summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--overcloud.yaml1
-rw-r--r--puppet/controller.yaml18
-rw-r--r--puppet/services/glance-api.yaml8
-rw-r--r--puppet/services/glance-registry.yaml7
-rw-r--r--puppet/services/heat-api-cfn.yaml7
-rw-r--r--puppet/services/heat-api-cloudwatch.yaml7
-rw-r--r--puppet/services/heat-api.yaml7
-rw-r--r--puppet/services/heat-engine.yaml14
8 files changed, 48 insertions, 21 deletions
diff --git a/overcloud.yaml b/overcloud.yaml
index 4c0d6728..0f05f40f 100644
--- a/overcloud.yaml
+++ b/overcloud.yaml
@@ -403,7 +403,6 @@ resources:
properties:
CloudDomain: {get_param: CloudDomain}
controllerExtraConfig: {get_param: controllerExtraConfig}
- HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey}
HorizonSecret: {get_resource: HorizonSecret}
PcsdPassword: {get_resource: PcsdPassword}
RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index a8dc5fba..0bdd8d34 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -87,10 +87,6 @@ parameters:
type: string
constraints:
- custom_constraint: nova.flavor
- HeatAuthEncryptionKey:
- description: Auth encryption key for heat-engine
- type: string
- hidden: true
HorizonSecret:
description: Secret key for Django
type: string
@@ -405,7 +401,6 @@ resources:
server: {get_resource: Controller}
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
- heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
horizon_secret: {get_param: HorizonSecret}
debug: {get_param: Debug}
keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
@@ -440,10 +435,7 @@ resources:
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
- glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
- glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
- heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
manila_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]}
@@ -536,16 +528,6 @@ resources:
swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
swift::swift_hash_path_suffix: {get_input: swift_hash_suffix}
- # Glance
- glance::api::bind_host: {get_input: glance_api_network}
- glance::registry::bind_host: {get_input: glance_registry_network}
-
- # Heat
- heat::api::bind_host: {get_input: heat_api_network}
- heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
- heat::api_cfn::bind_host: {get_input: heat_api_network}
- heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
-
# Keystone
keystone::admin_bind_host: {get_input: keystone_admin_api_network}
keystone::public_bind_host: {get_input: keystone_public_api_network}
diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml
index 4954119f..d2376af3 100644
--- a/puppet/services/glance-api.yaml
+++ b/puppet/services/glance-api.yaml
@@ -131,6 +131,12 @@ outputs:
glance::api::keystone_tenant: 'service'
glance::api::pipeline: 'keystone'
glance::api::show_image_direct_url: true
-
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]}
step_config: |
include ::tripleo::profile::base::glance::api
diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml
index d8861f70..06ef9379 100644
--- a/puppet/services/glance-registry.yaml
+++ b/puppet/services/glance-registry.yaml
@@ -66,5 +66,12 @@ outputs:
'112 glance_registry':
dport:
- 9191
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ glance::registry::bind_host: {get_param: [ServiceNetMap, GlanceRegistryNetwork]}
step_config: |
include ::tripleo::profile::base::glance::registry
diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml
index 4f8900aa..a15ea32d 100644
--- a/puppet/services/heat-api-cfn.yaml
+++ b/puppet/services/heat-api-cfn.yaml
@@ -59,5 +59,12 @@ outputs:
dport:
- 8000
- 13800
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
step_config: |
include ::tripleo::profile::base::heat::api_cfn
diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml
index 7a09aad0..6d645ee7 100644
--- a/puppet/services/heat-api-cloudwatch.yaml
+++ b/puppet/services/heat-api-cloudwatch.yaml
@@ -45,5 +45,12 @@ outputs:
dport:
- 8003
- 13003
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ heat::api_cloudwatch::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
step_config: |
include ::tripleo::profile::base::heat::api_cloudwatch
diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml
index 3a5d2a13..ec3b0e37 100644
--- a/puppet/services/heat-api.yaml
+++ b/puppet/services/heat-api.yaml
@@ -59,5 +59,12 @@ outputs:
dport:
- 8004
- 13004
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
step_config: |
include ::tripleo::profile::base::heat::api
diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml
index fba80c5d..b230ec1d 100644
--- a/puppet/services/heat-engine.yaml
+++ b/puppet/services/heat-engine.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
Openstack Heat Engine service configured with Puppet
@@ -35,6 +35,11 @@ parameters:
description: Password for heat_stack_domain_admin user.
type: string
hidden: true
+ HeatAuthEncryptionKey:
+ description: Auth encryption key for heat-engine
+ type: string
+ hidden: true
+ default: ''
resources:
HeatBase:
@@ -76,5 +81,12 @@ outputs:
heat::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+ heat::engine::auth_encryption_key:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: HeatAuthEncryptionKey}
+ - {get_param: [DefaultPasswords, heat_auth_encryption_key]}
step_config: |
include ::tripleo::profile::base::heat::engine