Code Review / apex-tripleo-heat-templates.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Merge "Permits configuration of Cinder enabled_backend via hieradata"
[apex-tripleo-heat-templates.git] / puppet / hieradata / controller.yaml
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index 07bfe54..e80bee0 100644 (file)
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -30,27 +30,30 @@ redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}"
 redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'
 
 # service tenant
-nova::api::admin_tenant_name: 'service'
 glance::api::keystone_tenant: 'service'
 glance::registry::keystone_tenant: 'service'
 neutron::server::auth_tenant: 'service'
 neutron::agents::metadata::auth_tenant: 'service'
+neutron::agents::l3::router_delete_namespaces: True
+neutron::agents::dhcp::dhcp_delete_namespaces: True
 cinder::api::keystone_tenant: 'service'
 swift::proxy::authtoken::admin_tenant_name: 'service'
 ceilometer::api::keystone_tenant: 'service'
 heat::keystone_tenant: 'service'
-glance::keystone::auth::tenant: 'service'
-nova::keystone::auth::tenant: 'service'
-neutron::keystone::auth::tenant: 'service'
-cinder::keystone::auth::tenant: 'service'
-swift::keystone::auth::tenant: 'service'
-ceilometer::keystone::auth::tenant: 'service'
-heat::keystone::auth::tenant: 'service'
+sahara::admin_tenant_name: 'service'
 
 # keystone
 keystone::cron::token_flush::maxdelay: 3600
 keystone::roles::admin::service_tenant: 'service'
 keystone::roles::admin::admin_tenant: 'admin'
+keystone::cron::token_flush::destination: '/dev/null'
+keystone::config::keystone_config:
+  DEFAULT/secure_proxy_ssl_header:
+    value: 'HTTP_X_FORWARDED_PROTO'
+  ec2/driver:
+    value: 'keystone.contrib.ec2.backends.sql.Ec2'
+keystone::service_name: 'httpd'
+keystone::wsgi::apache::ssl: false
 
 #swift
 swift::proxy::pipeline:
@@ -67,13 +70,10 @@ swift::proxy::pipeline:
   - 'proxy-server'
 
 swift::proxy::account_autocreate: true
-swift::keystone::auth::configure_s3_endpoint: false
-swift::keystone::auth::operator_roles:
-  - admin
-  - swiftoperator
 
 # glance
 glance::api::pipeline: 'keystone'
+glance::api::show_image_direct_url: true
 glance::registry::pipeline: 'keystone'
 glance::backend::swift::swift_store_create_container_on_put: true
 glance::backend::rbd::rbd_store_user: 'openstack'
@@ -87,19 +87,29 @@ neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf
 nova::notify_on_state_change: 'vm_and_task_state'
 nova::api::default_floating_pool: 'public'
 nova::api::osapi_v3: true
+nova::api::sync_db_api: true
 nova::scheduler::filter::ram_allocation_ratio: '1.0'
-nova::keystone::auth::configure_ec2_endpoint: false
+nova::cron::archive_deleted_rows::hour: '*/12'
+nova::cron::archive_deleted_rows::destination: '/dev/null'
+nova::notification_driver: messaging
 
 # ceilometer
 ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
 
 # cinder
 cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
+cinder::cron::db_purge::destination: '/dev/null'
+cinder::host: hostgroup
+cinder_user_enabled_backends: []
 
 # heat
 heat::engine::configure_delegated_roles: false
 heat::engine::trusts_delegated_roles: []
 heat::instance_user: ''
+heat::cron::purge_deleted::age: 30
+heat::cron::purge_deleted::age_type: 'days'
+heat::cron::purge_deleted::maxdelay: 3600
+heat::cron::purge_deleted::destination: '/dev/null'
 
 # pacemaker
 pacemaker::corosync::cluster_name: 'tripleo_cluster'
@@ -130,6 +140,7 @@ tripleo::loadbalancer::nova_metadata: true
 tripleo::loadbalancer::nova_novncproxy: true
 tripleo::loadbalancer::mysql: true
 tripleo::loadbalancer::redis: true
+tripleo::loadbalancer::sahara: true
 tripleo::loadbalancer::swift_proxy_server: true
 tripleo::loadbalancer::ceilometer: true
 tripleo::loadbalancer::heat_api: true
@@ -138,3 +149,109 @@ tripleo::loadbalancer::heat_cfn: true
 tripleo::loadbalancer::horizon: true
 
 controller_classes: []
+# firewall
+tripleo::firewall::firewall_rules:
+  '101 mongodb_config':
+    port: 27019
+  '102 mongodb_sharding':
+    port: 27018
+  '103 mongod':
+    port: 27017
+  '104 mysql galera':
+    port:
+      - 873
+      - 3306
+      - 4444
+      - 4567
+      - 4568
+      - 9200
+  '105 ntp':
+    port: 123
+    proto: udp
+  '106 vrrp':
+    proto: vrrp
+  '107 haproxy stats':
+    port: 1993
+  '108 redis':
+    port:
+      - 6379
+      - 26379
+  '109 rabbitmq':
+    port:
+      - 5672
+      - 35672
+  '110 ceph':
+    port:
+      - 6789
+      - '6800-6810'
+  '111 keystone':
+    port:
+      - 5000
+      - 13000
+      - 35357
+      - 13357
+  '112 glance':
+    port:
+      - 9292
+      - 9191
+      - 13292
+  '113 nova':
+    port:
+      - 6080
+      - 13080
+      - 8773
+      - 3773
+      - 8774
+      - 13774
+      - 8775
+  '114 neutron server':
+    port:
+      - 9696
+      - 13696
+  '115 neutron dhcp input':
+    proto: 'udp'
+    port: 67
+  '116 neutron dhcp output':
+    proto: 'udp'
+    chain: 'OUTPUT'
+    port: 68
+  '118 neutron vxlan networks':
+    proto: 'udp'
+    port: 4789
+  '119 cinder':
+    port:
+      - 8776
+      - 13776
+  '120 iscsi initiator':
+    port: 3260
+  '121 memcached':
+    port: 11211
+  '122 swift proxy':
+    port:
+      - 8080
+      - 13808
+  '123 swift storage':
+    port:
+      - 873
+      - 6000
+      - 6001
+      - 6002
+  '124 ceilometer':
+    port:
+      - 8777
+      - 13777
+  '125 heat':
+    port:
+      - 8000
+      - 13800
+      - 8003
+      - 13003
+      - 8004
+      - 13004
+  '126 horizon':
+    port:
+      - 80
+      - 443
+  '127 snmp':
+    port: 161
+    proto: 'udp'