salt -I 'nova:compute' state.sls nova
+salt -I 'barbican:server' state.sls barbican -b 1
+salt -I 'barbican:client' state.sls barbican
+
salt -I 'redis:cluster:role:master' state.sls redis
salt -I 'redis:server' state.sls redis
salt -I 'gnocchi:server' state.sls gnocchi -b 1
salt -I 'nova:compute' state.sls nova
+salt -I 'barbican:server' state.sls barbican
+salt -I 'barbican:client' state.sls barbican
+
salt -I 'redis:server' state.sls redis
salt -I 'gnocchi:server' state.sls gnocchi
salt -I 'panko:server' state.sls panko
- system.cinder.volume.backend.lvm
- system.ceilometer.agent.cluster
- system.ceilometer.agent.polling.default
+ - service.barbican.client.cluster
- cluster.mcp-common-ha.openstack_compute_pdf
- cluster.mcp-common-ha.include.maas_proxy
- cluster.mcp-common-ha.include.lab_proxy_pdf
volume_group: ${linux:storage:lvm:cinder-vg:name}
database:
connection_recycle_time: ${_param:db_connection_recycle_time}
+ barbican:
+ enabled: ${_param:barbican_integration_enabled}
linux:
storage:
lvm:
compute:
disk_cachemodes: file=directsync,block=none
preallocate_images: space
+ barbican:
+ enabled: ${_param:barbican_integration_enabled}
- system.heat.server.cluster
- system.designate.server.cluster
- system.designate.server.backend.bind
+ - system.barbican.server.cluster
+ - system.apache.server.site.barbican
+ - service.barbican.server.plugin.simple_crypto
- system.bind.server.single
- system.haproxy.proxy.listen.openstack.placement
- system.glusterfs.client.cluster
controller: &db_conn_recycle_time
database:
connection_recycle_time: ${_param:db_connection_recycle_time}
+ barbican:
+ enabled: ${_param:barbican_integration_enabled}
cinder:
controller:
<<: *db_conn_recycle_time
neutron_api:
# Set source balancing
type: heat
+ barbican:
+ server:
+ ks_notifications_enable: true
+ store:
+ software:
+ crypto_plugin: simple_crypto
+ store_plugin: store_crypto
+ global_default: true
+ database:
+ connection_recycle_time: ${_param:db_connection_recycle_time}
+ host: ${_param:openstack_database_address}
bind:
server:
control:
- system.keystone.client.service.designate
- system.keystone.client.service.gnocchi
- system.keystone.client.service.panko
+ - system.keystone.client.service.barbican
- system.keystone.client.v3.service.keystone
parameters:
keystone:
- system.galera.server.database.nova
- system.galera.server.database.neutron
- system.galera.server.database.panko
+ - system.galera.server.database.barbican
parameters:
_param:
keepalived_vip_interface: ${_param:single_nic}
keystone_neutron_password: opnfv_secret
keystone_nova_password: opnfv_secret
keystone_designate_password: opnfv_secret
+
+ barbican_version: ${_param:openstack_version}
+ barbican_service_host: ${_param:openstack_control_address}
+ mysql_barbican_password: opnfv_secret
+ keystone_barbican_password: opnfv_secret
+ barbican_simple_crypto_kek: "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY="
+ barbican_integration_enabled: false
+
ceilometer_secret_key: opnfv_secret
horizon_version: ${_param:openstack_version}
horizon_secret_key: opaesee8Que2yahJoh9fo0eefo1Aeyo6ahyei8zeiboh3aeth5loth7ieNa5xi5e
host: ${_param:cluster_node01_address}
port: 8042
params: ${_param:haproxy_check}
+ barbican_api:
+ type: openstack-service
+ service_name: barbican
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 9311
+ servers:
+ - name: ctl01
+ host: ${_param:cluster_node01_address}
+ port: 9311
+ params: ${_param:haproxy_check}
+ barbican_admin_api:
+ type: openstack-service
+ service_name: barbican
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 9312
+ servers:
+ - name: ctl01
+ host: ${_param:cluster_node01_address}
+ port: 9312
+ params: ${_param:haproxy_check}
- system.ceilometer.client.cinder_volume
- system.ceilometer.agent.polling.default
- system.linux.system.repo.mcp.openstack
+ - service.barbican.client.single
- cluster.mcp-common-noha.openstack_compute_pdf
parameters:
_param:
user: neutron
tenant: service
password: ${_param:keystone_neutron_password}
+ barbican:
+ enabled: ${_param:barbican_integration_enabled}
neutron:
compute:
notification: true
host: ${_param:cluster_local_address}
message_queue:
host: ${_param:cluster_local_address}
+ barbican:
+ enabled: ${_param:barbican_integration_enabled}
nfs:
client:
mount:
- system.keystone.client.service.aodh
- system.keystone.client.service.gnocchi
- system.keystone.client.service.panko
+ - system.keystone.client.service.barbican
- system.glance.control.single
- system.nova.control.single
- system.cinder.control.single
- system.galera.server.database.aodh
- system.galera.server.database.gnocchi
- system.galera.server.database.panko
+ - system.galera.server.database.barbican
+ - system.barbican.server.single
+ - service.barbican.server.plugin.simple_crypto
- service.redis.server.single
- service.ceilometer.server.single
- system.ceilometer.server.coordination.redis
- service.panko.server.single
- system.apache.server.site.gnocchi
- system.apache.server.site.panko
+ - system.apache.server.site.barbican
- system.horizon.server.single
- service.haproxy.proxy.single
- cluster.mcp-common-noha.haproxy_openstack_api
engine: file
images: []
workers: 1
+ barbican:
+ enabled: ${_param:barbican_integration_enabled}
+ cinder:
+ controller:
+ barbican:
+ enabled: ${_param:barbican_integration_enabled}
nova:
controller:
networking: dvr
novncproxy_port: 6080
vncproxy_url: http://${_param:cluster_vip_address}:6080
workers: 1
+ barbican:
+ enabled: ${_param:barbican_integration_enabled}
horizon:
server:
# yamllint disable-line rule:truthy
apache:
server:
site:
- gnocchi:
+ gnocchi: &wsgi_threads
wsgi:
threads: 1
+ barbican:
+ <<: *wsgi_threads
+ barbican_admin:
+ <<: *wsgi_threads
+ barbican:
+ server:
+ ks_notifications_enable: true
+ store:
+ software:
+ crypto_plugin: simple_crypto
+ store_plugin: store_crypto
+ global_default: true
horizon_identity_host: ${_param:cluster_vip_address}
horizon_identity_encryption: none
horizon_identity_version: 3
+
+ barbican_version: ${_param:openstack_version}
+ barbican_service_host: ${_param:cluster_local_address}
+ apache_barbican_api_address: ${_param:single_address}
+ mysql_barbican_password: opnfv_secret
+ keystone_barbican_password: opnfv_secret
+ barbican_simple_crypto_kek: "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY="
+ barbican_integration_enabled: false
+
aodh_version: ${_param:openstack_version}
keystone_aodh_password: opnfv_secret
aodh_service_host: ${_param:cluster_local_address}
Code Review / fuel.git / commitdiff