summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Prince <dprince@redhat.com>2016-09-15 09:19:15 +0200
committerDan Prince <dprince@redhat.com>2016-09-23 07:43:21 -0400
commit9d67d7b3b11b688be0b40fc2fcfb1daf5b5157df (patch)
tree528b9bc390e8b4997eeaa8f0f32f027791851387
parentf9d6db86edd89efe59fe0db9564ebfae05954788 (diff)
Move keystone::auth into service_config_settings
This patch moves the keystone::auth settings for all services into the new service_config_settings section. This is important because we execute the keystone commands via puppet only on the role containing the keystone service and without these settings it will fail. Note that yaql merging/filtering is used here to ensure that service_config_settings is optional in service templates, and also that we'll only deploy hieradata for a given service on a node running the service (the key in the service_config_settings map must match the service_name in the service template for this to work). e.g the following will result in only deploying keystone: 123 in hiera on the role running the "keystone" service, regardless of which service template defines it. service_config_settings: keystone: keystone: 123 Co-Authored-By: Steven Hardy <shardy@redhat.com> Change-Id: I0c2fce037a1a38772f998d582a816b4b703f8265 Closes-bug: 1620829
-rw-r--r--overcloud.j2.yaml15
-rw-r--r--puppet/services/aodh-api.yaml2
-rw-r--r--puppet/services/aodh-base.yaml14
-rw-r--r--puppet/services/ceilometer-api.yaml2
-rw-r--r--puppet/services/ceilometer-base.yaml14
-rw-r--r--puppet/services/ceph-rgw.yaml14
-rw-r--r--puppet/services/cinder-api.yaml27
-rw-r--r--puppet/services/glance-api.yaml14
-rw-r--r--puppet/services/gnocchi-api.yaml14
-rw-r--r--puppet/services/heat-api-cfn.yaml14
-rw-r--r--puppet/services/heat-api.yaml14
-rw-r--r--puppet/services/ironic-api.yaml14
-rw-r--r--puppet/services/manila-api.yaml19
-rw-r--r--puppet/services/neutron-api.yaml14
-rw-r--r--puppet/services/nova-api.yaml14
-rw-r--r--puppet/services/sahara-api.yaml13
-rw-r--r--puppet/services/sahara-base.yaml1
-rw-r--r--puppet/services/services.yaml4
-rw-r--r--puppet/services/swift-proxy.yaml30
19 files changed, 152 insertions, 101 deletions
diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml
index aad1af62..5c75a66f 100644
--- a/overcloud.j2.yaml
+++ b/overcloud.j2.yaml
@@ -261,6 +261,21 @@ resources:
{% for r in roles %}
- get_attr: [{{r.name}}ServiceChain, role_data, global_config_settings]
{% endfor %}
+ # This next step combines two yaql passes:
+ # - The inner one does a deep merge on the service_config_settings for all roles
+ # - The outer one filters the map based on the services enabled for the role
+ # then merges the result into one map.
+ - yaql:
+ expression: let(root => $) -> $.data.map.items().where($[0] in $root.data.services).select($[1]).reduce($1.mergeWith($2), {})
+ data:
+ map:
+ yaql:
+ expression: $.data.where($ != null).reduce($1.mergeWith($2), {})
+ data:
+ {% for r in roles %}
+ - get_attr: [{{r.name}}ServiceChain, role_data, service_config_settings]
+ {% endfor %}
+ services: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]}
ServiceNames: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]}
MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChain, role_data, monitoring_subscriptions]}
LoggingSources: {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]}
diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml
index 15e93863..d3d9b5ad 100644
--- a/puppet/services/aodh-api.yaml
+++ b/puppet/services/aodh-api.yaml
@@ -74,5 +74,7 @@ outputs:
aodh::api::host: {get_param: [ServiceNetMap, AodhApiNetwork]}
aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]}
tripleo::profile::base::aodh::api::enable_combination_alarms: {get_param: EnableCombinationAlarms}
+ service_config_settings:
+ get_attr: [AodhBase, role_data, service_config_settings]
step_config: |
include tripleo::profile::base::aodh::api
diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml
index 187345ad..5314b837 100644
--- a/puppet/services/aodh-base.yaml
+++ b/puppet/services/aodh-base.yaml
@@ -87,12 +87,6 @@ outputs:
aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
aodh::auth::auth_password: {get_param: AodhPassword}
- aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]}
- aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]}
- aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]}
- aodh::keystone::auth::password: {get_param: AodhPassword}
- aodh::keystone::auth::region: {get_param: KeystoneRegion}
- aodh::keystone::auth::tenant: 'service'
aodh::db::mysql::user: aodh
aodh::db::mysql::password: {get_param: AodhPassword}
aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
@@ -102,3 +96,11 @@ outputs:
- "%{hiera('mysql_bind_host')}"
aodh::auth::auth_region: 'regionOne'
aodh::auth::auth_tenant_name: 'service'
+ service_config_settings:
+ keystone:
+ aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]}
+ aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]}
+ aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]}
+ aodh::keystone::auth::password: {get_param: AodhPassword}
+ aodh::keystone::auth::region: {get_param: KeystoneRegion}
+ aodh::keystone::auth::tenant: 'service'
diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml
index c8f679c2..50431e3d 100644
--- a/puppet/services/ceilometer-api.yaml
+++ b/puppet/services/ceilometer-api.yaml
@@ -77,5 +77,7 @@ outputs:
'"%{::fqdn_$NETWORK}"'
params:
$NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
+ service_config_settings:
+ get_attr: [CeilometerServiceBase, role_data, service_config_settings]
step_config: |
include ::tripleo::profile::base::ceilometer::api
diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml
index 62fdd5c1..25fccd9e 100644
--- a/puppet/services/ceilometer-base.yaml
+++ b/puppet/services/ceilometer-base.yaml
@@ -107,12 +107,6 @@ outputs:
ceilometer::dispatcher::gnocchi::filter_project: 'service'
ceilometer::dispatcher::gnocchi::archive_policy: 'low'
ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
- ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
- ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
- ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
- ceilometer::keystone::auth::password: {get_param: CeilometerPassword}
- ceilometer::keystone::auth::region: {get_param: KeystoneRegion}
- ceilometer::keystone::auth::tenant: 'service'
ceilometer::rabbit_userid: {get_param: RabbitUserName}
ceilometer::rabbit_password: {get_param: RabbitPassword}
ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
@@ -127,3 +121,11 @@ outputs:
ceilometer::db::database_db_max_retries: -1
ceilometer::db::database_max_retries: -1
ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret}
+ service_config_settings:
+ keystone:
+ ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
+ ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
+ ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
+ ceilometer::keystone::auth::password: {get_param: CeilometerPassword}
+ ceilometer::keystone::auth::region: {get_param: KeystoneRegion}
+ ceilometer::keystone::auth::tenant: 'service'
diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml
index 6bb4f6d1..18a4b780 100644
--- a/puppet/services/ceph-rgw.yaml
+++ b/puppet/services/ceph-rgw.yaml
@@ -67,11 +67,13 @@ outputs:
tripleo.ceph_rgw.firewall_rules:
'122 ceph rgw':
dport: {get_param: [EndpointMap, CephRgwInternal, port]}
- ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]}
- ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
- ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
- ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
- ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
- ceph::rgw::keystone::auth::tenant: 'service'
step_config: |
include ::tripleo::profile::base::ceph::rgw
+ service_config_settings:
+ keystone:
+ ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]}
+ ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
+ ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
+ ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
+ ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
+ ceph::rgw::keystone::auth::tenant: 'service'
diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml
index 1dae9f15..875a3aa1 100644
--- a/puppet/services/cinder-api.yaml
+++ b/puppet/services/cinder-api.yaml
@@ -65,19 +65,8 @@ outputs:
cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
cinder::keystone::authtoken::password: {get_param: CinderPassword}
cinder::keystone::authtoken::project_name: 'service'
- cinder::keystone::auth::tenant: 'service'
- cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]}
- cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
- cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
- cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
- cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
- cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
- cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]}
- cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]}
- cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]}
- cinder::keystone::auth::password: {get_param: CinderPassword}
- cinder::keystone::auth::region: {get_param: KeystoneRegion}
cinder::api::enable_proxy_headers_parsing: true
+
cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL'
# TODO(emilien) move it to puppet-cinder
cinder::config:
@@ -98,3 +87,17 @@ outputs:
cinder::api::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
step_config: |
include ::tripleo::profile::base::cinder::api
+ service_config_settings:
+ keystone:
+ cinder::keystone::auth::tenant: 'service'
+ cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]}
+ cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
+ cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
+ cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
+ cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
+ cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
+ cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]}
+ cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]}
+ cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]}
+ cinder::keystone::auth::password: {get_param: CinderPassword}
+ cinder::keystone::auth::region: {get_param: KeystoneRegion}
diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml
index 51f19baf..c399bf4e 100644
--- a/puppet/services/glance-api.yaml
+++ b/puppet/services/glance-api.yaml
@@ -135,11 +135,6 @@ outputs:
glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
- glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
- glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
- glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
- glance::keystone::auth::password: {get_param: GlancePassword }
- glance::keystone::auth::region: {get_param: KeystoneRegion}
glance::registry::db::database_db_max_retries: -1
glance::registry::db::database_max_retries: -1
tripleo.glance_api.firewall_rules:
@@ -147,7 +142,6 @@ outputs:
dport:
- 9292
- 13292
- glance::keystone::auth::tenant: 'service'
glance::api::authtoken::project_name: 'service'
glance::api::pipeline: 'keystone'
glance::api::show_image_direct_url: true
@@ -160,3 +154,11 @@ outputs:
glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]}
step_config: |
include ::tripleo::profile::base::glance::api
+ service_config_settings:
+ keystone:
+ glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
+ glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
+ glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
+ glance::keystone::auth::password: {get_param: GlancePassword }
+ glance::keystone::auth::region: {get_param: KeystoneRegion}
+ glance::keystone::auth::tenant: 'service'
diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml
index 07d3b01e..481a44cb 100644
--- a/puppet/services/gnocchi-api.yaml
+++ b/puppet/services/gnocchi-api.yaml
@@ -78,12 +78,6 @@ outputs:
- 13041
gnocchi::api::enabled: true
gnocchi::api::service_name: 'httpd'
- gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
- gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
- gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
- gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
- gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
- gnocchi::keystone::auth::tenant: 'service'
gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword}
@@ -110,3 +104,11 @@ outputs:
gnocchi::storage::swift::swift_authurl: {get_param: [EndpointMap, KeystoneInternal, uri]}
step_config: |
include ::tripleo::profile::base::gnocchi::api
+ service_config_settings:
+ keystone:
+ gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
+ gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
+ gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
+ gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
+ gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
+ gnocchi::keystone::auth::tenant: 'service'
diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml
index 4e9c45e6..a47fec5a 100644
--- a/puppet/services/heat-api-cfn.yaml
+++ b/puppet/services/heat-api-cfn.yaml
@@ -60,12 +60,6 @@ outputs:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- heat::api_cfn::workers: {get_param: HeatWorkers}
- heat::keystone::auth_cfn::tenant: 'service'
- heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]}
- heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]}
- heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
- heat::keystone::auth_cfn::password: {get_param: HeatPassword}
- heat::keystone::auth::region: {get_param: KeystoneRegion}
tripleo.heat_api_cfn.firewall_rules:
'125 heat_cfn':
dport:
@@ -80,3 +74,11 @@ outputs:
heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
step_config: |
include ::tripleo::profile::base::heat::api_cfn
+ service_config_settings:
+ keystone:
+ heat::keystone::auth_cfn::tenant: 'service'
+ heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]}
+ heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]}
+ heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
+ heat::keystone::auth_cfn::password: {get_param: HeatPassword}
+ heat::keystone::auth::region: {get_param: KeystoneRegion}
diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml
index edaff77a..2ea96fc0 100644
--- a/puppet/services/heat-api.yaml
+++ b/puppet/services/heat-api.yaml
@@ -60,12 +60,6 @@ outputs:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- heat::api::workers: {get_param: HeatWorkers}
- heat::keystone::auth::tenant: 'service'
- heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]}
- heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]}
- heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
- heat::keystone::auth::password: {get_param: HeatPassword}
- heat::keystone::auth::region: {get_param: KeystoneRegion}
tripleo.heat_api.firewall_rules:
'125 heat_api':
dport:
@@ -80,3 +74,11 @@ outputs:
heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
step_config: |
include ::tripleo::profile::base::heat::api
+ service_config_settings:
+ keystone:
+ heat::keystone::auth::tenant: 'service'
+ heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]}
+ heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]}
+ heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
+ heat::keystone::auth::password: {get_param: HeatPassword}
+ heat::keystone::auth::region: {get_param: KeystoneRegion}
diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml
index 5c3f370e..19e54f5b 100644
--- a/puppet/services/ironic-api.yaml
+++ b/puppet/services/ironic-api.yaml
@@ -58,12 +58,6 @@ outputs:
ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
# This is used to build links in responses
ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
- ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
- ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
- ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
- ironic::keystone::auth::auth_name: 'ironic'
- ironic::keystone::auth::password: {get_param: IronicPassword }
- ironic::keystone::auth::tenant: 'service'
tripleo.ironic_api.firewall_rules:
'133 ironic api':
dport:
@@ -71,3 +65,11 @@ outputs:
- 13385
step_config: |
include ::tripleo::profile::base::ironic::api
+ service_config_settings:
+ keystone:
+ ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
+ ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
+ ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
+ ironic::keystone::auth::auth_name: 'ironic'
+ ironic::keystone::auth::password: {get_param: IronicPassword }
+ ironic::keystone::auth::tenant: 'service'
diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml
index 1513ab31..531b4b0b 100644
--- a/puppet/services/manila-api.yaml
+++ b/puppet/services/manila-api.yaml
@@ -51,14 +51,6 @@ outputs:
manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
manila::keystone::authtoken::project_name: 'service'
- manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]}
- manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]}
- manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]}
- manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]}
- manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]}
- manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]}
- manila::keystone::auth::password: {get_param: ManilaPassword }
- manila::keystone::auth::region: {get_param: KeystoneRegion }
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
@@ -69,4 +61,13 @@ outputs:
manila::api::enable_proxy_headers_parsing: true
step_config: |
include ::tripleo::profile::base::manila::api
-
+ service_config_settings:
+ keystone:
+ manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]}
+ manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]}
+ manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]}
+ manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]}
+ manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]}
+ manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]}
+ manila::keystone::auth::password: {get_param: ManilaPassword}
+ manila::keystone::auth::region: {get_param: KeystoneRegion}
diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml
index b939e7be..8cfa20bd 100644
--- a/puppet/services/neutron-api.yaml
+++ b/puppet/services/neutron-api.yaml
@@ -114,12 +114,6 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/ovs_neutron'
- neutron::keystone::auth::tenant: 'service'
- neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
- neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
- neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
- neutron::keystone::auth::password: {get_param: NeutronPassword}
- neutron::keystone::auth::region: {get_param: KeystoneRegion}
neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
neutron::server::api_workers: {get_param: NeutronWorkers}
@@ -161,3 +155,11 @@ outputs:
neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]}
step_config: |
include tripleo::profile::base::neutron::server
+ service_config_settings:
+ keystone:
+ neutron::keystone::auth::tenant: 'service'
+ neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
+ neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
+ neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
+ neutron::keystone::auth::password: {get_param: NeutronPassword}
+ neutron::keystone::auth::region: {get_param: KeystoneRegion}
diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml
index 9d42fe65..25ae0176 100644
--- a/puppet/services/nova-api.yaml
+++ b/puppet/services/nova-api.yaml
@@ -94,12 +94,6 @@ outputs:
nova::api::default_floating_pool: 'public'
nova::api::sync_db_api: true
nova::api::enable_proxy_headers_parsing: true
- nova::keystone::auth::tenant: 'service'
- nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
- nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
- nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
- nova::keystone::auth::password: {get_param: NovaPassword}
- nova::keystone::auth::region: {get_param: KeystoneRegion}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
@@ -113,3 +107,11 @@ outputs:
step_config: |
include tripleo::profile::base::nova::api
+ service_config_settings:
+ keystone:
+ nova::keystone::auth::tenant: 'service'
+ nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
+ nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
+ nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
+ nova::keystone::auth::password: {get_param: NovaPassword}
+ nova::keystone::auth::region: {get_param: KeystoneRegion}
diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml
index 8085d546..4f139b5f 100644
--- a/puppet/services/sahara-api.yaml
+++ b/puppet/services/sahara-api.yaml
@@ -61,11 +61,6 @@ outputs:
- get_attr: [SaharaBase, role_data, config_settings]
- sahara::port: {get_param: [EndpointMap, SaharaInternal, port]}
sahara::service::api::api_workers: {get_param: SaharaWorkers}
- sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]}
- sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]}
- sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]}
- sahara::keystone::auth::password: {get_param: SaharaPassword }
- sahara::keystone::auth::region: {get_param: KeystoneRegion}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
@@ -79,3 +74,11 @@ outputs:
- 13386
step_config: |
include ::tripleo::profile::base::sahara::api
+ service_config_settings:
+ keystone:
+ sahara::keystone::auth::tenant: 'service'
+ sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]}
+ sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]}
+ sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]}
+ sahara::keystone::auth::password: {get_param: SaharaPassword }
+ sahara::keystone::auth::region: {get_param: KeystoneRegion}
diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml
index c1ab8e8b..c3986b77 100644
--- a/puppet/services/sahara-base.yaml
+++ b/puppet/services/sahara-base.yaml
@@ -85,6 +85,5 @@ outputs:
- storm
sahara::rpc_backend: rabbit
sahara::admin_tenant_name: 'service'
- sahara::keystone::auth::tenant: 'service'
sahara::db::database_db_max_retries: -1
sahara::db::database_max_retries: -1
diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml
index 6a9bab71..7b5fa40c 100644
--- a/puppet/services/services.yaml
+++ b/puppet/services/services.yaml
@@ -102,4 +102,8 @@ outputs:
yaql:
expression: list($.data.where($ != null).select($.get('global_config_settings')).where($ != null))
data: {get_attr: [ServiceChain, role_data]}
+ service_config_settings:
+ yaql:
+ expression: $.data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {})
+ data: {get_attr: [ServiceChain, role_data]}
step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]}
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index d7b0cd7c..8b990bcd 100644
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -66,25 +66,11 @@ outputs:
swift::proxy::authtoken::project_name: 'service'
swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
swift::proxy::workers: {get_param: SwiftWorkers}
- swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
- swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
- swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
- swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
- swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
- swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
- swift::keystone::auth::password: {get_param: SwiftPassword}
- swift::keystone::auth::region: {get_param: KeystoneRegion}
tripleo.swift_proxy.firewall_rules:
'122 swift proxy':
dport:
- 8080
- 13808
- swift::keystone::auth::tenant: 'service'
- swift::keystone::auth::configure_s3_endpoint: false
- swift::keystone::auth::operator_roles:
- - admin
- - swiftoperator
- - ResellerAdmin
swift::proxy::keystone::operator_roles:
- admin
- swiftoperator
@@ -113,3 +99,19 @@ outputs:
swift::proxy::proxy_local_net_ip: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
step_config: |
include ::tripleo::profile::base::swift::proxy
+ service_config_settings:
+ keystone:
+ swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
+ swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
+ swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
+ swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
+ swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
+ swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
+ swift::keystone::auth::password: {get_param: SwiftPassword}
+ swift::keystone::auth::region: {get_param: KeystoneRegion}
+ swift::keystone::auth::tenant: 'service'
+ swift::keystone::auth::configure_s3_endpoint: false
+ swift::keystone::auth::operator_roles:
+ - admin
+ - swiftoperator
+ - ResellerAdmin