Code Review / apex-tripleo-heat-templates.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Fix base service type inheriting gnocchi service templates
[apex-tripleo-heat-templates.git] / puppet / services / swift-proxy.yaml
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index a86aeaf..6c2bb44 100644 (file)
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -4,6 +4,15 @@ description: >
   OpenStack Swift Proxy service configured with Puppet
 
 parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -17,6 +26,10 @@ parameters:
     description: The password for the swift service account, used by the swift proxy services.
     type: string
     hidden: true
+  SwiftProxyNodeTimeout:
+    default: 60
+    description: Timeout for requests going from swift-proxy to swift a/c/o services.
+    type: number
   SwiftWorkers:
     default: 0
     description: Number of workers for Swift service.
@@ -31,11 +44,14 @@ outputs:
   role_data:
     description: Role data for the Swift proxy service.
     value:
+      service_name: swift_proxy
       config_settings:
         # Swift
         swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
         swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
         swift::proxy::authtoken::admin_password: {get_param: SwiftPassword}
+        swift::proxy::authtoken::admin_tenant_name: 'service'
+        swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
         swift::proxy::workers: {get_param: SwiftWorkers}
         swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
         swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
@@ -45,5 +61,35 @@ outputs:
         swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
         swift::keystone::auth::password: {get_param: SwiftPassword}
         swift::keystone::auth::region: {get_param: KeystoneRegion}
+        tripleo.swift_proxy.firewall_rules:
+          '122 swift proxy':
+            dport:
+              - 8080
+              - 13808
+        swift::keystone::auth::tenant: 'service'
+        swift::keystone::auth::configure_s3_endpoint: false
+        swift::keystone::auth::operator_roles:
+          - admin
+          - swiftoperator
+          - ResellerAdmin
+        swift::proxy::keystone::operator_roles:
+          - admin
+          - swiftoperator
+          - ResellerAdmin
+        swift::proxy::pipeline:
+          - 'catch_errors'
+          - 'healthcheck'
+          - 'proxy-logging'
+          - 'cache'
+          - 'ratelimit'
+          - 'bulk'
+          - 'tempurl'
+          - 'formpost'
+          - 'authtoken'
+          - 'keystone'
+          - 'staticweb'
+          - 'proxy-logging'
+          - 'proxy-server'
+        swift::proxy::account_autocreate: true
       step_config: |
         include ::tripleo::profile::base::swift::proxy