X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fhieradata%2Fcontroller.yaml;h=b0e6ae96ad9ae68494d879484d9660a1aed59ee3;hb=31c91bed886f76e107a78021977e4c9bd338c76a;hp=25719709c76699cf1f075a156217dc9d53386f8a;hpb=1a0f4eefc8d590ee9da6612b34a018d5055397bd;p=apex-tripleo-heat-templates.git diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 25719709..e80bee07 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -30,15 +30,30 @@ redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}" redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh' # service tenant -nova::api::admin_tenant_name: 'service' glance::api::keystone_tenant: 'service' glance::registry::keystone_tenant: 'service' neutron::server::auth_tenant: 'service' neutron::agents::metadata::auth_tenant: 'service' +neutron::agents::l3::router_delete_namespaces: True +neutron::agents::dhcp::dhcp_delete_namespaces: True cinder::api::keystone_tenant: 'service' swift::proxy::authtoken::admin_tenant_name: 'service' ceilometer::api::keystone_tenant: 'service' heat::keystone_tenant: 'service' +sahara::admin_tenant_name: 'service' + +# keystone +keystone::cron::token_flush::maxdelay: 3600 +keystone::roles::admin::service_tenant: 'service' +keystone::roles::admin::admin_tenant: 'admin' +keystone::cron::token_flush::destination: '/dev/null' +keystone::config::keystone_config: + DEFAULT/secure_proxy_ssl_header: + value: 'HTTP_X_FORWARDED_PROTO' + ec2/driver: + value: 'keystone.contrib.ec2.backends.sql.Ec2' +keystone::service_name: 'httpd' +keystone::wsgi::apache::ssl: false #swift swift::proxy::pipeline: @@ -48,9 +63,9 @@ swift::proxy::pipeline: - 'ratelimit' - 'tempurl' - 'formpost' - - 'staticweb' - 'authtoken' - 'keystone' + - 'staticweb' - 'proxy-logging' - 'proxy-server' @@ -58,40 +73,56 @@ swift::proxy::account_autocreate: true # glance glance::api::pipeline: 'keystone' +glance::api::show_image_direct_url: true glance::registry::pipeline: 'keystone' glance::backend::swift::swift_store_create_container_on_put: true glance::backend::rbd::rbd_store_user: 'openstack' +glance_file_pcmk_directory: '/var/lib/glance/images' # neutron -neutron::core_plugin: 'ml2' -neutron::service_plugins: - - 'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin' neutron::server::sync_db: true neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf # nova nova::notify_on_state_change: 'vm_and_task_state' +nova::api::default_floating_pool: 'public' nova::api::osapi_v3: true +nova::api::sync_db_api: true +nova::scheduler::filter::ram_allocation_ratio: '1.0' +nova::cron::archive_deleted_rows::hour: '*/12' +nova::cron::archive_deleted_rows::destination: '/dev/null' +nova::notification_driver: messaging -nova::config::nova_config: - DEFAULT/default_floating_pool: - value: 'public' +# ceilometer +ceilometer::agent::auth::auth_endpoint_type: 'internalURL' # cinder cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler +cinder::cron::db_purge::destination: '/dev/null' +cinder::host: hostgroup +cinder_user_enabled_backends: [] # heat heat::engine::configure_delegated_roles: false heat::engine::trusts_delegated_roles: [] heat::instance_user: '' +heat::cron::purge_deleted::age: 30 +heat::cron::purge_deleted::age_type: 'days' +heat::cron::purge_deleted::maxdelay: 3600 +heat::cron::purge_deleted::destination: '/dev/null' # pacemaker pacemaker::corosync::cluster_name: 'tripleo_cluster' pacemaker::corosync::manage_fw: false +pacemaker::resource_defaults::defaults: + resource-stickiness: { value: INFINITY } # horizon -horizon::allowed_hosts: '*' +horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache horizon::django_session_engine: 'django.contrib.sessions.backends.cache' +horizon::vhost_extra_params: + add_listen: false + priority: 10 # mysql mysql::server::manage_config_file: true @@ -109,6 +140,7 @@ tripleo::loadbalancer::nova_metadata: true tripleo::loadbalancer::nova_novncproxy: true tripleo::loadbalancer::mysql: true tripleo::loadbalancer::redis: true +tripleo::loadbalancer::sahara: true tripleo::loadbalancer::swift_proxy_server: true tripleo::loadbalancer::ceilometer: true tripleo::loadbalancer::heat_api: true @@ -117,3 +149,109 @@ tripleo::loadbalancer::heat_cfn: true tripleo::loadbalancer::horizon: true controller_classes: [] +# firewall +tripleo::firewall::firewall_rules: + '101 mongodb_config': + port: 27019 + '102 mongodb_sharding': + port: 27018 + '103 mongod': + port: 27017 + '104 mysql galera': + port: + - 873 + - 3306 + - 4444 + - 4567 + - 4568 + - 9200 + '105 ntp': + port: 123 + proto: udp + '106 vrrp': + proto: vrrp + '107 haproxy stats': + port: 1993 + '108 redis': + port: + - 6379 + - 26379 + '109 rabbitmq': + port: + - 5672 + - 35672 + '110 ceph': + port: + - 6789 + - '6800-6810' + '111 keystone': + port: + - 5000 + - 13000 + - 35357 + - 13357 + '112 glance': + port: + - 9292 + - 9191 + - 13292 + '113 nova': + port: + - 6080 + - 13080 + - 8773 + - 3773 + - 8774 + - 13774 + - 8775 + '114 neutron server': + port: + - 9696 + - 13696 + '115 neutron dhcp input': + proto: 'udp' + port: 67 + '116 neutron dhcp output': + proto: 'udp' + chain: 'OUTPUT' + port: 68 + '118 neutron vxlan networks': + proto: 'udp' + port: 4789 + '119 cinder': + port: + - 8776 + - 13776 + '120 iscsi initiator': + port: 3260 + '121 memcached': + port: 11211 + '122 swift proxy': + port: + - 8080 + - 13808 + '123 swift storage': + port: + - 873 + - 6000 + - 6001 + - 6002 + '124 ceilometer': + port: + - 8777 + - 13777 + '125 heat': + port: + - 8000 + - 13800 + - 8003 + - 13003 + - 8004 + - 13004 + '126 horizon': + port: + - 80 + - 443 + '127 snmp': + port: 161 + proto: 'udp'