diff options
Diffstat (limited to 'controller.yaml')
-rw-r--r-- | controller.yaml | 62 |
1 files changed, 61 insertions, 1 deletions
diff --git a/controller.yaml b/controller.yaml index 6acf232f..0e99cb04 100644 --- a/controller.yaml +++ b/controller.yaml @@ -157,6 +157,15 @@ parameters: description: Keystone key for signing tokens. type: string hidden: true + KeystoneSSLCertificate: + default: '' + description: Keystone certificate for verifying token validity. + type: string + KeystoneSSLCertificateKey: + default: '' + description: Keystone key for signing tokens. + type: string + hidden: true MysqlClusterUniquePart: description: A unique identifier of the MySQL cluster the controller is in. type: string @@ -188,6 +197,28 @@ parameters: default: 'dhcp-option-force=26,1400' description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead. type: string + NeutronAgentMode: + default: 'dvr_snat' + description: Agent mode for the neutron-l3-agent on the controller hosts + type: string + NeutronDVR: + default: 'False' + description: Whether to configure Neutron Distributed Virtual Routers + type: string + NeutronMetadataProxySharedSecret: + default: 'unset' + description: Shared secret to prevent spoofing + type: string + NeutronMechanismDrivers: + default: 'openvswitch' + description: | + The mechanism drivers for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'openvswitch,l2_population' + type: string + NeutronAllowL3AgentFailover: + default: 'True' + description: Allow automatic l3-agent failover + type: string NeutronEnableTunnelling: type: string default: "True" @@ -273,6 +304,16 @@ parameters: default: guest description: The username for RabbitMQ type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number SnmpdReadonlyUserName: default: ro_snmp_user description: The user name for SNMPd with readonly rights running on all Overcloud nodes @@ -415,6 +456,9 @@ resources: ca_certificate: {get_param: KeystoneCACertificate} signing_key: {get_param: KeystoneSigningKey} signing_certificate: {get_param: KeystoneSigningCertificate} + ssl: + certificate: {get_param: KeystoneSSLCertificate} + certificate_key: {get_param: KeystoneSSLCertificateKey} mysql: innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} local_bind: true @@ -428,7 +472,11 @@ resources: debug: {get_param: Debug} flat-networks: {get_param: NeutronFlatNetworks} host: {get_input: controller_virtual_ip} - metadata_proxy_shared_secret: unset + metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + agent_mode: {get_param: NeutronAgentMode} + router_distributed: {get_param: NeutronDVR} + mechanism_drivers: {get_param: NeutronMechanismDrivers} + allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} ovs: enable_tunneling: {get_input: neutron_enable_tunneling} local_ip: {get_input: controller_host} @@ -481,6 +529,8 @@ resources: username: {get_param: RabbitUserName} password: {get_param: RabbitPassword} cookie: {get_param: RabbitCookie} + rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} + rabbit_port: {get_param: RabbitClientPort} ntp: servers: - {server: {get_param: NtpServer}, fudge: "stratum 0"} @@ -518,6 +568,8 @@ resources: haproxy: net_binds: - ip: {get_param: VirtualIP} + options: + - option httpchk GET / services: - name: keystone_admin port: 35357 @@ -542,6 +594,7 @@ resources: - name: glance_registry port: 9191 net_binds: *public_binds + options: # overwrite options as glace_reg needs auth for http req - name: heat_api port: 8004 net_binds: *public_binds @@ -566,17 +619,24 @@ resources: - name: nova_metadata port: 8775 net_binds: *public_binds + - name: nova_novncproxy + port: 6080 + net_binds: *public_binds - name: ceilometer port: 8777 net_binds: *public_binds + options: # overwrite options as ceil needs auth for http req - name: swift_proxy_server port: 8080 net_binds: *public_binds + options: + - option httpchk GET /info - name: rabbitmq port: 5672 options: - timeout client 0 - timeout server 0 + - maxconn 1500 ControllerPassthroughConfig: type: OS::Heat::StructuredConfig |