X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=controller.yaml;h=cf5962da1fdbe0176a20ae53d5799b28484f3487;hb=4c35b1b35837e2abd3419a2bd23c4453a61695e9;hp=3cc27acfac5760242a3c688047c41e1b01221a2c;hpb=928cd735f30752152e50a3b20145f899cb1b961c;p=apex-tripleo-heat-templates.git diff --git a/controller.yaml b/controller.yaml index 3cc27acf..cf5962da 100644 --- a/controller.yaml +++ b/controller.yaml @@ -158,6 +158,15 @@ parameters: description: Keystone key for signing tokens. type: string hidden: true + KeystoneSSLCertificate: + default: '' + description: Keystone certificate for verifying token validity. + type: string + KeystoneSSLCertificateKey: + default: '' + description: Keystone key for signing tokens. + type: string + hidden: true MysqlClusterUniquePart: description: A unique identifier of the MySQL cluster the controller is in. type: string @@ -189,6 +198,28 @@ parameters: default: 'dhcp-option-force=26,1400' description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead. type: string + NeutronAgentMode: + default: 'dvr_snat' + description: Agent mode for the neutron-l3-agent on the controller hosts + type: string + NeutronDVR: + default: 'False' + description: Whether to configure Neutron Distributed Virtual Routers + type: string + NeutronMetadataProxySharedSecret: + default: 'unset' + description: Shared secret to prevent spoofing + type: string + NeutronMechanismDrivers: + default: 'openvswitch' + description: | + The mechanism drivers for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'openvswitch,l2_population' + type: string + NeutronAllowL3AgentFailover: + default: 'True' + description: Allow automatic l3-agent failover + type: string NeutronEnableTunnelling: type: string default: "True" @@ -274,6 +305,16 @@ parameters: default: guest description: The username for RabbitMQ type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number SnmpdReadonlyUserName: default: ro_snmp_user description: The user name for SNMPd with readonly rights running on all Overcloud nodes @@ -297,6 +338,26 @@ parameters: description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints. type: string hidden: true + SwiftHashSuffix: + default: unset + description: A random string to be used as a salt when hashing to determine mappings + in the ring. + hidden: true + type: string + SwiftPartPower: + default: 10 + description: Partition Power to use when building Swift rings + type: number + SwiftPassword: + default: unset + description: The password for the swift service account, used by the swift proxy + services. + hidden: true + type: string + SwiftReplicas: + type: number + default: 1 + description: How many replicas to use in the swift rings. VirtualIP: type: string default: '' # Has to be here because of the ignored empty value bug @@ -396,6 +457,9 @@ resources: ca_certificate: {get_param: KeystoneCACertificate} signing_key: {get_param: KeystoneSigningKey} signing_certificate: {get_param: KeystoneSigningCertificate} + ssl: + certificate: {get_param: KeystoneSSLCertificate} + certificate_key: {get_param: KeystoneSSLCertificateKey} mysql: innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} local_bind: true @@ -409,7 +473,11 @@ resources: debug: {get_param: Debug} flat-networks: {get_param: NeutronFlatNetworks} host: {get_input: controller_virtual_ip} - metadata_proxy_shared_secret: unset + metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + agent_mode: {get_param: NeutronAgentMode} + router_distributed: {get_param: NeutronDVR} + mechanism_drivers: {get_param: NeutronMechanismDrivers} + allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} ovs: enable_tunneling: {get_input: neutron_enable_tunneling} local_ip: {get_input: controller_host} @@ -462,6 +530,8 @@ resources: username: {get_param: RabbitUserName} password: {get_param: RabbitPassword} cookie: {get_param: RabbitCookie} + rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} + rabbit_port: {get_param: RabbitClientPort} ntp: servers: - {server: {get_param: NtpServer}, fudge: "stratum 0"} @@ -499,6 +569,8 @@ resources: haproxy: net_binds: - ip: {get_param: VirtualIP} + options: + - option httpchk GET / services: - name: keystone_admin port: 35357 @@ -523,6 +595,7 @@ resources: - name: glance_registry port: 9191 net_binds: *public_binds + options: # overwrite options as glace_reg needs auth for http req - name: heat_api port: 8004 net_binds: *public_binds @@ -547,12 +620,18 @@ resources: - name: nova_metadata port: 8775 net_binds: *public_binds + - name: nova_novncproxy + port: 6080 + net_binds: *public_binds - name: ceilometer port: 8777 net_binds: *public_binds + options: # overwrite options as ceil needs auth for http req - name: swift_proxy_server port: 8080 net_binds: *public_binds + options: + - option httpchk GET /info - name: rabbitmq port: 5672 options: @@ -677,6 +756,28 @@ resources: input_values: passthrough_config_specific: {get_param: ControllerExtraConfig} + SwiftConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + swift: + hash: { get_input: swift_hash_suffix } + part-power: { get_input: swift_part_power } + replicas: {get_input: swift_replicas } + service-password: { get_input: swift_password } + + SwiftStorageDeploy: + type: OS::Heat::StructuredDeployment + properties: + server: {get_resource: Controller} + config: {get_resource: SwiftConfig} + signal_transport: NO_SIGNAL + input_values: + swift_hash_suffix: {get_param: SwiftHashSuffix} + swift_password: {get_param: SwiftPassword} + swift_part_power: {get_param: SwiftPartPower} + swift_replicas: { get_param: SwiftReplicas} outputs: ip_address: