
217 swift::keystone::auth::region: {get_param: KeystoneRegion}
218 swift::keystone::auth::tenant: 'service'
219 swift::keystone::auth::configure_s3_endpoint: false
220 swift::keystone::auth::operator_roles:
225 - name: Stop swift_proxy service
227 service: name=openstack-swift-proxy state=stopped
229 get_attr: [TLSProxyBase, role_data, metadata_settings]