Code Review / apex-tripleo-heat-templates.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Change flat network name for nosdn fdio scenario
[apex-tripleo-heat-templates.git] / puppet / services / swift-proxy.yaml
1 heat_template_version: pike
2
3 description: >
4   OpenStack Swift Proxy service configured with Puppet
5
6 parameters:
7   ServiceData:
8     default: {}
9     description: Dictionary packing service data
10     type: json
11   ServiceNetMap:
12     default: {}
13     description: Mapping of service_name -> network name. Typically set
14                  via parameter_defaults in the resource registry.  This
15                  mapping overrides those in ServiceNetMapDefaults.
16     type: json
17   DefaultPasswords:
18     default: {}
19     type: json
20   RoleName:
21     default: ''
22     description: Role name on which the service is applied
23     type: string
24   RoleParameters:
25     default: {}
26     description: Parameters specific to the role
27     type: json
28   EndpointMap:
29     default: {}
30     description: Mapping of service endpoint -> protocol. Typically set
31                  via parameter_defaults in the resource registry.
32     type: json
33   Debug:
34     default: ''
35     description: Set to True to enable debugging on all services.
36     type: string
37   SwiftPassword:
38     description: The password for the swift service account
39     type: string
40     hidden: true
41   SwiftProxyNodeTimeout:
42     default: 60
43     description: Timeout for requests going from swift-proxy to swift a/c/o services.
44     type: number
45   SwiftWorkers:
46     default: auto
47     description: Number of workers for Swift service.
48     type: string
49   KeystoneRegion:
50     type: string
51     default: 'regionOne'
52     description: Keystone region for endpoint
53   MonitoringSubscriptionSwiftProxy:
54     default: 'overcloud-swift-proxy'
55     type: string
56   RabbitPassword:
57     description: The password for RabbitMQ
58     type: string
59     hidden: true
60   RabbitUserName:
61     default: guest
62     description: The username for RabbitMQ
63     type: string
64   SwiftCeilometerPipelineEnabled:
65     description: Set to False to disable the swift proxy ceilometer pipeline.
66     default: false
67     type: boolean
68   SwiftCeilometerIgnoreProjects:
69     default: ['service']
70     description: Comma-seperated list of project names to ignore.
71     type: comma_delimited_list
72   RabbitClientPort:
73     default: 5672
74     description: Set rabbit subscriber port, change this if using SSL
75     type: number
76   RabbitClientUseSSL:
77     default: false
78     description: >
79         Rabbit client subscriber parameter to specify
80         an SSL connection to the RabbitMQ host.
81     type: string
82   EnableInternalTLS:
83     type: boolean
84     default: false
85
86 conditions:
87
88   ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, true]}
89   use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
90
91 resources:
92   SwiftBase:
93     type: ./swift-base.yaml
94     properties:
95       ServiceData: {get_param: ServiceData}
96       ServiceNetMap: {get_param: ServiceNetMap}
97       DefaultPasswords: {get_param: DefaultPasswords}
98       EndpointMap: {get_param: EndpointMap}
99       RoleName: {get_param: RoleName}
100       RoleParameters: {get_param: RoleParameters}
101
102   TLSProxyBase:
103     type: OS::TripleO::Services::TLSProxyBase
104     properties:
105       ServiceData: {get_param: ServiceData}
106       ServiceNetMap: {get_param: ServiceNetMap}
107       DefaultPasswords: {get_param: DefaultPasswords}
108       EndpointMap: {get_param: EndpointMap}
109       EnableInternalTLS: {get_param: EnableInternalTLS}
110
111 outputs:
112   role_data:
113     description: Role data for the Swift proxy service.
114     value:
115       service_name: swift_proxy
116       monitoring_subscription: {get_param: MonitoringSubscriptionSwiftProxy}
117       config_settings:
118         map_merge:
119           - get_attr: [SwiftBase, role_data, config_settings]
120           - get_attr: [TLSProxyBase, role_data, config_settings]
121           - swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
122             swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
123             swift::proxy::authtoken::password: {get_param: SwiftPassword}
124             swift::proxy::authtoken::project_name: 'service'
125             swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
126             swift::proxy::workers: {get_param: SwiftWorkers}
127           -
128             if:
129             - ceilometer_pipeline_enabled
130             -
131               swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName}
132               swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword}
133               swift::proxy::ceilometer::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
134               swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
135               swift::proxy::ceilometer::password: {get_param: SwiftPassword}
136               swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects}
137               swift::proxy::ceilometer::nonblocking_notify: true
138               swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
139             - {}
140           - swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]}
141             tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort}
142             tripleo::profile::base::swift::proxy::ceilometer_messaging_use_ssl: {get_param: RabbitClientUseSSL}
143             tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled}
144             tripleo.swift_proxy.firewall_rules:
145               '122 swift proxy':
146                 dport:
147                   - 8080
148                   - 13808
149             swift::proxy::keystone::operator_roles:
150               - admin
151               - swiftoperator
152               - ResellerAdmin
153             swift::proxy::versioned_writes::allow_versioned_writes: true
154             swift::proxy::pipeline:
155               yaql:
156                 expression: $.data.pipeline.where($ != '')
157                 data:
158                   pipeline:
159                   - 'catch_errors'
160                   - 'healthcheck'
161                   - 'proxy-logging'
162                   - 'cache'
163                   - 'ratelimit'
164                   - 'bulk'
165                   - 'tempurl'
166                   - 'formpost'
167                   - 'authtoken'
168                   - 'keystone'
169                   - 'staticweb'
170                   - 'copy'
171                   - 'container_quotas'
172                   - 'account_quotas'
173                   - 'slo'
174                   - 'dlo'
175                   - 'versioned_writes'
176                   -
177                     if:
178                     - ceilometer_pipeline_enabled
179                     - 'ceilometer'
180                     - ''
181                   - 'proxy-logging'
182                   - 'proxy-server'
183             swift::proxy::account_autocreate: true
184             # NOTE: bind IP is found in Heat replacing the network name with the
185             # local node IP for the given network; replacement examples
186             # (eg. for internal_api):
187             # internal_api -> IP
188             # internal_api_uri -> [IP]
189             # internal_api_subnet - > IP/CIDR
190             tripleo::profile::base::swift::proxy::tls_proxy_bind_ip:
191               get_param: [ServiceNetMap, SwiftProxyNetwork]
192             tripleo::profile::base::swift::proxy::tls_proxy_fqdn:
193               str_replace:
194                 template:
195                   "%{hiera('fqdn_$NETWORK')}"
196                 params:
197                   $NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
198             tripleo::profile::base::swift::proxy::tls_proxy_port:
199               get_param: [EndpointMap, SwiftInternal, port]
200             swift::proxy::port: {get_param: [EndpointMap, SwiftInternal, port]}
201             swift::proxy::proxy_local_net_ip:
202               if:
203               - use_tls_proxy
204               - 'localhost'
205               - {get_param: [ServiceNetMap, SwiftProxyNetwork]}
206       step_config: |
207         include ::tripleo::profile::base::swift::proxy
208       service_config_settings:
209         keystone:
210           swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
211           swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
212           swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
213           swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
214           swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
215           swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
216           swift::keystone::auth::password: {get_param: SwiftPassword}
217           swift::keystone::auth::region: {get_param: KeystoneRegion}
218           swift::keystone::auth::tenant: 'service'
219           swift::keystone::auth::configure_s3_endpoint: false
220           swift::keystone::auth::operator_roles:
221             - admin
222             - swiftoperator
223             - ResellerAdmin
224       upgrade_tasks:
225         - name: Stop swift_proxy service
226           tags: step1
227           service: name=openstack-swift-proxy state=stopped
228       metadata_settings:
229         get_attr: [TLSProxyBase, role_data, metadata_settings]