+{# ## Some variables are set to enable rendering backwards compatible templates #}
+{# ## where a few parameter/resource names don't match the expected pattern #}
+{# ## FIXME: we need some way to deprecate the old inconsistent parameters #}
+{%- if role.name == 'Controller' -%}
+ {%- set deprecated_extraconfig_param = 'controllerExtraConfig' -%}
+{% endif %}
heat_template_version: pike
description: 'OpenStack {{role.name}} node configured by Puppet'
parameters:
description: |
Role specific additional hiera configuration to inject into the cluster.
type: json
+{%- if deprecated_extraconfig_param is defined %}
+ {{deprecated_extraconfig_param}}:
+ default: {}
+ description: |
+ DEPRECATED use {{role.name}}ExtraConfig instead
+ type: json
+{%- endif %}
{{role.name}}IPs:
default: {}
type: json
parameter is generated from the parent template.
RoleParameters:
type: json
- description: Role Specific Parameters
+ description: Parameters specific to the role
default: {}
DeploymentSwiftDataMap:
type: json
object: 0
default: {}
+{% if deprecated_extraconfig_param is defined %}
+parameter_groups:
+- label: deprecated
+ description: Do not use deprecated params, they will be removed.
+ parameters:
+ - {{deprecated_extraconfig_param}}
+{%- endif %}
+
conditions:
server_not_blacklisted:
not:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
- {{role.name.lower()}}_extraconfig: {get_param: {{role.name}}ExtraConfig}
+ {{role.name.lower()}}_extraconfig:
+ map_merge:
+{%- if deprecated_extraconfig_param is defined %}
+ - {get_param: {{deprecated_extraconfig_param}}}
+{%- endif %}
+ - {get_param: {{role.name}}ExtraConfig}
extraconfig: {get_param: ExtraConfig}
{{role.name.lower()}}:
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
+ {%- if 'primary' in role.tags and 'controller' in role.tags %}
+ tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
+ {%- endif -%}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
- depends_on: {{role.name}}Deployment
+ depends_on: NetworkDeployment
type: OS::TripleO::NodeTLSCAData
properties:
server: {get_resource: {{role.name}}}
+ {%- if 'primary' in role.tags and 'controller' in role.tags %}
+ # Resource for site-specific passing of private keys/certificates
+ NodeTLSData:
+ depends_on: NodeTLSCAData
+ type: OS::TripleO::NodeTLSData
+ properties:
+ server: {get_resource: {{role.name}}}
+ NodeIndex: {get_param: NodeIndex}
+ {%- endif -%}
+
# Hook for site-specific additional pre-deployment config, e.g extra hieradata
{{role.name}}ExtraConfigPre:
depends_on: {{role.name}}Deployment
# Hook for site-specific additional pre-deployment config,
# applying to all nodes, e.g node registration/unregistration
NodeExtraConfig:
- depends_on: [{{role.name}}ExtraConfigPre, NodeTLSCAData]
+ depends_on:
+ - {{role.name}}ExtraConfigPre
+ {%- if 'primary' in role.tags and 'controller' in role.tags %}
+ - NodeTLSData
+ {%- else %}
+ - NodeTLSCAData
+ {%- endif %}
type: OS::TripleO::NodeExtraConfig
# We have to use conditions here so that we don't break backwards
# compatibility with templates everywhere
- 6
- 0
- keys: {hostname: {get_param: Hostname}}
+ {%- if 'primary' in role.tags and 'controller' in role.tags %}
+ tls_key_modulus_md5:
+ description: MD5 checksum of the TLS Key Modulus
+ value: {get_attr: [NodeTLSData, key_modulus_md5]}
+ tls_cert_modulus_md5:
+ description: MD5 checksum of the TLS Certificate Modulus
+ value: {get_attr: [NodeTLSData, cert_modulus_md5]}
+ {%- endif %}
os_collect_config:
description: The os-collect-config configuration associated with this server resource
value: {get_attr: [{{role.name}}, os_collect_config]}