--- /dev/null
+# A Heat environment file which can be used to enable
+# Barbican with the default secret store backend.
+resource_registry:
+ OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
+ BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
+ BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
+ BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
+ BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
+ BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
+ BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'}
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'}
net_param: AodhApi
port: 8042
+Barbican:
+ Internal:
+ net_param: BarbicanApi
+ Public:
+ net_param: Public
+ Admin:
+ net_param: BarbicanApi
+ port: 9311
+
Ceilometer:
Internal:
net_param: CeilometerApi
AodhAdmin: {protocol: http, port: '8042', host: IP_ADDRESS}
AodhInternal: {protocol: http, port: '8042', host: IP_ADDRESS}
AodhPublic: {protocol: http, port: '8042', host: IP_ADDRESS}
+ BarbicanAdmin: {protocol: http, port: '9311', host: IP_ADDRESS}
+ BarbicanInternal: {protocol: http, port: '9311', host: IP_ADDRESS}
+ BarbicanPublic: {protocol: http, port: '9311', host: IP_ADDRESS}
CeilometerAdmin: {protocol: http, port: '8777', host: IP_ADDRESS}
CeilometerInternal: {protocol: http, port: '8777', host: IP_ADDRESS}
CeilometerPublic: {protocol: http, port: '8777', host: IP_ADDRESS}
template: NETWORK_uri
- ':'
- get_param: [EndpointMap, AodhPublic, port]
+ BarbicanAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, BarbicanAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, BarbicanApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, BarbicanApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, BarbicanAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, BarbicanApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, BarbicanApiNetwork]
+ port:
+ get_param: [EndpointMap, BarbicanAdmin, port]
+ protocol:
+ get_param: [EndpointMap, BarbicanAdmin, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, BarbicanAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, BarbicanAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, BarbicanApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, BarbicanApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, BarbicanAdmin, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, BarbicanAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, BarbicanAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, BarbicanApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, BarbicanApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, BarbicanAdmin, port]
+ BarbicanInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, BarbicanInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, BarbicanApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, BarbicanApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, BarbicanInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, BarbicanApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, BarbicanApiNetwork]
+ port:
+ get_param: [EndpointMap, BarbicanInternal, port]
+ protocol:
+ get_param: [EndpointMap, BarbicanInternal, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, BarbicanInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, BarbicanInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, BarbicanApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, BarbicanApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, BarbicanInternal, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, BarbicanInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, BarbicanInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, BarbicanApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, BarbicanApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, BarbicanInternal, port]
+ BarbicanPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, BarbicanPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, BarbicanPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, BarbicanPublic, port]
+ protocol:
+ get_param: [EndpointMap, BarbicanPublic, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, BarbicanPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, BarbicanPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, BarbicanPublic, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, BarbicanPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, BarbicanPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, BarbicanPublic, port]
CeilometerAdmin:
host:
str_replace:
NeutronTenantNetwork: tenant
CeilometerApiNetwork: internal_api
AodhApiNetwork: internal_api
+ BarbicanApiNetwork: internal_api
GnocchiApiNetwork: internal_api
MongodbNetwork: internal_api
CinderApiNetwork: internal_api
OS::Tripleo::Services::ManilaBackendCephFs: OS::Heat::None
OS::TripleO::Services::ComputeNeutronL3Agent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronMetadataAgent: OS::Heat::None
+ OS::TripleO::Services::BarbicanApi: OS::Heat::None
OS::TripleO::Services::AodhApi: puppet/services/aodh-api.yaml
OS::TripleO::Services::AodhEvaluator: puppet/services/aodh-evaluator.yaml
OS::TripleO::Services::AodhNotifier: puppet/services/aodh-notifier.yaml
AodhInternalVip:
description: VIP for Aodh API internal endpoint
value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, AodhApiNetwork]}]}
+ BarbicanInternalVip:
+ description: VIP for Barbican API internal endpoint
+ value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, BarbicanApiNetwork]}]}
CeilometerInternalVip:
description: VIP for Ceilometer API internal endpoint
value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CeilometerApiNetwork]}]}
--- /dev/null
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Barbican API service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ BarbicanPassword:
+ description: The password for the barbican service account.
+ type: string
+ hidden: true
+ BarbicanWorkers:
+ description: Set the number of workers for barbican::wsgi::apache
+ default: '"%{::processorcount}"'
+ type: string
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+
+resources:
+
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Barbican API role.
+ value:
+ service_name: barbican_api
+ config_settings:
+ map_merge:
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
+ - barbican::keystone::authtoken::password: {get_param: BarbicanPassword}
+ barbican::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ barbican::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ barbican::keystone::authtoken::project_name: 'service'
+ barbican::api::host_href: {get_param: [EndpointMap, BarbicanPublic, uri]}
+ barbican::api::db_auto_create: false
+ barbican::api::enabled_certificate_plugins: ['simple_certificate']
+ barbican::api::logging::debug: {get_param: Debug}
+ barbican::api::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ barbican::api::rabbit_userid: {get_param: RabbitUserName}
+ barbican::api::rabbit_password: {get_param: RabbitPassword}
+ barbican::api::rabbit_port: {get_param: RabbitClientPort}
+ barbican::api::rabbit_heartbeat_timeout_threshold: 60
+ barbican::api::service_name: 'httpd'
+ barbican::wsgi::apache::bind_host: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
+ barbican::wsgi::apache::ssl: false
+ barbican::wsgi::apache::workers: {get_param: BarbicanWorkers}
+ barbican::wsgi::apache::servername:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
+ barbican::db::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://barbican:'
+ - {get_param: BarbicanPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/barbican'
+ tripleo.barbican_api.firewall_rules:
+ '117 barbican':
+ dport:
+ - 9311
+ - 13311
+ step_config: |
+ include ::tripleo::profile::base::barbican::api
+ service_config_settings:
+ mysql:
+ barbican::db::mysql::password: {get_param: BarbicanPassword}
+ barbican::db::mysql::user: barbican
+ barbican::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ barbican::db::mysql::dbname: barbican
+ barbican::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
+ keystone:
+ barbican::keystone::auth::public_url: {get_param: [EndpointMap, BarbicanPublic, uri]}
+ barbican::keystone::auth::internal_url: {get_param: [EndpointMap, BarbicanInternal, uri]}
+ barbican::keystone::auth::admin_url: {get_param: [EndpointMap, BarbicanAdmin, uri]}
+ barbican::keystone::auth::password: {get_param: BarbicanPassword}
+ barbican::keystone::auth::region: {get_param: KeystoneRegion}
+ barbican::keystone::auth::tenant: 'service'
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::VipHosts
+ - OS::TripleO::Services::BarbicanApi
- name: Compute
CountDefault: 1
Code Review / apex-tripleo-heat-templates.git / commitdiff