{% for r in roles %}
- get_attr: [{{r.name}}ServiceChain, role_data, global_config_settings]
{% endfor %}
+ # This next step combines two yaql passes:
+ # - The inner one does a deep merge on the service_config_settings for all roles
+ # - The outer one filters the map based on the services enabled for the role
+ # then merges the result into one map.
+ - yaql:
+ expression: let(root => $) -> $.data.map.items().where($[0] in $root.data.services).select($[1]).reduce($1.mergeWith($2), {})
+ data:
+ map:
+ yaql:
+ expression: $.data.where($ != null).reduce($1.mergeWith($2), {})
+ data:
+ {% for r in roles %}
+ - get_attr: [{{r.name}}ServiceChain, role_data, service_config_settings]
+ {% endfor %}
+ services: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]}
ServiceNames: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]}
MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChain, role_data, monitoring_subscriptions]}
LoggingSources: {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]}
aodh::api::host: {get_param: [ServiceNetMap, AodhApiNetwork]}
aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]}
tripleo::profile::base::aodh::api::enable_combination_alarms: {get_param: EnableCombinationAlarms}
+ service_config_settings:
+ get_attr: [AodhBase, role_data, service_config_settings]
step_config: |
include tripleo::profile::base::aodh::api
aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
aodh::auth::auth_password: {get_param: AodhPassword}
- aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]}
- aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]}
- aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]}
- aodh::keystone::auth::password: {get_param: AodhPassword}
- aodh::keystone::auth::region: {get_param: KeystoneRegion}
- aodh::keystone::auth::tenant: 'service'
aodh::db::mysql::user: aodh
aodh::db::mysql::password: {get_param: AodhPassword}
aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- "%{hiera('mysql_bind_host')}"
aodh::auth::auth_region: 'regionOne'
aodh::auth::auth_tenant_name: 'service'
+ service_config_settings:
+ keystone:
+ aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]}
+ aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]}
+ aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]}
+ aodh::keystone::auth::password: {get_param: AodhPassword}
+ aodh::keystone::auth::region: {get_param: KeystoneRegion}
+ aodh::keystone::auth::tenant: 'service'
'"%{::fqdn_$NETWORK}"'
params:
$NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
+ service_config_settings:
+ get_attr: [CeilometerServiceBase, role_data, service_config_settings]
step_config: |
include ::tripleo::profile::base::ceilometer::api
ceilometer::dispatcher::gnocchi::filter_project: 'service'
ceilometer::dispatcher::gnocchi::archive_policy: 'low'
ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
- ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
- ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
- ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
- ceilometer::keystone::auth::password: {get_param: CeilometerPassword}
- ceilometer::keystone::auth::region: {get_param: KeystoneRegion}
- ceilometer::keystone::auth::tenant: 'service'
ceilometer::rabbit_userid: {get_param: RabbitUserName}
ceilometer::rabbit_password: {get_param: RabbitPassword}
ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
ceilometer::db::database_db_max_retries: -1
ceilometer::db::database_max_retries: -1
ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret}
+ service_config_settings:
+ keystone:
+ ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
+ ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
+ ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
+ ceilometer::keystone::auth::password: {get_param: CeilometerPassword}
+ ceilometer::keystone::auth::region: {get_param: KeystoneRegion}
+ ceilometer::keystone::auth::tenant: 'service'
tripleo.ceph_rgw.firewall_rules:
'122 ceph rgw':
dport: {get_param: [EndpointMap, CephRgwInternal, port]}
- ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]}
- ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
- ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
- ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
- ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
- ceph::rgw::keystone::auth::tenant: 'service'
step_config: |
include ::tripleo::profile::base::ceph::rgw
+ service_config_settings:
+ keystone:
+ ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]}
+ ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
+ ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
+ ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
+ ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
+ ceph::rgw::keystone::auth::tenant: 'service'
cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
cinder::keystone::authtoken::password: {get_param: CinderPassword}
cinder::keystone::authtoken::project_name: 'service'
- cinder::keystone::auth::tenant: 'service'
- cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]}
- cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
- cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
- cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
- cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
- cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
- cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]}
- cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]}
- cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]}
- cinder::keystone::auth::password: {get_param: CinderPassword}
- cinder::keystone::auth::region: {get_param: KeystoneRegion}
cinder::api::enable_proxy_headers_parsing: true
+
cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL'
# TODO(emilien) move it to puppet-cinder
cinder::config:
cinder::api::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
step_config: |
include ::tripleo::profile::base::cinder::api
+ service_config_settings:
+ keystone:
+ cinder::keystone::auth::tenant: 'service'
+ cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]}
+ cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
+ cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
+ cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
+ cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
+ cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
+ cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]}
+ cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]}
+ cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]}
+ cinder::keystone::auth::password: {get_param: CinderPassword}
+ cinder::keystone::auth::region: {get_param: KeystoneRegion}
glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
- glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
- glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
- glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
- glance::keystone::auth::password: {get_param: GlancePassword }
- glance::keystone::auth::region: {get_param: KeystoneRegion}
glance::registry::db::database_db_max_retries: -1
glance::registry::db::database_max_retries: -1
tripleo.glance_api.firewall_rules:
dport:
- 9292
- 13292
- glance::keystone::auth::tenant: 'service'
glance::api::authtoken::project_name: 'service'
glance::api::pipeline: 'keystone'
glance::api::show_image_direct_url: true
glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]}
step_config: |
include ::tripleo::profile::base::glance::api
+ service_config_settings:
+ keystone:
+ glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
+ glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
+ glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
+ glance::keystone::auth::password: {get_param: GlancePassword }
+ glance::keystone::auth::region: {get_param: KeystoneRegion}
+ glance::keystone::auth::tenant: 'service'
- 13041
gnocchi::api::enabled: true
gnocchi::api::service_name: 'httpd'
- gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
- gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
- gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
- gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
- gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
- gnocchi::keystone::auth::tenant: 'service'
gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword}
gnocchi::storage::swift::swift_authurl: {get_param: [EndpointMap, KeystoneInternal, uri]}
step_config: |
include ::tripleo::profile::base::gnocchi::api
+ service_config_settings:
+ keystone:
+ gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
+ gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
+ gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
+ gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
+ gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
+ gnocchi::keystone::auth::tenant: 'service'
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- heat::api_cfn::workers: {get_param: HeatWorkers}
- heat::keystone::auth_cfn::tenant: 'service'
- heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]}
- heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]}
- heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
- heat::keystone::auth_cfn::password: {get_param: HeatPassword}
- heat::keystone::auth::region: {get_param: KeystoneRegion}
tripleo.heat_api_cfn.firewall_rules:
'125 heat_cfn':
dport:
heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
step_config: |
include ::tripleo::profile::base::heat::api_cfn
+ service_config_settings:
+ keystone:
+ heat::keystone::auth_cfn::tenant: 'service'
+ heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]}
+ heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]}
+ heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
+ heat::keystone::auth_cfn::password: {get_param: HeatPassword}
+ heat::keystone::auth::region: {get_param: KeystoneRegion}
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- heat::api::workers: {get_param: HeatWorkers}
- heat::keystone::auth::tenant: 'service'
- heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]}
- heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]}
- heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
- heat::keystone::auth::password: {get_param: HeatPassword}
- heat::keystone::auth::region: {get_param: KeystoneRegion}
tripleo.heat_api.firewall_rules:
'125 heat_api':
dport:
heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
step_config: |
include ::tripleo::profile::base::heat::api
+ service_config_settings:
+ keystone:
+ heat::keystone::auth::tenant: 'service'
+ heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]}
+ heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]}
+ heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
+ heat::keystone::auth::password: {get_param: HeatPassword}
+ heat::keystone::auth::region: {get_param: KeystoneRegion}
ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
# This is used to build links in responses
ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
- ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
- ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
- ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
- ironic::keystone::auth::auth_name: 'ironic'
- ironic::keystone::auth::password: {get_param: IronicPassword }
- ironic::keystone::auth::tenant: 'service'
tripleo.ironic_api.firewall_rules:
'133 ironic api':
dport:
- 13385
step_config: |
include ::tripleo::profile::base::ironic::api
+ service_config_settings:
+ keystone:
+ ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
+ ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
+ ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
+ ironic::keystone::auth::auth_name: 'ironic'
+ ironic::keystone::auth::password: {get_param: IronicPassword }
+ ironic::keystone::auth::tenant: 'service'
manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
manila::keystone::authtoken::project_name: 'service'
- manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]}
- manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]}
- manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]}
- manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]}
- manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]}
- manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]}
- manila::keystone::auth::password: {get_param: ManilaPassword }
- manila::keystone::auth::region: {get_param: KeystoneRegion }
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
manila::api::enable_proxy_headers_parsing: true
step_config: |
include ::tripleo::profile::base::manila::api
-
+ service_config_settings:
+ keystone:
+ manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]}
+ manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]}
+ manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]}
+ manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]}
+ manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]}
+ manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]}
+ manila::keystone::auth::password: {get_param: ManilaPassword}
+ manila::keystone::auth::region: {get_param: KeystoneRegion}
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/ovs_neutron'
- neutron::keystone::auth::tenant: 'service'
- neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
- neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
- neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
- neutron::keystone::auth::password: {get_param: NeutronPassword}
- neutron::keystone::auth::region: {get_param: KeystoneRegion}
neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
neutron::server::api_workers: {get_param: NeutronWorkers}
neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]}
step_config: |
include tripleo::profile::base::neutron::server
+ service_config_settings:
+ keystone:
+ neutron::keystone::auth::tenant: 'service'
+ neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
+ neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
+ neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
+ neutron::keystone::auth::password: {get_param: NeutronPassword}
+ neutron::keystone::auth::region: {get_param: KeystoneRegion}
nova::api::default_floating_pool: 'public'
nova::api::sync_db_api: true
nova::api::enable_proxy_headers_parsing: true
- nova::keystone::auth::tenant: 'service'
- nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
- nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
- nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
- nova::keystone::auth::password: {get_param: NovaPassword}
- nova::keystone::auth::region: {get_param: KeystoneRegion}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
step_config: |
include tripleo::profile::base::nova::api
+ service_config_settings:
+ keystone:
+ nova::keystone::auth::tenant: 'service'
+ nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
+ nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
+ nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
+ nova::keystone::auth::password: {get_param: NovaPassword}
+ nova::keystone::auth::region: {get_param: KeystoneRegion}
- get_attr: [SaharaBase, role_data, config_settings]
- sahara::port: {get_param: [EndpointMap, SaharaInternal, port]}
sahara::service::api::api_workers: {get_param: SaharaWorkers}
- sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]}
- sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]}
- sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]}
- sahara::keystone::auth::password: {get_param: SaharaPassword }
- sahara::keystone::auth::region: {get_param: KeystoneRegion}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
- 13386
step_config: |
include ::tripleo::profile::base::sahara::api
+ service_config_settings:
+ keystone:
+ sahara::keystone::auth::tenant: 'service'
+ sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]}
+ sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]}
+ sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]}
+ sahara::keystone::auth::password: {get_param: SaharaPassword }
+ sahara::keystone::auth::region: {get_param: KeystoneRegion}
- storm
sahara::rpc_backend: rabbit
sahara::admin_tenant_name: 'service'
- sahara::keystone::auth::tenant: 'service'
sahara::db::database_db_max_retries: -1
sahara::db::database_max_retries: -1
yaql:
expression: list($.data.where($ != null).select($.get('global_config_settings')).where($ != null))
data: {get_attr: [ServiceChain, role_data]}
+ service_config_settings:
+ yaql:
+ expression: $.data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {})
+ data: {get_attr: [ServiceChain, role_data]}
step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]}
swift::proxy::authtoken::project_name: 'service'
swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
swift::proxy::workers: {get_param: SwiftWorkers}
- swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
- swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
- swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
- swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
- swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
- swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
- swift::keystone::auth::password: {get_param: SwiftPassword}
- swift::keystone::auth::region: {get_param: KeystoneRegion}
tripleo.swift_proxy.firewall_rules:
'122 swift proxy':
dport:
- 8080
- 13808
- swift::keystone::auth::tenant: 'service'
- swift::keystone::auth::configure_s3_endpoint: false
- swift::keystone::auth::operator_roles:
- - admin
- - swiftoperator
- - ResellerAdmin
swift::proxy::keystone::operator_roles:
- admin
- swiftoperator
swift::proxy::proxy_local_net_ip: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
step_config: |
include ::tripleo::profile::base::swift::proxy
+ service_config_settings:
+ keystone:
+ swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
+ swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
+ swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
+ swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
+ swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
+ swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
+ swift::keystone::auth::password: {get_param: SwiftPassword}
+ swift::keystone::auth::region: {get_param: KeystoneRegion}
+ swift::keystone::auth::tenant: 'service'
+ swift::keystone::auth::configure_s3_endpoint: false
+ swift::keystone::auth::operator_roles:
+ - admin
+ - swiftoperator
+ - ResellerAdmin