X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fcontroller.yaml;h=69690f6057e3fe99b34eac20a2e19772504b14be;hb=cd9264d8d13fe0d460cb0497e554c0028e4c9eee;hp=1674e4d6ab6551eac7bf9e25118f479c4b7f9ea6;hpb=ef7d2abd4051c891f36e7b0cac175a5835694986;p=apex-tripleo-heat-templates.git diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 1674e4d6..69690f60 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -4,6 +4,11 @@ description: > OpenStack controller node configured by Puppet. parameters: + AdminEmail: + default: 'admin@example.com' + description: The email for the keystone admin account. + type: string + hidden: true AdminPassword: default: unset description: The password for the keystone admin account, used for monitoring, querying neutron etc. @@ -14,6 +19,9 @@ parameters: description: The keystone auth secret and db password. type: string hidden: true + CeilometerApiVirtualIP: + type: string + default: '' CeilometerBackend: default: 'mongodb' description: The ceilometer backend type. @@ -28,6 +36,9 @@ parameters: description: The password for the ceilometer service and db account. type: string hidden: true + CinderApiVirtualIP: + type: string + default: '' CinderEnableNfsBackend: default: false description: Whether to enable or not the NFS backend for Cinder @@ -174,6 +185,34 @@ parameters: type: string constraints: - allowed_values: ['swift', 'file', 'rbd'] + GlanceFilePcmkDevice: + default: '' + description: > + An exported storage device that should be mounted by Pacemaker + as Glance storage. Effective when GlanceFilePcmkManage is true. + type: string + GlanceFilePcmkFstype: + default: 'nfs' + description: > + Filesystem type for Pacemaker mount used as Glance storage. + Effective when GlanceFilePcmkManage is true. + type: string + GlanceFilePcmkManage: + default: false + description: > + Whether to make Glance file backend a mount managed by Pacemaker. + Effective when GlanceBackend is 'file'. + type: boolean + GlanceFilePcmkOptions: + default: '' + description: > + Mount options for Pacemaker mount used as Glance storage. + Effective when GlanceFilePcmkManage is true. + type: string + HAProxySyslogAddress: + default: /dev/log + description: Syslog address where HAproxy will send its log + type: string HeatPassword: default: unset description: The password for the Heat service and db account, used by the Heat services. @@ -187,6 +226,7 @@ parameters: HeatAuthEncryptionKey: description: Auth encryption key for heat-engine type: string + hidden: true HorizonAllowedHosts: default: '*' description: A list of IP/Hostname allowed to connect to horizon @@ -194,6 +234,7 @@ parameters: HorizonSecret: description: Secret key for Django type: string + hidden: true Image: type: string default: overcloud-control @@ -241,6 +282,10 @@ parameters: type: string constraints: - allowed_values: [ 'basic', 'cadf' ] + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint MysqlClusterUniquePart: description: A unique identifier of the MySQL cluster the controller is in. type: string @@ -301,6 +346,7 @@ parameters: default: 'unset' description: Shared secret to prevent spoofing type: string + hidden: true NeutronCorePlugin: default: 'ml2' description: | @@ -399,6 +445,9 @@ parameters: of VXLAN VNI IDs that are available for tenant network allocation default: ["1:1000", ] type: comma_delimited_list + NovaApiVirtualIP: + type: string + default: '' NovaPassword: default: unset description: The password for the nova service and db account, used by nova-api. @@ -414,13 +463,14 @@ parameters: PcsdPassword: type: string description: The password for the 'pcsd' user. + hidden: true PublicVirtualInterface: default: 'br-ex' description: > Specifies the interface where the public-facing virtual ip will be assigned. This should be int_public when a VLAN is being used. type: string - PublicVirtualIP: # DEPRECATED: use per service settings instead + PublicVirtualIP: type: string default: '' # Has to be here because of the ignored empty value bug RabbitCookie: @@ -500,6 +550,9 @@ parameters: services. hidden: true type: string + SwiftProxyVirtualIP: + type: string + default: '' SwiftReplicas: type: number default: 3 @@ -655,6 +708,7 @@ resources: input_values: bootstack_nodeid: {get_attr: [Controller, name]} neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} + haproxy_log_address: {get_param: HAProxySyslogAddress} heat.watch_server_url: list_join: - '' @@ -673,9 +727,28 @@ resources: - - 'http://' - {get_param: HeatApiVirtualIP} - ':8000/v1/waitcondition' + heat_public_url: + list_join: + - '' + - - 'http://' + - {get_param: PublicVirtualIP} + - ':8004/v1/%(tenant_id)s' + heat_internal_url: + list_join: + - '' + - - 'http://' + - {get_param: HeatApiVirtualIP} + - ':8004/v1/%(tenant_id)s' + heat_admin_url: + list_join: + - '' + - - 'http://' + - {get_param: HeatApiVirtualIP} + - ':8004/v1/%(tenant_id)s' heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} horizon_allowed_hosts: {get_param: HorizonAllowedHosts} horizon_secret: {get_param: HorizonSecret} + admin_email: {get_param: AdminEmail} admin_password: {get_param: AdminPassword} admin_token: {get_param: AdminToken} neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP} @@ -704,9 +777,49 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/cinder' + cinder_public_url: + list_join: + - '' + - - 'http://' + - {get_param: PublicVirtualIP} + - ':8776/v1/%(tenant_id)s' + cinder_internal_url: + list_join: + - '' + - - 'http://' + - {get_param: CinderApiVirtualIP} + - ':8776/v1/%(tenant_id)s' + cinder_admin_url: + list_join: + - '' + - - 'http://' + - {get_param: CinderApiVirtualIP} + - ':8776/v1/%(tenant_id)s' + cinder_public_url_v2: + list_join: + - '' + - - 'http://' + - {get_param: PublicVirtualIP} + - ':8776/v2/%(tenant_id)s' + cinder_internal_url_v2: + list_join: + - '' + - - 'http://' + - {get_param: CinderApiVirtualIP} + - ':8776/v2/%(tenant_id)s' + cinder_admin_url_v2: + list_join: + - '' + - - 'http://' + - {get_param: CinderApiVirtualIP} + - ':8776/v2/%(tenant_id)s' glance_port: {get_param: GlancePort} glance_password: {get_param: GlancePassword} glance_backend: {get_param: GlanceBackend} + glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice} + glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype} + glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage} + glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions} glance_notifier_strategy: {get_param: GlanceNotifierStrategy} glance_log_file: {get_param: GlanceLogFile} glance_dsn: @@ -748,13 +861,25 @@ resources: - '' - - 'http://' - {get_param: KeystoneAdminApiVirtualIP} - - ':35357/' + - ':35357' keystone_auth_uri: list_join: - '' - - 'http://' - {get_param: KeystonePublicApiVirtualIP} - ':5000/v2.0/' + keystone_public_url: + list_join: + - '' + - - 'http://' + - {get_param: PublicVirtualIP} + - ':5000' + keystone_internal_url: + list_join: + - '' + - - 'http://' + - {get_param: KeystonePublicApiVirtualIP} + - ':5000' keystone_ec2_uri: list_join: - '' @@ -840,7 +965,19 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/ovs_neutron?charset=utf8' - neutron_url: + neutron_internal_url: + list_join: + - '' + - - 'http://' + - {get_param: NeutronApiVirtualIP} + - ':9696' + neutron_public_url: + list_join: + - '' + - - 'http://' + - {get_param: PublicVirtualIP} + - ':9696' + neutron_admin_url: list_join: - '' - - 'http://' @@ -864,9 +1001,29 @@ resources: ceilometer_dsn: list_join: - '' - - - 'mysql://ceilometer:unset@' + - - 'mysql://ceilometer:' + - {get_param: CeilometerPassword} + - '@' - {get_param: MysqlVirtualIP} - '/ceilometer' + ceilometer_public_url: + list_join: + - '' + - - 'http://' + - {get_param: PublicVirtualIP} + - ':8777' + ceilometer_internal_url: + list_join: + - '' + - - 'http://' + - {get_param: CeilometerApiVirtualIP} + - ':8777' + ceilometer_admin_url: + list_join: + - '' + - - 'http://' + - {get_param: CeilometerApiVirtualIP} + - ':8777' snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} nova_password: {get_param: NovaPassword} @@ -878,6 +1035,60 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/nova' + nova_public_url: + list_join: + - '' + - - 'http://' + - {get_param: PublicVirtualIP} + - ':8774/v2/%(tenant_id)s' + nova_internal_url: + list_join: + - '' + - - 'http://' + - {get_param: NovaApiVirtualIP} + - ':8774/v2/%(tenant_id)s' + nova_admin_url: + list_join: + - '' + - - 'http://' + - {get_param: NovaApiVirtualIP} + - ':8774/v2/%(tenant_id)s' + nova_v3_public_url: + list_join: + - '' + - - 'http://' + - {get_param: PublicVirtualIP} + - ':8774/v3' + nova_v3_internal_url: + list_join: + - '' + - - 'http://' + - {get_param: NovaApiVirtualIP} + - ':8774/v3' + nova_v3_admin_url: + list_join: + - '' + - - 'http://' + - {get_param: NovaApiVirtualIP} + - ':8774/v3' + nova_ec2_public_url: + list_join: + - '' + - - 'http://' + - {get_param: PublicVirtualIP} + - ':8773/services/Cloud' + nova_ec2_internal_url: + list_join: + - '' + - - 'http://' + - {get_param: NovaApiVirtualIP} + - ':8773/services/Cloud' + nova_ec2_admin_url: + list_join: + - '' + - - 'http://' + - {get_param: NovaApiVirtualIP} + - ':8773/services/Admin' fencing_config: {get_param: FencingConfig} pcsd_password: {get_param: PcsdPassword} rabbit_username: {get_param: RabbitUserName} @@ -907,6 +1118,42 @@ resources: swift_replicas: {get_param: SwiftReplicas} swift_min_part_hours: {get_param: SwiftMinPartHours} swift_mount_check: {get_param: SwiftMountCheck} + swift_public_url: + list_join: + - '' + - - 'http://' + - {get_param: PublicVirtualIP} + - ':8080/v1/AUTH_%(tenant_id)s' + swift_internal_url: + list_join: + - '' + - - 'http://' + - {get_param: SwiftProxyVirtualIP} + - ':8080/v1/AUTH_%(tenant_id)s' + swift_admin_url: + list_join: + - '' + - - 'http://' + - {get_param: SwiftProxyVirtualIP} + - ':8080' + swift_public_url_s3: + list_join: + - '' + - - 'http://' + - {get_param: PublicVirtualIP} + - ':8080' + swift_internal_url_s3: + list_join: + - '' + - - 'http://' + - {get_param: SwiftProxyVirtualIP} + - ':8080' + swift_admin_url_s3: + list_join: + - '' + - - 'http://' + - {get_param: SwiftProxyVirtualIP} + - ':8080' enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} @@ -924,9 +1171,34 @@ resources: - ':' - {get_param: GlancePort} glance_registry_host: {get_param: GlanceRegistryVirtualIP} + glance_public_url: + list_join: + - '' + - - {get_param: GlanceProtocol} + - '://' + - {get_param: PublicVirtualIP} + - ':' + - {get_param: GlancePort} + glance_internal_url: + list_join: + - '' + - - {get_param: GlanceProtocol} + - '://' + - {get_param: GlanceApiVirtualIP} + - ':' + - {get_param: GlancePort} + glance_admin_url: + list_join: + - '' + - - {get_param: GlanceProtocol} + - '://' + - {get_param: GlanceApiVirtualIP} + - ':' + - {get_param: GlancePort} heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} + keystone_region: {get_param: KeystoneRegion} mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]} neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} @@ -1009,6 +1281,14 @@ resources: tripleo::ringbuilder::replicas: {get_input: swift_replicas} tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours} swift_mount_check: {get_input: swift_mount_check} + swift::keystone::auth::public_url: {get_input: swift_public_url } + swift::keystone::auth::internal_url: {get_input: swift_internal_url } + swift::keystone::auth::admin_url: {get_input: swift_admin_url } + swift::keystone::auth::public_url_s3: {get_input: swift_public_url_v3 } + swift::keystone::auth::internal_url_s3: {get_input: swift_internal_url_v3 } + swift::keystone::auth::admin_url_s3: {get_input: swift_admin_url_v3 } + swift::keystone::auth::password: {get_input: swift_password } + swift::keystone::auth::region: {get_input: keystone_region} # NOTE(dprince): build_ring support is currently not wired in. # See: https://review.openstack.org/#/c/109225/ @@ -1036,6 +1316,14 @@ resources: cinder::glance::glance_api_servers: {get_input: glance_api_servers} cinder_backend_config: {get_input: CinderBackendConfig} cinder::db::mysql::password: {get_input: cinder_password} + cinder::keystone::auth::public_url: {get_input: cinder_public_url } + cinder::keystone::auth::internal_url: {get_input: cinder_internal_url } + cinder::keystone::auth::admin_url: {get_input: cinder_admin_url } + cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 } + cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 } + cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 } + cinder::keystone::auth::password: {get_input: cinder_password } + cinder::keystone::auth::region: {get_input: keystone_region} # Glance glance::api::bind_port: {get_input: glance_port} @@ -1060,6 +1348,15 @@ resources: glance::backend::swift::swift_store_key: {get_input: glance_password} glance_backend: {get_input: glance_backend} glance::db::mysql::password: {get_input: glance_password} + glance::keystone::auth::public_url: {get_input: glance_public_url } + glance::keystone::auth::internal_url: {get_input: glance_internal_url } + glance::keystone::auth::admin_url: {get_input: glance_admin_url } + glance::keystone::auth::password: {get_input: glance_password } + glance::keystone::auth::region: {get_input: keystone_region} + glance_file_pcmk_device: {get_input: glance_file_pcmk_device} + glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype} + glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage} + glance_file_pcmk_options: {get_input: glance_file_pcmk_options} # Heat heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password} @@ -1081,6 +1378,11 @@ resources: heat::database_connection: {get_input: heat_dsn} heat::debug: {get_input: debug} heat::db::mysql::password: {get_input: heat_password} + heat::keystone::auth::public_url: {get_input: heat_public_url } + heat::keystone::auth::internal_url: {get_input: heat_internal_url } + heat::keystone::auth::admin_url: {get_input: heat_admin_url } + heat::keystone::auth::password: {get_input: heat_password } + heat::keystone::auth::region: {get_input: keystone_region} # Keystone keystone::admin_token: {get_input: admin_token} @@ -1100,6 +1402,12 @@ resources: keystone::rabbit_port: {get_input: rabbit_client_port} keystone::notification_driver: {get_input: keystone_notification_driver} keystone::notification_format: {get_input: keystone_notification_format} + keystone::roles::admin::email: {get_input: admin_email} + keystone::roles::admin::password: {get_input: admin_password} + keystone::endpoint::public_url: {get_input: keystone_public_url} + keystone::endpoint::internal_url: {get_input: keystone_internal_url} + keystone::endpoint::admin_url: {get_input: keystone_identity_uri} + keystone::endpoint::region: {get_input: keystone_region} # MongoDB mongodb::server::bind_ip: {get_input: mongo_db_network} mongodb::server::nojournal: {get_input: mongodb_no_journal} @@ -1118,7 +1426,7 @@ resources: # Neutron neutron::bind_host: {get_input: neutron_api_network} neutron::rabbit_password: {get_input: rabbit_password} - neutron::rabbit_user: {get_input: rabbit_user} + neutron::rabbit_user: {get_input: rabbit_username} neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} neutron::rabbit_port: {get_input: rabbit_client_port} neutron::debug: {get_input: debug} @@ -1156,6 +1464,11 @@ resources: neutron_dsn: {get_input: neutron_dsn} neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri} neutron::db::mysql::password: {get_input: neutron_password} + neutron::keystone::auth::public_url: {get_input: neutron_public_url } + neutron::keystone::auth::internal_url: {get_input: neutron_internal_url } + neutron::keystone::auth::admin_url: {get_input: neutron_admin_url } + neutron::keystone::auth::password: {get_input: neutron_password } + neutron::keystone::auth::region: {get_input: keystone_region} # Ceilometer ceilometer_backend: {get_input: ceilometer_backend} @@ -1174,6 +1487,11 @@ resources: ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address} ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url} ceilometer::db::mysql::password: {get_input: ceilometer_password} + ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url } + ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url } + ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url } + ceilometer::keystone::auth::password: {get_input: ceilometer_password } + ceilometer::keystone::auth::region: {get_input: keystone_region} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} @@ -1192,10 +1510,21 @@ resources: nova::glance_api_servers: {get_input: glance_api_servers} nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} nova::network::neutron::neutron_admin_password: {get_input: neutron_password} - nova::network::neutron::neutron_url: {get_input: neutron_url} + nova::network::neutron::neutron_url: {get_input: neutron_internal_url} nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url} nova::vncproxy::host: {get_input: nova_api_network} nova::db::mysql::password: {get_input: nova_password} + nova::keystone::auth::public_url: {get_input: nova_public_url} + nova::keystone::auth::internal_url: {get_input: nova_internal_url} + nova::keystone::auth::admin_url: {get_input: nova_admin_url} + nova::keystone::auth::public_url_v3: {get_input: nova_v3_public_url} + nova::keystone::auth::internal_url_v3: {get_input: nova_v3_internal_url} + nova::keystone::auth::admin_url_v3: {get_input: nova_v3_admin_url} + nova::keystone::auth::ec2_public_url: {get_input: nova_ec2_public_url} + nova::keystone::auth::ec2_internal_url: {get_input: nova_ec2_internal_url} + nova::keystone::auth::ec2_admin_url: {get_input: nova_ec2_admin_url} + nova::keystone::auth::password: {get_input: nova_password } + nova::keystone::auth::region: {get_input: keystone_region} # Horizon apache::ip: {get_input: horizon_network} @@ -1209,6 +1538,8 @@ resources: rabbitmq::node_ip_address: {get_input: rabbitmq_network} rabbitmq::erlang_cookie: {get_input: rabbit_cookie} rabbitmq::file_limit: {get_input: rabbit_fd_limit} + rabbitmq::default_user: {get_input: rabbit_username} + rabbitmq::default_pass: {get_input: rabbit_password} # Redis redis::bind: {get_input: redis_network} redis_vip: {get_input: redis_vip} @@ -1220,6 +1551,7 @@ resources: public_virtual_interface: {get_input: public_virtual_interface} tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface} tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface} + tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address} tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}