may be implementation specific, e.g puppet hieradata. Any role specific
ExtraConfig, e.g controllerExtraConfig takes precedence over ExtraConfig.
type: json
- SwiftHashSuffix:
- description: A random string to be used as a salt when hashing to determine mappings in the ring.
- type: string
- hidden: true
-
# Compute-specific params
ComputeCount:
resource_def:
type: OS::TripleO::ObjectStorage
properties:
- HashSuffix: {get_param: SwiftHashSuffix}
UpdateIdentifier: {get_param: UpdateIdentifier}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
Hostname:
type: string
default: '' # Has to be here because of the ignored empty value bug
description: An IP address which is wrapped in brackets in case of IPv6
- SwiftHashSuffix:
- description: A random string to be used as a salt when hashing to determine mappings
- in the ring.
- hidden: true
- type: string
SwiftRawDisks:
default: {}
description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
instance_name_template: {get_param: InstanceNameTemplate}
fencing_config: {get_param: FencingConfig}
pcsd_password: {get_param: PcsdPassword}
- swift_hash_suffix: {get_param: SwiftHashSuffix}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
- swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
corosync_ipv6: {get_input: corosync_ipv6}
tripleo::fencing::config: {get_input: fencing_config}
- # Swift
- # FIXME: need to move proxy_local_net_ip into swift-proxy.yaml
- swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
- swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
- swift::swift_hash_path_suffix: {get_input: swift_hash_suffix}
-
# Keystone
keystone::admin_bind_host: {get_input: keystone_admin_api_network}
keystone::public_bind_host: {get_input: keystone_public_api_network}
--- /dev/null
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Swift Proxy service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ SwiftHashSuffix:
+ description: A random string to be used as a salt when hashing to determine mappings
+ in the ring.
+ hidden: true
+ type: string
+
+outputs:
+ role_data:
+ description: Role data for the Swift common swift settings.
+ value:
+ service_name: swift_base
+ config_settings:
+ swift::swift_hash_path_suffix: {get_param: SwiftHashSuffix}
default: 'regionOne'
description: Keystone region for endpoint
+resources:
+ SwiftBase:
+ type: ./swift-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
value:
service_name: swift_proxy
config_settings:
- # Swift
- swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
- swift::proxy::authtoken::admin_password: {get_param: SwiftPassword}
- swift::proxy::authtoken::admin_tenant_name: 'service'
- swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
- swift::proxy::workers: {get_param: SwiftWorkers}
- swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
- swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
- swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
- swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
- swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
- swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
- swift::keystone::auth::password: {get_param: SwiftPassword}
- swift::keystone::auth::region: {get_param: KeystoneRegion}
- tripleo.swift_proxy.firewall_rules:
- '122 swift proxy':
- dport:
- - 8080
- - 13808
- swift::keystone::auth::tenant: 'service'
- swift::keystone::auth::configure_s3_endpoint: false
- swift::keystone::auth::operator_roles:
- - admin
- - swiftoperator
- - ResellerAdmin
- swift::proxy::keystone::operator_roles:
- - admin
- - swiftoperator
- - ResellerAdmin
- swift::proxy::pipeline:
- - 'catch_errors'
- - 'healthcheck'
- - 'proxy-logging'
- - 'cache'
- - 'ratelimit'
- - 'bulk'
- - 'tempurl'
- - 'formpost'
- - 'authtoken'
- - 'keystone'
- - 'staticweb'
- - 'proxy-logging'
- - 'proxy-server'
- swift::proxy::account_autocreate: true
+ map_merge:
+ - get_attr: [SwiftBase, role_data, config_settings]
+
+ - swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ swift::proxy::authtoken::admin_password: {get_param: SwiftPassword}
+ swift::proxy::authtoken::admin_tenant_name: 'service'
+ swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
+ swift::proxy::workers: {get_param: SwiftWorkers}
+ swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
+ swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
+ swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
+ swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
+ swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
+ swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
+ swift::keystone::auth::password: {get_param: SwiftPassword}
+ swift::keystone::auth::region: {get_param: KeystoneRegion}
+ tripleo.swift_proxy.firewall_rules:
+ '122 swift proxy':
+ dport:
+ - 8080
+ - 13808
+ swift::keystone::auth::tenant: 'service'
+ swift::keystone::auth::configure_s3_endpoint: false
+ swift::keystone::auth::operator_roles:
+ - admin
+ - swiftoperator
+ - ResellerAdmin
+ swift::proxy::keystone::operator_roles:
+ - admin
+ - swiftoperator
+ - ResellerAdmin
+ swift::proxy::pipeline:
+ - 'catch_errors'
+ - 'healthcheck'
+ - 'proxy-logging'
+ - 'cache'
+ - 'ratelimit'
+ - 'bulk'
+ - 'tempurl'
+ - 'formpost'
+ - 'authtoken'
+ - 'keystone'
+ - 'staticweb'
+ - 'proxy-logging'
+ - 'proxy-server'
+ swift::proxy::account_autocreate: true
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ swift::proxy::proxy_local_net_ip: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
step_config: |
include ::tripleo::profile::base::swift::proxy
parameters:
- ControllerEnableSwiftStorage
+resources:
+ SwiftBase:
+ type: ./swift-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
outputs:
role_data:
description: Role data for the Swift Proxy role.
value:
service_name: swift_storage
config_settings:
- # Swift
- swift::storage::all::mount_check: {get_param: SwiftMountCheck}
- tripleo::profile::base::swift::storage::enable_swift_storage: {get_param: ControllerEnableSwiftStorage}
- tripleo.swift_storage.firewall_rules:
- '123 swift storage':
- dport:
- - 873
- - 6000
- - 6001
- - 6002
- swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
- swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
- swift::storage::all::object_pipeline:
- - healthcheck
- - recon
- - object-server
- swift::storage::all::container_pipeline:
- - healthcheck
- - container-server
- swift::storage::all::account_pipeline:
- - healthcheck
- - account-server
- swift::storage::disks: {get_param: SwiftRawDisks}
+ map_merge:
+ - get_attr: [SwiftBase, role_data, config_settings]
+ - swift::storage::all::mount_check: {get_param: SwiftMountCheck}
+ tripleo::profile::base::swift::storage::enable_swift_storage: {get_param: ControllerEnableSwiftStorage}
+ tripleo.swift_storage.firewall_rules:
+ '123 swift storage':
+ dport:
+ - 873
+ - 6000
+ - 6001
+ - 6002
+ swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
+ swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
+ swift::storage::all::object_pipeline:
+ - healthcheck
+ - recon
+ - object-server
+ swift::storage::all::container_pipeline:
+ - healthcheck
+ - container-server
+ swift::storage::all::account_pipeline:
+ - healthcheck
+ - account-server
+ swift::storage::disks: {get_param: SwiftRawDisks}
+ swift::storage::all::storage_local_net_ip: {get_param: [ServiceNetMap, SwiftMgmtNetwork]}
step_config: |
include ::tripleo::profile::base::swift::storage
type: string
constraints:
- custom_constraint: nova.flavor
- HashSuffix:
- description: A random string to be used as a salt when hashing to determine mappings
- in the ring.
- hidden: true
- type: string
SwiftStorageImage:
default: overcloud-full
type: string
default: default
description: Name of an existing Nova key pair to enable SSH access to the instances
type: string
- SnmpdReadonlyUserName:
- default: ro_snmp_user
- description: The user name for SNMPd with readonly rights running on all Overcloud nodes
- type: string
- SnmpdReadonlyUserPassword:
- description: The user password for SNMPd with readonly rights running on all Overcloud nodes
- type: string
- hidden: true
UpdateIdentifier:
default: ''
type: string
mapped_data: {get_param: ExtraConfig}
object:
mapped_data: # data supplied directly to this deployment configuration, etc
- swift::swift_hash_path_suffix: { get_input: swift_hash_suffix }
- swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
- snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
- snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
server: {get_resource: SwiftStorage}
config: {get_resource: SwiftStorageHieraConfig}
input_values:
- local_ip: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
- snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
- swift_hash_suffix: {get_param: HashSuffix}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
Code Review / apex-tripleo-heat-templates.git / commitdiff