-heat_template_version: 2016-04-08
+heat_template_version: ocata
description: >
OpenStack Swift Proxy service configured with Puppet
parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ MonitoringSubscriptionSwiftProxy:
+ default: 'overcloud-swift-proxy'
+ type: string
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ SwiftCeilometerPipelineEnabled:
+ description: Set to False to disable the swift proxy ceilometer pipeline.
+ default: True
+ type: boolean
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+conditions:
+
+ ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, True]}
+
+resources:
+ SwiftBase:
+ type: ./swift-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Swift proxy service.
value:
service_name: swift_proxy
+ monitoring_subscription: {get_param: MonitoringSubscriptionSwiftProxy}
config_settings:
- # Swift
- swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
- swift::proxy::authtoken::admin_password: {get_param: SwiftPassword}
- swift::proxy::authtoken::admin_tenant_name: 'service'
- swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
- swift::proxy::workers: {get_param: SwiftWorkers}
- swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
- swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
- swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
- swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
- swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
- swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
- swift::keystone::auth::password: {get_param: SwiftPassword}
- swift::keystone::auth::region: {get_param: KeystoneRegion}
- tripleo.swift_proxy.firewall_rules:
- '122 swift proxy':
- dport:
- - 8080
- - 13808
- swift::keystone::auth::tenant: 'service'
- swift::keystone::auth::configure_s3_endpoint: false
- swift::keystone::auth::operator_roles:
- - admin
- - swiftoperator
- - ResellerAdmin
- swift::proxy::keystone::operator_roles:
- - admin
- - swiftoperator
- - ResellerAdmin
- swift::proxy::pipeline:
- - 'catch_errors'
- - 'healthcheck'
- - 'proxy-logging'
- - 'cache'
- - 'ratelimit'
- - 'bulk'
- - 'tempurl'
- - 'formpost'
- - 'authtoken'
- - 'keystone'
- - 'staticweb'
- - 'proxy-logging'
- - 'proxy-server'
- swift::proxy::account_autocreate: true
+ map_merge:
+ - get_attr: [SwiftBase, role_data, config_settings]
+
+ - swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ swift::proxy::authtoken::password: {get_param: SwiftPassword}
+ swift::proxy::authtoken::project_name: 'service'
+ swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
+ swift::proxy::workers: {get_param: SwiftWorkers}
+ swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName}
+ swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword}
+ swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]}
+ swift::proxy::ceilometer::nonblocking_notify: true
+ tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort}
+ tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled}
+ tripleo.swift_proxy.firewall_rules:
+ '122 swift proxy':
+ dport:
+ - 8080
+ - 13808
+ swift::proxy::keystone::operator_roles:
+ - admin
+ - swiftoperator
+ - ResellerAdmin
+ swift::proxy::versioned_writes::allow_versioned_writes: true
+ swift::proxy::pipeline:
+ yaql:
+ expression: $.data.pipeline.where($ != '')
+ data:
+ pipeline:
+ - 'catch_errors'
+ - 'healthcheck'
+ - 'proxy-logging'
+ - 'cache'
+ - 'ratelimit'
+ - 'bulk'
+ - 'tempurl'
+ - 'formpost'
+ - 'authtoken'
+ - 'keystone'
+ - 'staticweb'
+ - 'copy'
+ - 'container_quotas'
+ - 'account_quotas'
+ - 'slo'
+ - 'dlo'
+ - 'versioned_writes'
+ -
+ if:
+ - ceilometer_pipeline_enabled
+ - 'ceilometer'
+ - ''
+ - 'proxy-logging'
+ - 'proxy-server'
+ swift::proxy::account_autocreate: true
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ swift::proxy::proxy_local_net_ip: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
step_config: |
include ::tripleo::profile::base::swift::proxy
+ service_config_settings:
+ keystone:
+ swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
+ swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
+ swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
+ swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
+ swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
+ swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
+ swift::keystone::auth::password: {get_param: SwiftPassword}
+ swift::keystone::auth::region: {get_param: KeystoneRegion}
+ swift::keystone::auth::tenant: 'service'
+ swift::keystone::auth::configure_s3_endpoint: false
+ swift::keystone::auth::operator_roles:
+ - admin
+ - swiftoperator
+ - ResellerAdmin
+ upgrade_tasks:
+ - name: Stop swift_proxy service
+ tags: step2
+ service: name=openstack-swift-proxy state=stopped
Code Review / apex-tripleo-heat-templates.git / blobdiff