ServiceNetMapDefaults:
default:
+ ApacheNetwork: internal_api
NeutronTenantNetwork: tenant
CeilometerApiNetwork: internal_api
AodhApiNetwork: internal_api
# services
OS::TripleO::Services: puppet/services/services.yaml
+ OS::TripleO::Services::Apache: puppet/services/apache.yaml
OS::TripleO::Services::CACerts: puppet/services/ca-certs.yaml
OS::TripleO::Services::CephMon: OS::Heat::None
OS::TripleO::Services::CephOSD: OS::Heat::None
properties:
CloudDomain: {get_param: CloudDomain}
controllerExtraConfig: {get_param: controllerExtraConfig}
- HorizonSecret: {get_resource: HorizonSecret}
PcsdPassword: {get_resource: PcsdPassword}
RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}
RedisVirtualIPUri: {get_attr: [RedisVirtualIP, ip_address_uri]}
type: string
constraints:
- custom_constraint: nova.flavor
- HorizonSecret:
- description: Secret key for Django
- type: string
- hidden: true
controllerImage:
type: string
default: overcloud-full
default: 'REBUILD_PRESERVE_EPHEMERAL'
description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
type: string
- InstanceNameTemplate:
- default: 'instance-%08x'
- description: Template string to be used to generate instance names
- type: string
KeyName:
default: default
description: Name of an existing Nova key pair to enable SSH access to the instances
default: false
description: Whether to manage IPtables rules.
type: boolean
- MemcachedIPv6:
- default: false
- description: Enable IPv6 features in Memcached.
- type: boolean
PurgeFirewallRules:
default: false
description: Whether IPtables rules should be purged before setting up the new ones.
type: boolean
- NeutronMetadataProxySharedSecret:
- description: Shared secret to prevent spoofing
- type: string
- hidden: true
- NeutronPassword:
- description: The password for the neutron service and db account, used by neutron agents.
- type: string
- hidden: true
NeutronPublicInterface:
default: nic1
description: What interface to bridge onto br-ex for network nodes.
type: string
- NovaEnableDBPurge:
- default: true
- description: |
- Whether to create cron job for purging soft deleted rows in Nova database.
- type: boolean
- NovaIPv6:
- default: false
- description: Enable IPv6 features in Nova
- type: boolean
- NovaPassword:
- description: The password for the nova service and db account, used by nova-api.
- type: string
- hidden: true
PcsdPassword:
type: string
description: The password for the 'pcsd' user.
default: {}
description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
type: json
- UpgradeLevelNovaCompute:
- type: string
- description: Nova Compute upgrade level
- default: ''
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
server: {get_resource: Controller}
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
- horizon_secret: {get_param: HorizonSecret}
debug: {get_param: Debug}
- keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
- keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
enable_fencing: {get_param: EnableFencing}
enable_load_balancer: {get_param: EnableLoadBalancer}
manage_firewall: {get_param: ManageFirewall}
purge_firewall_rules: {get_param: PurgeFirewallRules}
- neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
- nova_enable_db_purge: {get_param: NovaEnableDBPurge}
- nova_ipv6: {get_param: NovaIPv6}
corosync_ipv6: {get_param: CorosyncIPv6}
- memcached_ipv6: {get_param: MemcachedIPv6}
- nova_password: {get_param: NovaPassword}
- upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
- instance_name_template: {get_param: InstanceNameTemplate}
fencing_config: {get_param: FencingConfig}
pcsd_password: {get_param: PcsdPassword}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
- neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
- nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
- nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
- horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
- horizon_subnet:
- str_replace:
- template: "['SUBNET']"
- params:
- SUBNET:
- get_attr:
- - NetIpMap
- - net_ip_map
- - str_replace:
- template: "NETWORK_subnet"
- params:
- NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
redis_vip: {get_param: RedisVirtualIP}
ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]}
tripleo::fencing::config: {get_input: fencing_config}
# Neutron
- neutron::bind_host: {get_input: neutron_api_network}
- neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
-
- # Nova
- nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
- nova::use_ipv6: {get_input: nova_ipv6}
- nova::api::api_bind_address: {get_input: nova_api_network}
- nova::api::metadata_listen: {get_input: nova_metadata_network}
- nova::glance_api_servers: {get_input: glance_api_servers}
- nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
- nova::api::instance_name_template: {get_input: instance_name_template}
- nova::vncproxy::host: {get_input: nova_api_network}
- nova_enable_db_purge: {get_input: nova_enable_db_purge}
-
- # Horizon
- apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet}
- apache::ip: {get_input: horizon_network}
- horizon::django_debug: {get_input: debug}
- horizon::secret_key: {get_input: horizon_secret}
- horizon::bind_address: {get_input: horizon_network}
- horizon::keystone_url: {get_input: keystone_auth_uri}
-
# Redis
redis_vip: {get_input: redis_vip}
# Firewall
tripleo::firewall::manage_firewall: {get_input: manage_firewall}
tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
# Misc
- memcached_ipv6: {get_input: memcached_ipv6}
tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
outputs:
role_data:
description: Role data for the Aodh API service.
config_settings:
map_merge:
- get_attr: [AodhBase, role_data, config_settings]
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
- aodh::wsgi::apache::ssl: false
aodh::api::service_name: 'httpd'
tripleo.aodh_api.firewall_rules:
--- /dev/null
+heat_template_version: 2016-10-14
+
+description: >
+ Apache service configured with Puppet. Note this is typically included
+ automatically via other services which run via Apache.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the Apache role.
+ value:
+ service_name: apache
+ config_settings:
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]}
+ apache_remote_proxy_ips_network:
+ str_replace:
+ template: "NETWORK_subnet"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
+ apache::mod::remoteip::proxy_ips:
+ - "%{hiera('apache_remote_proxy_ips_network')}"
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
outputs:
role_data:
description: Role data for the Ceilometer API role.
service_name: ceilometer_api
config_settings:
map_merge:
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
- get_attr: [CeilometerServiceBase, role_data, config_settings]
- tripleo.ceilometer_api.firewall_rules:
'124 ceilometer':
description: Keystone region for endpoint
resources:
+
GnocchiServiceBase:
type: ./gnocchi-base.yaml
properties:
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
outputs:
role_data:
description: Role data for the Gnocchi role.
service_name: gnocchi_api
config_settings:
map_merge:
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
- get_attr: [GnocchiServiceBase, role_data, config_settings]
- tripleo.gnocchi_api.firewall_rules:
'129 gnocchi-api':
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
Horizon service configured with Puppet
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
DefaultPasswords:
default: {}
type: json
default: '*'
description: A list of IP/Hostname allowed to connect to horizon
type: comma_delimited_list
+ HorizonSecret:
+ description: Secret key for Django
+ type: string
+ hidden: true
+ default: ''
NeutronMechanismDrivers:
default: 'openvswitch'
description: |
The mechanism drivers for the Neutron tenant network.
type: comma_delimited_list
+ MemcachedIPv6:
+ default: false
+ description: Enable IPv6 features in Memcached.
+ type: boolean
outputs:
role_data:
add_listen: false
priority: 10
access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ apache::ip: {get_param: [ServiceNetMap, HorizonNetwork]}
+ apache_remote_proxy_ips_network:
+ str_replace:
+ template: "NETWORK_subnet"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
+ apache::mod::remoteip::proxy_ips:
+ - "%{hiera('apache_remote_proxy_ips_network')}"
+ horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]}
+ horizon::django_debug: {get_param: Debug}
+ horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ horizon::secret_key:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: HorizonSecret}
+ - {get_param: [DefaultPasswords, horizon_secret]}
+ memcached_ipv6: {get_param: MemcachedIPv6}
step_config: |
include ::tripleo::profile::base::horizon
type: string
description: Set the number of workers for keystone::wsgi::apache
default: '"%{::processorcount}"'
+
+resources:
+
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
outputs:
role_data:
description: Role data for the Keystone role.
value:
service_name: keystone
config_settings:
- keystone::database_connection:
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - '://keystone:'
- - {get_param: AdminToken}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/keystone'
- keystone::admin_token: {get_param: AdminToken}
- keystone::roles::admin::password: {get_param: AdminPassword}
- keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
- keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
- keystone::enable_proxy_headers_parsing: true
- keystone::debug: {get_param: Debug}
- keystone::db::mysql::password: {get_param: AdminToken}
- keystone::rabbit_userid: {get_param: RabbitUserName}
- keystone::rabbit_password: {get_param: RabbitPassword}
- keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
- keystone::rabbit_port: {get_param: RabbitClientPort}
- keystone::notification_driver: {get_param: KeystoneNotificationDriver}
- keystone::notification_format: {get_param: KeystoneNotificationFormat}
- keystone::roles::admin::email: {get_param: AdminEmail}
- keystone::roles::admin::password: {get_param: AdminPassword}
- keystone::endpoint::public_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
- keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
- keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
- keystone::endpoint::region: {get_param: KeystoneRegion}
- keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
- keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
- keystone::db::mysql::user: keystone
- keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- keystone::db::mysql::dbname: keystone
- keystone::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
- keystone::rabbit_heartbeat_timeout_threshold: 60
- keystone::cron::token_flush::maxdelay: 3600
- keystone::roles::admin::service_tenant: 'service'
- keystone::roles::admin::admin_tenant: 'admin'
- keystone::cron::token_flush::destination: '/dev/null'
- keystone::config::keystone_config:
- ec2/driver:
- value: 'keystone.contrib.ec2.backends.sql.Ec2'
- keystone::service_name: 'httpd'
- keystone::wsgi::apache::ssl: false
-
- keystone::wsgi::apache::workers: {get_param: KeystoneWorkers}
- # override via extraconfig:
- keystone::wsgi::apache::threads: 1
- keystone::db::database_db_max_retries: -1
- keystone::db::database_max_retries: -1
- tripleo.keystone.firewall_rules:
- '111 keystone':
- dport:
- - 5000
- - 13000
- - 35357
- - 13357
- # NOTE: bind IP is found in Heat replacing the network name with the
- # local node IP for the given network; replacement examples
- # (eg. for internal_api):
- # internal_api -> IP
- # internal_api_uri -> [IP]
- # internal_api_subnet - > IP/CIDR
- # NOTE: this applies to all 4 bind IP settings below...
- keystone::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
- keystone::public_bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
- keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
- keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
+ config_settings:
+ map_merge:
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
+ - keystone::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://keystone:'
+ - {get_param: AdminToken}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/keystone'
+ keystone::admin_token: {get_param: AdminToken}
+ keystone::roles::admin::password: {get_param: AdminPassword}
+ keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
+ keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
+ keystone::enable_proxy_headers_parsing: true
+ keystone::debug: {get_param: Debug}
+ keystone::db::mysql::password: {get_param: AdminToken}
+ keystone::rabbit_userid: {get_param: RabbitUserName}
+ keystone::rabbit_password: {get_param: RabbitPassword}
+ keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ keystone::rabbit_port: {get_param: RabbitClientPort}
+ keystone::notification_driver: {get_param: KeystoneNotificationDriver}
+ keystone::notification_format: {get_param: KeystoneNotificationFormat}
+ keystone::roles::admin::email: {get_param: AdminEmail}
+ keystone::roles::admin::password: {get_param: AdminPassword}
+ keystone::endpoint::public_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
+ keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+ keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ keystone::endpoint::region: {get_param: KeystoneRegion}
+ keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
+ keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
+ keystone::db::mysql::user: keystone
+ keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ keystone::db::mysql::dbname: keystone
+ keystone::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
+ keystone::rabbit_heartbeat_timeout_threshold: 60
+ keystone::cron::token_flush::maxdelay: 3600
+ keystone::roles::admin::service_tenant: 'service'
+ keystone::roles::admin::admin_tenant: 'admin'
+ keystone::cron::token_flush::destination: '/dev/null'
+ keystone::config::keystone_config:
+ ec2/driver:
+ value: 'keystone.contrib.ec2.backends.sql.Ec2'
+ keystone::service_name: 'httpd'
+ keystone::wsgi::apache::ssl: false
+
+ keystone::wsgi::apache::workers: {get_param: KeystoneWorkers}
+ # override via extraconfig:
+ keystone::wsgi::apache::threads: 1
+ keystone::db::database_db_max_retries: -1
+ keystone::db::database_max_retries: -1
+ tripleo.keystone.firewall_rules:
+ '111 keystone':
+ dport:
+ - 5000
+ - 13000
+ - 35357
+ - 13357
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ # NOTE: this applies to all 4 bind IP settings below...
+ keystone::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
+ keystone::public_bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
+ keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
+ keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
step_config: |
include ::tripleo::profile::base::keystone
'106 vrrp':
proto: vrrp
neutron::server::router_distributed: {get_param: NeutronEnableDVR}
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]}
step_config: |
include tripleo::profile::base::neutron::server
neutron::agents::metadata::auth_password: {get_param: NeutronPassword}
neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
neutron::agents::metadata::auth_tenant: 'service'
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ neutron::agents::metadata::metadata_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]}
step_config: |
include tripleo::profile::base::neutron::metadata
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ NeutronMetadataProxySharedSecret:
+ description: Shared secret to prevent spoofing
+ type: string
+ hidden: true
+ InstanceNameTemplate:
+ default: 'instance-%08x'
+ description: Template string to be used to generate instance names
+ type: string
+ NovaEnableDBPurge:
+ default: true
+ description: |
+ Whether to create cron job for purging soft deleted rows in Nova database.
+ type: boolean
resources:
NovaBase:
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
nova::keystone::auth::password: {get_param: NovaPassword}
nova::keystone::auth::region: {get_param: KeystoneRegion}
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ nova::api::api_bind_address: {get_param: [ServiceNetMap, NovaApiNetwork]}
+ nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
+ nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
+ nova::api::instance_name_template: {get_param: InstanceNameTemplate}
+ nova_enable_db_purge: {get_param: NovaEnableDBPurge}
+
step_config: |
include tripleo::profile::base::nova::api
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/nova_api'
- nova::db::mysql::password: {get_input: nova_password}
+ nova::db::mysql::password: {get_param: NovaPassword}
nova::db::mysql::user: nova
nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
nova::db::mysql::dbname: nova
nova::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
- nova::db::mysql_api::password: {get_input: nova_password}
+ nova::db::mysql_api::password: {get_param: NovaPassword}
nova::db::mysql_api::user: nova_api
nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
nova::db::mysql_api::dbname: nova_api
'[': ''
']': ''
nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ nova::vncproxy::host: {get_param: [ServiceNetMap, NovaApiNetwork]}
step_config: |
include tripleo::profile::base::nova::vncproxy
Code Review / apex-tripleo-heat-templates.git / commitdiff