OpenStack controller node configured by Puppet.
parameters:
+ AdminEmail:
+ default: 'admin@example.com'
+ description: The email for the keystone admin account.
+ type: string
+ hidden: true
AdminPassword:
default: unset
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
description: The keystone auth secret and db password.
type: string
hidden: true
+ CeilometerApiVirtualIP:
+ type: string
+ default: ''
CeilometerBackend:
default: 'mongodb'
description: The ceilometer backend type.
description: The password for the ceilometer service and db account.
type: string
hidden: true
+ CinderApiVirtualIP:
+ type: string
+ default: ''
CinderEnableNfsBackend:
default: false
description: Whether to enable or not the NFS backend for Cinder
description: The password for the glance service and db account, used by the glance services.
type: string
hidden: true
- GlancePort:
- default: "9292"
- description: Glance port.
- type: string
- GlanceProtocol:
- default: http
- description: Protocol to use when connecting to glance, set to https for SSL.
- type: string
GlanceBackend:
default: swift
description: The short name of the Glance backend to use. Should be one
type: string
constraints:
- allowed_values: ['swift', 'file', 'rbd']
+ GlanceFilePcmkDevice:
+ default: ''
+ description: >
+ An exported storage device that should be mounted by Pacemaker
+ as Glance storage. Effective when GlanceFilePcmkManage is true.
+ type: string
+ GlanceFilePcmkFstype:
+ default: 'nfs'
+ description: >
+ Filesystem type for Pacemaker mount used as Glance storage.
+ Effective when GlanceFilePcmkManage is true.
+ type: string
+ GlanceFilePcmkManage:
+ default: false
+ description: >
+ Whether to make Glance file backend a mount managed by Pacemaker.
+ Effective when GlanceBackend is 'file'.
+ type: boolean
+ GlanceFilePcmkOptions:
+ default: ''
+ description: >
+ Mount options for Pacemaker mount used as Glance storage.
+ Effective when GlanceFilePcmkManage is true.
+ type: string
+ HAProxySyslogAddress:
+ default: /dev/log
+ description: Syslog address where HAproxy will send its log
+ type: string
HeatPassword:
default: unset
description: The password for the Heat service and db account, used by the Heat services.
HeatAuthEncryptionKey:
description: Auth encryption key for heat-engine
type: string
+ hidden: true
+ HorizonAllowedHosts:
+ default: '*'
+ description: A list of IP/Hostname allowed to connect to horizon
+ type: comma_delimited_list
HorizonSecret:
description: Secret key for Django
type: string
+ hidden: true
Image:
type: string
default: overcloud-control
type: string
constraints:
- allowed_values: [ 'basic', 'cadf' ]
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
MysqlClusterUniquePart:
description: A unique identifier of the MySQL cluster the controller is in.
type: string
default: 'unset'
description: Shared secret to prevent spoofing
type: string
+ hidden: true
NeutronCorePlugin:
default: 'ml2'
description: |
of VXLAN VNI IDs that are available for tenant network allocation
default: ["1:1000", ]
type: comma_delimited_list
+ NovaApiVirtualIP:
+ type: string
+ default: ''
NovaPassword:
default: unset
description: The password for the nova service and db account, used by nova-api.
description: Should MongoDb journaling be disabled
type: boolean
NtpServer:
- type: string
default: ''
+ description: Comma-separated list of ntp servers
+ type: comma_delimited_list
PcsdPassword:
type: string
description: The password for the 'pcsd' user.
+ hidden: true
PublicVirtualInterface:
default: 'br-ex'
description: >
Specifies the interface where the public-facing virtual ip will be assigned.
This should be int_public when a VLAN is being used.
type: string
- PublicVirtualIP: # DEPRECATED: use per service settings instead
+ PublicVirtualIP:
type: string
default: '' # Has to be here because of the ignored empty value bug
RabbitCookie:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
+ RabbitFDLimit:
+ default: 16384
+ description: Configures RabbitMQ FD limit
+ type: string
RedisVirtualIP:
type: string
default: '' # Has to be here because of the ignored empty value bug
services.
hidden: true
type: string
+ SwiftProxyVirtualIP:
+ type: string
+ default: ''
SwiftReplicas:
type: number
default: 3
GlanceApiVirtualIP:
type: string
default: ''
+ GlanceRegistryVirtualIP:
+ type: string
+ default: ''
MysqlVirtualIP:
type: string
default: ''
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry.
type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
UpdateIdentifier:
default: ''
type: string
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
+ haproxy_log_address: {get_param: HAProxySyslogAddress}
heat.watch_server_url:
list_join:
- ''
- {get_param: HeatApiVirtualIP}
- ':8000/v1/waitcondition'
heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
+ horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
horizon_secret: {get_param: HorizonSecret}
+ admin_email: {get_param: AdminEmail}
admin_password: {get_param: AdminPassword}
admin_token: {get_param: AdminToken}
neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
- '@'
- {get_param: MysqlVirtualIP}
- '/cinder'
- glance_port: {get_param: GlancePort}
+ glance_port: {get_param: [EndpointMap, GlanceInternal, port]}
glance_password: {get_param: GlancePassword}
glance_backend: {get_param: GlanceBackend}
+ glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice}
+ glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype}
+ glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage}
+ glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions}
glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
glance_log_file: {get_param: GlanceLogFile}
glance_dsn:
- '@'
- {get_param: MysqlVirtualIP}
- '/heat'
- keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]}
keystone_ca_certificate: {get_param: KeystoneCACertificate}
keystone_signing_key: {get_param: KeystoneSigningKey}
keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
- '@'
- {get_param: MysqlVirtualIP}
- '/keystone'
- keystone_identity_uri:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystoneAdminApiVirtualIP}
- - ':35357/'
- keystone_auth_uri:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystonePublicApiVirtualIP}
- - ':5000/v2.0/'
- keystone_ec2_uri:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystonePublicApiVirtualIP}
- - ':5000/v2.0/ec2tokens'
+ keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ keystone_public_url: { get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
+ keystone_internal_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
+ keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
enable_fencing: {get_param: EnableFencing}
enable_galera: {get_param: EnableGalera}
enable_ceph_storage: {get_param: EnableCephStorage}
- '@'
- {get_param: MysqlVirtualIP}
- '/ovs_neutron?charset=utf8'
- neutron_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NeutronApiVirtualIP}
- - ':9696'
- neutron_admin_auth_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystoneAdminApiVirtualIP}
- - ':35357/v2.0'
+ neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
+ neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] }
+ neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
+ neutron_admin_auth_url: { get_param: [ EndpointMap, KeystoneAdmin, uri ] }
ceilometer_backend: {get_param: CeilometerBackend}
ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
ceilometer_password: {get_param: CeilometerPassword}
ceilometer_dsn:
list_join:
- ''
- - - 'mysql://ceilometer:unset@'
+ - - 'mysql://ceilometer:'
+ - {get_param: CeilometerPassword}
+ - '@'
- {get_param: MysqlVirtualIP}
- '/ceilometer'
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
rabbit_client_port: {get_param: RabbitClientPort}
mongodb_no_journal: {get_param: MongoDbNoJournal}
- ntp_servers:
+ # We need to force this into quotes or hiera will return integer causing
+ # the puppet module validation regexp to fail.
+ # Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401
+ rabbit_fd_limit:
str_replace:
- template: '["server"]'
+ template: "'LIMIT'"
params:
- server: {get_param: NtpServer}
+ LIMIT: {get_param: RabbitFDLimit}
+ ntp_servers: {get_param: NtpServer}
control_virtual_interface: {get_param: ControlVirtualInterface}
public_virtual_interface: {get_param: PublicVirtualInterface}
swift_hash_suffix: {get_param: SwiftHashSuffix}
cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
- glance_api_servers:
- list_join:
- - ''
- - - {get_param: GlanceProtocol}
- - '://'
- - {get_param: GlanceApiVirtualIP}
- - ':'
- - {get_param: GlancePort}
+ glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
+ glance_registry_host: {get_param: GlanceRegistryVirtualIP}
heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
+ keystone_region: {get_param: KeystoneRegion}
mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
glance::api::bind_host: {get_input: glance_api_network}
glance::api::auth_uri: {get_input: keystone_auth_uri}
glance::api::identity_uri: {get_input: keystone_identity_uri}
- glance::api::registry_host: {get_input: glance_registry_network}
+ glance::api::registry_host: {get_input: glance_registry_host}
glance::api::keystone_password: {get_input: glance_password}
glance::api::debug: {get_input: debug}
glance_notifier_strategy: {get_input: glance_notifier_strategy}
glance::api::database_connection: {get_input: glance_dsn}
glance::registry::keystone_password: {get_input: glance_password}
glance::registry::database_connection: {get_input: glance_dsn}
- glance::registry::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
+ glance::registry::bind_host: {get_input: glance_registry_network}
glance::registry::auth_uri: {get_input: keystone_auth_uri}
glance::registry::identity_uri: {get_input: keystone_identity_uri}
glance::registry::debug: {get_input: debug}
- glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address}
+ glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_uri}
glance::backend::swift::swift_store_user: service:glance
glance::backend::swift::swift_store_key: {get_input: glance_password}
glance_backend: {get_input: glance_backend}
glance::db::mysql::password: {get_input: glance_password}
+ glance_file_pcmk_device: {get_input: glance_file_pcmk_device}
+ glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype}
+ glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage}
+ glance_file_pcmk_options: {get_input: glance_file_pcmk_options}
# Heat
heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
keystone::rabbit_port: {get_input: rabbit_client_port}
keystone::notification_driver: {get_input: keystone_notification_driver}
keystone::notification_format: {get_input: keystone_notification_format}
+ keystone::roles::admin::email: {get_input: admin_email}
+ keystone::roles::admin::password: {get_input: admin_password}
+ keystone::endpoint::public_url: {get_input: keystone_public_url}
+ keystone::endpoint::internal_url: {get_input: keystone_internal_url}
+ keystone::endpoint::admin_url: {get_input: keystone_identity_uri}
+ keystone::endpoint::region: {get_input: keystone_region}
# MongoDB
mongodb::server::bind_ip: {get_input: mongo_db_network}
mongodb::server::nojournal: {get_input: mongodb_no_journal}
# Neutron
neutron::bind_host: {get_input: neutron_api_network}
neutron::rabbit_password: {get_input: rabbit_password}
- neutron::rabbit_user: {get_input: rabbit_user}
+ neutron::rabbit_user: {get_input: rabbit_username}
neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
neutron::rabbit_port: {get_input: rabbit_client_port}
neutron::debug: {get_input: debug}
ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
- ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address}
+ ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri}
ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
ceilometer::db::mysql::password: {get_input: ceilometer_password}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
nova::glance_api_servers: {get_input: glance_api_servers}
nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
- nova::network::neutron::neutron_url: {get_input: neutron_url}
+ nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
nova::vncproxy::host: {get_input: nova_api_network}
nova::db::mysql::password: {get_input: nova_password}
# Horizon
apache::ip: {get_input: horizon_network}
+ horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
horizon::django_debug: {get_input: debug}
horizon::secret_key: {get_input: horizon_secret}
horizon::bind_address: {get_input: horizon_network}
# Rabbit
rabbitmq::node_ip_address: {get_input: rabbitmq_network}
rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
+ rabbitmq::file_limit: {get_input: rabbit_fd_limit}
+ rabbitmq::default_user: {get_input: rabbit_username}
+ rabbitmq::default_pass: {get_input: rabbit_password}
# Redis
redis::bind: {get_input: redis_network}
redis_vip: {get_input: redis_vip}
public_virtual_interface: {get_input: public_virtual_interface}
tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
+ tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address}
tripleo::packages::enable_install: {get_input: enable_package_install}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
properties:
server: {get_resource: Controller}
+ # Hook for site-specific additional pre-deployment config,
+ # applying to all nodes, e.g node registration/unregistration
+ NodeExtraConfig:
+ depends_on: ControllerExtraConfigPre
+ type: OS::TripleO::NodeExtraConfig
+ properties:
+ server: {get_resource: Controller}
+
UpdateConfig:
type: OS::TripleO::Tasks::PackageUpdate
Code Review / apex-tripleo-heat-templates.git / blobdiff