X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fservices%2Fswift-proxy.yaml;h=dd242fb55c8f5e0193cf1d6f1251bbc5e2c0ac27;hb=c89097c20220bc2266872d7bb01cce28fa01793b;hp=930b9e3d623925ca443b36219c633486bbd57f11;hpb=a6648b2cfb6a6833311048f3aab3d2fb6d92ffc1;p=apex-tripleo-heat-templates.git

diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index 930b9e3d..dd242fb5 100644
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -4,6 +4,15 @@ description: >
   OpenStack Swift Proxy service configured with Puppet
 
 parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -30,25 +39,73 @@ parameters:
     default: 'regionOne'
     description: Keystone region for endpoint
 
+resources:
+  SwiftBase:
+    type: ./swift-base.yaml
+    properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
 
 outputs:
   role_data:
     description: Role data for the Swift proxy service.
     value:
+      service_name: swift_proxy
       config_settings:
-        # Swift
-        swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
-        swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
-        swift::proxy::authtoken::admin_password: {get_param: SwiftPassword}
-        swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
-        swift::proxy::workers: {get_param: SwiftWorkers}
-        swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
-        swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
-        swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
-        swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
-        swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
-        swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
-        swift::keystone::auth::password: {get_param: SwiftPassword}
-        swift::keystone::auth::region: {get_param: KeystoneRegion}
+        map_merge:
+          - get_attr: [SwiftBase, role_data, config_settings]
+
+          - swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+            swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+            swift::proxy::authtoken::password: {get_param: SwiftPassword}
+            swift::proxy::authtoken::project_name: 'service'
+            swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
+            swift::proxy::workers: {get_param: SwiftWorkers}
+            swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
+            swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
+            swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
+            swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
+            swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
+            swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
+            swift::keystone::auth::password: {get_param: SwiftPassword}
+            swift::keystone::auth::region: {get_param: KeystoneRegion}
+            tripleo.swift_proxy.firewall_rules:
+              '122 swift proxy':
+                dport:
+                  - 8080
+                  - 13808
+            swift::keystone::auth::tenant: 'service'
+            swift::keystone::auth::configure_s3_endpoint: false
+            swift::keystone::auth::operator_roles:
+              - admin
+              - swiftoperator
+              - ResellerAdmin
+            swift::proxy::keystone::operator_roles:
+              - admin
+              - swiftoperator
+              - ResellerAdmin
+            swift::proxy::pipeline:
+              - 'catch_errors'
+              - 'healthcheck'
+              - 'proxy-logging'
+              - 'cache'
+              - 'ratelimit'
+              - 'bulk'
+              - 'tempurl'
+              - 'formpost'
+              - 'authtoken'
+              - 'keystone'
+              - 'staticweb'
+              - 'proxy-logging'
+              - 'proxy-server'
+            swift::proxy::account_autocreate: true
+            # NOTE: bind IP is found in Heat replacing the network name with the
+            # local node IP for the given network; replacement examples
+            # (eg. for internal_api):
+            # internal_api -> IP
+            # internal_api_uri -> [IP]
+            # internal_api_subnet - > IP/CIDR
+            swift::proxy::proxy_local_net_ip: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
       step_config: |
         include ::tripleo::profile::base::swift::proxy