-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
HAproxy service configured with Puppet
default: 'overcloud-haproxy'
type: string
+resources:
+
+ HAProxyPublicTLS:
+ type: OS::TripleO::Services::HAProxyPublicTLS
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+ HAProxyInternalTLS:
+ type: OS::TripleO::Services::HAProxyInternalTLS
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
outputs:
role_data:
description: Role data for the HAproxy role.
service_name: haproxy
monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy}
config_settings:
- tripleo.haproxy.firewall_rules:
- '107 haproxy stats':
- dport: 1993
- # TODO(emilien) make it composable to find which services are actually running
- tripleo::haproxy::keystone_admin: '"%{hiera(\"keystone_enabled\")}"'
- tripleo::haproxy::keystone_public: '"%{hiera(\"keystone_enabled\")}"'
- tripleo::haproxy::neutron: '"%{hiera(\"neutron_api_enabled\")}"'
- tripleo::haproxy::cinder: '"%{hiera(\"cinder_api_enabled\")}"'
- tripleo::haproxy::glance_api: '"%{hiera(\"glance_api_enabled\")}"'
- tripleo::haproxy::glance_registry: '"%{hiera(\"glance_registry_enabled\")}"'
- tripleo::haproxy::nova_osapi: '"%{hiera(\"nova_api_enabled\")}"'
- tripleo::haproxy::nova_metadata: '"%{hiera(\"nova_api_enabled\")}"'
- tripleo::haproxy::nova_novncproxy: '"%{hiera(\"nova_vncproxy_enabled\")}"'
- tripleo::haproxy::mysql: true
- tripleo::haproxy::redis: '"%{hiera(\"redis_enabled\")}"'
- tripleo::haproxy::sahara: '"%{hiera(\"sahara_api_enabled\")}"'
- tripleo::haproxy::swift_proxy_server: '"%{hiera(\"swift_proxy_enabled\")}"'
- tripleo::haproxy::ceilometer: '"%{hiera(\"ceilometer_api_enabled\")}"'
- tripleo::haproxy::aodh: '"%{hiera(\"aodh_api_enabled\")}"'
- tripleo::haproxy::gnocchi: '"%{hiera(\"gnocchi_api_enabled\")}"'
- tripleo::haproxy::heat_api: '"%{hiera(\"heat_api_enabled\")}"'
- tripleo::haproxy::heat_cloudwatch: '"%{hiera(\"heat_api_cloudwatch_enabled\")}"'
- tripleo::haproxy::heat_cfn: '"%{hiera(\"heat_api_cfn_enabled\")}"'
- tripleo::haproxy::horizon: '"%{hiera(\"horizon_enabled\")}"'
- tripleo::haproxy::ironic: '"%{hiera(\"ironic_api_enabled\")}"'
- tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
- tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
- tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
- tripleo::haproxy::redis_password: {get_param: RedisPassword}
- tripleo::haproxy::control_virtual_interface: {get_param: ControlVirtualInterface}
- tripleo::haproxy::public_virtual_interface: {get_param: PublicVirtualInterface}
+ map_merge:
+ - get_attr: [HAProxyPublicTLS, role_data, config_settings]
+ - get_attr: [HAProxyInternalTLS, role_data, config_settings]
+ - tripleo.haproxy.firewall_rules:
+ '107 haproxy stats':
+ dport: 1993
+ tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
+ tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
+ tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
+ tripleo::haproxy::redis_password: {get_param: RedisPassword}
+ tripleo::haproxy::control_virtual_interface: {get_param: ControlVirtualInterface}
+ tripleo::haproxy::public_virtual_interface: {get_param: PublicVirtualInterface}
+ tripleo::profile::base::haproxy::certificates_specs:
+ map_merge:
+ - get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
+ - get_attr: [HAProxyInternalTLS, role_data, certificates_specs]
step_config: |
include ::tripleo::profile::base::haproxy