diff options
| -rw-r--r-- | block-storage.yaml | 1 | ||||
| -rw-r--r-- | cinder-storage.yaml | 195 | ||||
| -rw-r--r-- | compute.yaml | 2 | ||||
| -rw-r--r-- | controller.yaml | 42 | ||||
| -rw-r--r-- | overcloud-resource-registry.yaml | 2 | ||||
| -rw-r--r-- | overcloud-source.yaml | 50 | ||||
| -rw-r--r-- | overcloud-vlan-port.yaml | 1 | ||||
| -rw-r--r-- | overcloud-without-mergepy.yaml | 103 | ||||
| -rw-r--r-- | swift-storage.yaml | 168 | ||||
| -rw-r--r-- | undercloud-source.yaml | 12 |
10 files changed, 540 insertions, 36 deletions
diff --git a/block-storage.yaml b/block-storage.yaml index ae0d6543..172944aa 100644 --- a/block-storage.yaml +++ b/block-storage.yaml @@ -27,6 +27,7 @@ resources: depends_on: [BlockStorage0Deployment,BlockStorage0PassthroughSpecific] type: OS::Heat::StructuredDeployment properties: + signal_transport: {get_param: DefaultSignalTransport} config: {get_resource: allNodesConfig} server: {get_resource: BlockStorage0} BlockStorage0Deployment: diff --git a/cinder-storage.yaml b/cinder-storage.yaml new file mode 100644 index 00000000..c80b7771 --- /dev/null +++ b/cinder-storage.yaml @@ -0,0 +1,195 @@ +heat_template_version: 2014-10-16 +description: 'Common Block Storage Configuration' +parameters: + AdminPassword: + default: '' + type: string + Image: + default: overcloud-cinder-volume + type: string + CinderISCSIHelper: + default: tgtadm + description: The iSCSI helper to use with cinder. + type: string + CinderLVMLoopDeviceSize: + default: 5000 + description: The size of the loopback file used by the cinder LVM driver. + type: number + CinderPassword: + default: unset + description: The password for the cinder service account, used by cinder-api. + hidden: true + type: string + ControllerIP: + default: '' + type: string + ExtraConfig: + default: {} + description: | + Additional configuration to inject into the cluster. The JSON should have + the following structure: + {"FILEKEY": + {"config": + [{"section": "SECTIONNAME", + "values": + [{"option": "OPTIONNAME", + "value": "VALUENAME" + } + ] + } + ] + } + } + For instance: + {"nova": + {"config": + [{"section": "default", + "values": + [{"option": "force_config_drive", + "value": "always" + } + ] + }, + {"section": "cells", + "values": + [{"option": "driver", + "value": "nova.cells.rpc_driver.CellsRPCDriver" + } + ] + } + ] + } + } + type: json + Flavor: + default: baremetal + description: Flavor for block storage nodes to request when deploying. + type: string + GlancePort: + default: "9292" + description: Glance port. + type: string + KeyName: + default: default + description: Name of an existing EC2 KeyPair to enable SSH access to the instances + type: string + NeutronEnableTunnelling: + default: "True" + type: string + NeutronNetworkType: + default: gre + type: string + NeutronPassword: + default: '' + type: string + NeutronPublicInterface: + default: eth0 + type: string + RabbitPassword: + default: '' + type: string + RabbitUserName: + default: '' + type: string + SnmpdReadonlyUserName: + default: ro_snmp_user + description: The user name for SNMPd with readonly rights running on all Overcloud nodes + type: string + SnmpdReadonlyUserPassword: + default: unset + description: The user password for SNMPd with readonly rights running on all Overcloud nodes + type: string + hidden: true + +resources: + BlockStorage: + type: OS::Nova::Server + properties: + image: + {get_param: Image} + flavor: {get_param: Flavor} + key_name: {get_param: KeyName} + user_data_format: SOFTWARE_CONFIG + networks: + - network: ctlplane + BlockStorageDeployment: + type: OS::Heat::StructuredDeployment + properties: + server: {get_resource: BlockStorage} + config: {get_resource: BlockStorageConfig} + input_values: + controller_host: {get_param: ControllerIP} + cinder_dsn: {list_join: ['', ['mysql://cinder:unset@', {get_param: ControllerIP} , '/cinder']]} + neutron_local_ip: {get_attr: [BlockStorage , networks, ctlplane, 0]} + snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} + snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + signal_transport: NO_SIGNAL + BlockStorageConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + admin-password: {get_param: AdminPassword} + keystone: + host: {get_input: controller_host} + cinder: + db: {get_input: cinder_dsn} + volume_size_mb: + get_param: CinderLVMLoopDeviceSize + service-password: + get_param: CinderPassword + iscsi-helper: + get_param: CinderISCSIHelper + snmpd: + export_MIB: UCD-SNMP-MIB + readonly_user_name: {get_input: snmpd_readonly_user_name} + readonly_user_password: {get_input: snmpd_readonly_user_password} + rabbit: + host: {get_input: controller_host} + username: {get_param: RabbitUserName} + password: {get_param: RabbitPassword} + glance: + host: {get_input: controller_host} + port: {get_param: GlancePort} + interfaces: + control: {get_param: NeutronPublicInterface} + neutron: + ovs: + local_ip: {get_input: neutron_local_ip} + tenant_network_type: {get_param: NeutronNetworkType} + enable_tunneling: {get_param: NeutronEnableTunnelling} + service-password: + get_param: NeutronPassword + config: + keystone: + host: {get_input: controller_host} + cinder: + db: {get_input: cinder_dsn} + volume_size_mb: + get_param: CinderLVMLoopDeviceSize + service-password: + get_param: CinderPassword + iscsi-helper: + get_param: CinderISCSIHelper + admin-password: {get_param: AdminPassword} + rabbit: + host: {get_input: controller_host} + username: {get_param: RabbitUserName} + password: {get_param: RabbitPassword} + interfaces: + control: {get_param: NeutronPublicInterface} + neutron: + ovs: + local_ip: { get_input: neutron_local_ip } + tenant_network_type: {get_param: NeutronNetworkType} + enable_tunneling: {get_param: NeutronEnableTunnelling} + service-password: + get_param: NeutronPassword +outputs: + hosts_entry: + value: + str_replace: + template: "IP HOST HOST.novalocal" + params: + IP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + HOST: {get_attr: [BlockStorage, name]} diff --git a/compute.yaml b/compute.yaml index 99951490..bc13509c 100644 --- a/compute.yaml +++ b/compute.yaml @@ -169,7 +169,7 @@ parameters: description: An OVS bridge to create for accessing external networks. type: string NeutronPublicInterface: - default: '' + default: eth0 description: A port to add to the NeutronPhysicalBridge. type: string NeutronTunnelTypes: diff --git a/controller.yaml b/controller.yaml index 3cc27acf..0c76f496 100644 --- a/controller.yaml +++ b/controller.yaml @@ -297,6 +297,26 @@ parameters: description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints. type: string hidden: true + SwiftHashSuffix: + default: unset + description: A random string to be used as a salt when hashing to determine mappings + in the ring. + hidden: true + type: string + SwiftPartPower: + default: 10 + description: Partition Power to use when building Swift rings + type: number + SwiftPassword: + default: unset + description: The password for the swift service account, used by the swift proxy + services. + hidden: true + type: string + SwiftReplicas: + type: number + default: 1 + description: How many replicas to use in the swift rings. VirtualIP: type: string default: '' # Has to be here because of the ignored empty value bug @@ -677,6 +697,28 @@ resources: input_values: passthrough_config_specific: {get_param: ControllerExtraConfig} + SwiftConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + swift: + hash: { get_input: swift_hash_suffix } + part-power: { get_input: swift_part_power } + replicas: {get_input: swift_replicas } + service-password: { get_input: swift_password } + + SwiftStorageDeploy: + type: OS::Heat::StructuredDeployment + properties: + server: {get_resource: Controller} + config: {get_resource: SwiftConfig} + signal_transport: NO_SIGNAL + input_values: + swift_hash_suffix: {get_param: SwiftHashSuffix} + swift_password: {get_param: SwiftPassword} + swift_part_power: {get_param: SwiftPartPower} + swift_replicas: { get_param: SwiftReplicas} outputs: ip_address: diff --git a/overcloud-resource-registry.yaml b/overcloud-resource-registry.yaml index 29074fcf..822d9873 100644 --- a/overcloud-resource-registry.yaml +++ b/overcloud-resource-registry.yaml @@ -1,3 +1,5 @@ resource_registry: + OS::TripleO::BlockStorage: cinder-storage.yaml OS::TripleO::Compute: compute.yaml OS::TripleO::Controller: controller.yaml + OS::TripleO::ObjectStorage: swift-storage.yaml diff --git a/overcloud-source.yaml b/overcloud-source.yaml index 0832e7cd..64deb95b 100644 --- a/overcloud-source.yaml +++ b/overcloud-source.yaml @@ -177,6 +177,15 @@ parameters: description: Keystone key for signing tokens. type: string hidden: true + KeystoneSSLCertificate: + default: '' + description: Keystone certificate for verifying token validity. + type: string + KeystoneSSLCertificateKey: + default: '' + description: Keystone key for signing tokens. + type: string + hidden: true LiveUpdateComputeImage: type: string description: The image ID for live-updates to the overcloud compute nodes. @@ -344,6 +353,16 @@ parameters: default: guest description: The username for RabbitMQ type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number SnmpdReadonlyUserName: default: ro_snmp_user description: The user name for SNMPd with readonly rights running on all Overcloud nodes @@ -361,6 +380,7 @@ resources: network_id: {get_param: NeutronControlPlaneID} fixed_ips: get_param: ControlFixedIPs + replacement_policy: AUTO MysqlClusterUniquePart: type: OS::Heat::RandomString properties: @@ -376,6 +396,7 @@ resources: network: {get_param: PublicVirtualNetwork} fixed_ips: get_param: PublicVirtualFixedIPs + replacement_policy: AUTO RabbitCookie: type: OS::Heat::RandomString properties: @@ -568,6 +589,9 @@ resources: ca_certificate: {get_param: KeystoneCACertificate} signing_key: {get_param: KeystoneSigningKey} signing_certificate: {get_param: KeystoneSigningCertificate} + ssl: + certificate: {get_param: KeystoneSSLCertificate} + certificate_key: {get_param: KeystoneSSLCertificateKey} mysql: innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} local_bind: true @@ -656,6 +680,8 @@ resources: get_attr: - RabbitCookie - value + rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} + rabbit_port: {get_param: RabbitClientPort} ntp: servers: - {server: {get_param: NtpServer}, fudge: "stratum 0"} @@ -704,42 +730,33 @@ resources: ip: {get_attr: [controller0, networks, ctlplane, 0]} name: {get_attr: [controller0, name]} net_binds: - - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + - &control_vip {ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}} + - &public_vip {ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}} services: - name: keystone_admin port: 35357 - net_binds: &public_binds - - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} - name: keystone_public port: 5000 - net_binds: *public_binds - name: horizon port: 80 - net_binds: *public_binds - name: neutron port: 9696 - net_binds: *public_binds - name: cinder port: 8776 - net_binds: *public_binds - name: glance_api port: 9292 - net_binds: *public_binds - name: glance_registry port: 9191 - net_binds: *public_binds - name: heat_api port: 8004 - net_binds: *public_binds - name: heat_cloudwatch port: 8003 - net_binds: *public_binds - name: heat_cfn port: 8000 - net_binds: *public_binds - name: mysql port: 3306 + net_binds: + - *control_vip extra_server_params: - backup options: @@ -749,21 +766,18 @@ resources: port: 8773 - name: nova_osapi port: 8774 - net_binds: *public_binds - name: nova_metadata port: 8775 - net_binds: *public_binds - name: nova_novncproxy port: 6080 - net_binds: *public_binds - name: ceilometer port: 8777 - net_binds: *public_binds - name: swift_proxy_server port: 8080 - net_binds: *public_binds - name: rabbitmq port: 5672 + net_binds: + - *control_vip options: - timeout client 0 - timeout server 0 diff --git a/overcloud-vlan-port.yaml b/overcloud-vlan-port.yaml index 71b444fb..8f6f6937 100644 --- a/overcloud-vlan-port.yaml +++ b/overcloud-vlan-port.yaml @@ -36,3 +36,4 @@ resources: properties: name: controller0_vlan network: public + replacement_policy: AUTO diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml index bba63f5e..e171ff82 100644 --- a/overcloud-without-mergepy.yaml +++ b/overcloud-without-mergepy.yaml @@ -408,6 +408,29 @@ parameters: constraints: - custom_constraint: nova.flavor +# Block storage specific parameters + BlockStorageCount: + type: number + default: 1 + BlockStorageImage: + default: overcloud-cinder-volume + type: string + OvercloudBlockStorageFlavor: + default: baremetal + description: Flavor for block storage nodes to request when deploying. + type: string + +# Object storage specific parameters + ObjectStorageCount: + type: number + default: 0 + OvercloudSwiftStorageFlavor: + default: baremetal + description: Flavor for Swift storage nodes to request when deploying. + type: string + SwiftStorageImage: + default: overcloud-swift-storage + type: string resources: @@ -466,6 +489,10 @@ resources: SSLCertificate: {get_param: SSLCertificate} SSLKey: {get_param: SSLKey} SSLCACertificate: {get_param: SSLCACertificate} + SwiftHashSuffix: {get_param: SwiftHashSuffix} + SwiftPartPower: {get_param: SwiftPartPower} + SwiftPassword: {get_param: SwiftPassword} + SwiftReplicas: { get_param: SwiftReplicas} VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} PublicVirtualIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} @@ -535,6 +562,47 @@ resources: - *compute_database_host - /ovs_neutron + BlockStorage: + type: OS::Heat::ResourceGroup + properties: + count: {get_param: BlockStorageCount} + resource_def: + type: OS::TripleO::BlockStorage + properties: + AdminPassword: {get_param: AdminPassword} + Image: {get_param: BlockStorageImage} + CinderISCSIHelper: {get_param: CinderISCSIHelper} + CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize} + CinderPassword: {get_param: CinderPassword} + ControllerIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + KeyName: {get_param: KeyName} + NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling} + NeutronNetworkType: {get_param: NeutronNetworkType} + NeutronPassword: {get_param: NeutronPassword} + NeutronPublicInterface: {get_param: NeutronPublicInterface} + Flavor: {get_param: OvercloudBlockStorageFlavor} + RabbitPassword: {get_param: RabbitPassword} + RabbitUserName: {get_param: RabbitUserName} + + ObjectStorage: + type: OS::Heat::ResourceGroup + properties: + count: {get_param: ObjectStorageCount} + resource_def: + type: OS::TripleO::ObjectStorage + properties: + ControllerIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + KeyName: {get_param: KeyName} + NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling} + NeutronNetworkType: {get_param: NeutronNetworkType} + Flavor: {get_param: OvercloudSwiftStorageFlavor} + HashSuffix: {get_param: SwiftHashSuffix} + PartPower: {get_param: SwiftPartPower} + Password: {get_param: SwiftPassword} + Image: {get_param: SwiftStorageImage} + Replicas: { get_param: SwiftReplicas} + + allNodesConfig: type: OS::Heat::StructuredConfig properties: @@ -549,8 +617,12 @@ resources: - list_join: - "\n" - {get_attr: [Controller, hosts_entry]} - # TODO: ADD BLOCK STORAGE ENTRY HERE - # TODO: ADD SWIFT STORAGE ENTRY HERE + - list_join: + - "\n" + - {get_attr: [BlockStorage, hosts_entry]} + - list_join: + - "\n" + - {get_attr: [ObjectStorage, hosts_entry]} rabbit: nodes: list_join: @@ -579,6 +651,7 @@ resources: name: control_virtual_ip network_id: {get_param: NeutronControlPlaneID} fixed_ips: {get_param: ControlFixedIPs} + replacement_policy: AUTO PublicVirtualIP: type: OS::Neutron::Port @@ -586,6 +659,7 @@ resources: name: public_virtual_ip network: {get_param: PublicVirtualNetwork} fixed_ips: {get_param: PublicVirtualFixedIPs} + replacement_policy: AUTO ControllerBootstrapNodeConfig: type: OS::Heat::StructuredConfig @@ -605,16 +679,18 @@ resources: ControllerSwiftDeployment: type: OS::Heat::StructuredDeployments properties: - config: {get_resource: ControllerSwiftConfig} + config: {get_resource: SwiftDevicesAndProxyConfig} servers: {get_attr: [Controller, attributes, nova_server_resource]} signal_transport: NO_SIGNAL - input_values: - swift_hash_suffix: {get_param: SwiftHashSuffix} - swift_password: {get_param: SwiftPassword} - swift_part_power: {get_param: SwiftPartPower} - swift_replicas: { get_param: SwiftReplicas} - ControllerSwiftConfig: + ObjectStorageSwiftDeployment: + type: OS::Heat::StructuredDeployments + properties: + config: {get_resource: SwiftDevicesAndProxyConfig} + servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} + signal_transport: NO_SIGNAL + + SwiftDevicesAndProxyConfig: type: OS::Heat::StructuredConfig properties: group: os-apply-config @@ -628,18 +704,11 @@ resources: - {get_attr: [Controller, swift_device]} - list_join: - ", " - # TODO: replace the empty list with this: - # - {get_attr: [ObjectStorage, swift_device]} - # Once we have the swift/object-storage role - - [] - hash: { get_input: swift_hash_suffix } - part-power: { get_input: swift_part_power } + - {get_attr: [ObjectStorage, swift_device]} proxy-memcache: list_join: - "," - {get_attr: [Controller, swift_proxy_memcache]} - replicas: {get_input: swift_replicas } - service-password: { get_input: swift_password } ControllerClusterConfig: type: OS::Heat::StructuredConfig diff --git a/swift-storage.yaml b/swift-storage.yaml new file mode 100644 index 00000000..68fd8a48 --- /dev/null +++ b/swift-storage.yaml @@ -0,0 +1,168 @@ +heat_template_version: 2014-10-16 +description: 'Common Swift Storage Configuration' +parameters: + ControllerIP: + default: '' + type: string + ExtraConfig: + default: {} + description: | + Additional configuration to inject into the cluster. The JSON should have + the following structure: + {"FILEKEY": + {"config": + [{"section": "SECTIONNAME", + "values": + [{"option": "OPTIONNAME", + "value": "VALUENAME" + } + ] + } + ] + } + } + For instance: + {"nova": + {"config": + [{"section": "default", + "values": + [{"option": "force_config_drive", + "value": "always" + } + ] + }, + {"section": "cells", + "values": + [{"option": "driver", + "value": "nova.cells.rpc_driver.CellsRPCDriver" + } + ] + } + ] + } + } + type: json + Flavor: + default: baremetal + description: Flavor for Swift storage nodes to request when deploying. + type: string + HashSuffix: + default: unset + description: A random string to be used as a salt when hashing to determine mappings + in the ring. + hidden: true + type: string + Image: + default: overcloud-swift-storage + type: string + KeyName: + default: default + description: Name of an existing EC2 KeyPair to enable SSH access to the instances + type: string + NeutronEnableTunnelling: + default: "True" + type: string + NeutronNetworkType: + default: gre + type: string + PartPower: + default: 10 + description: Partition Power to use when building Swift rings + type: number + Password: + default: unset + description: The password for the swift service account, used by the swift proxy + services. + hidden: true + type: string + Replicas: + type: number + default: 1 + description: How many replicas to use in the swift rings. + SnmpdReadonlyUserName: + default: ro_snmp_user + description: The user name for SNMPd with readonly rights running on all Overcloud nodes + type: string + SnmpdReadonlyUserPassword: + default: unset + description: The user password for SNMPd with readonly rights running on all Overcloud nodes + type: string + hidden: true + +resources: + SwiftConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + snmpd: + export_MIB: UCD-SNMP-MIB + readonly_user_name: {get_input: snmpd_readonly_user_name} + readonly_user_password: {get_input: snmpd_readonly_user_password} + swift: + hash: { get_input: swift_hash_suffix } + part-power: { get_input: swift_part_power } + replicas: {get_input: swift_replicas } + service-password: { get_input: swift_password } + neutron: + enable_tunnelling: {get_param: NeutronEnableTunnelling} + tenant_network_type: {get_param: NeutronNetworkType} + ovs: + local_ip: { get_input: neutron_local_ip } + SwiftStorage: + type: OS::Nova::Server + properties: + image: {get_param: Image} + flavor: {get_param: Flavor} + key_name: {get_param: KeyName} + user_data_format: SOFTWARE_CONFIG + networks: + - network: ctlplane + SwiftKeystoneConfig: + type: OS::Heat::StructuredConfig + properties: + config: + keystone: + host: {get_input: keystone_host} + SwiftStorageKeystone: + type: OS::Heat::StructuredDeployment + properties: + server: {get_resource: SwiftStorage} + config: {get_resource: SwiftKeystoneConfig} + signal_transport: NO_SIGNAL + input_values: + keystone_host: {get_param: ControllerIP} + SwiftStorageDeploy: + type: OS::Heat::StructuredDeployment + properties: + server: {get_resource: SwiftStorage} + config: {get_resource: SwiftConfig} + signal_transport: NO_SIGNAL + input_values: + neutron_local_ip: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} + snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + swift_hash_suffix: {get_param: HashSuffix} + swift_password: {get_param: Password} + swift_part_power: {get_param: PartPower} + swift_replicas: { get_param: Replicas} + +outputs: + hosts_entry: + value: + str_replace: + template: "IP HOST HOST.novalocal" + params: + IP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + HOST: {get_attr: [SwiftStorage, name]} + nova_server_resource: + description: Heat resource handle for the swift storage server + value: + {get_resource: SwiftStorage} + swift_device: + description: Swift device formatted for swift-ring-builder + value: + str_replace: + template: 'r1z1-IP:%PORT%/d1' + params: + IP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} diff --git a/undercloud-source.yaml b/undercloud-source.yaml index 94795934..67c3e6d6 100644 --- a/undercloud-source.yaml +++ b/undercloud-source.yaml @@ -115,6 +115,15 @@ parameters: description: Keystone key for signing tokens. type: string hidden: true + KeystoneSSLCertificate: + default: '' + description: Keystone certificate for verifying token validity. + type: string + KeystoneSSLCertificateKey: + default: '' + description: Keystone key for signing tokens. + type: string + hidden: true HeatPassword: default: unset description: The password for the Heat service account, used by the Heat services. @@ -291,6 +300,9 @@ resources: ca_certificate: {get_param: KeystoneCACertificate} signing_key: {get_param: KeystoneSigningKey} signing_certificate: {get_param: KeystoneSigningCertificate} + ssl: + certificate: {get_param: KeystoneSSLCertificate} + certificate_key: {get_param: KeystoneSSLCertificateKey} mysql: innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} root-password: {get_resource: MysqlRootPassword} |