diff options
Diffstat (limited to 'puppet/controller.yaml')
| -rw-r--r-- | puppet/controller.yaml | 296 |
1 files changed, 223 insertions, 73 deletions
diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 3b7ec7e7..388c06a2 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -4,6 +4,11 @@ description: > OpenStack controller node configured by Puppet. parameters: + AdminEmail: + default: 'admin@example.com' + description: The email for the keystone admin account. + type: string + hidden: true AdminPassword: default: unset description: The password for the keystone admin account, used for monitoring, querying neutron etc. @@ -14,6 +19,9 @@ parameters: description: The keystone auth secret and db password. type: string hidden: true + CeilometerApiVirtualIP: + type: string + default: '' CeilometerBackend: default: 'mongodb' description: The ceilometer backend type. @@ -28,6 +36,9 @@ parameters: description: The password for the ceilometer service and db account. type: string hidden: true + CinderApiVirtualIP: + type: string + default: '' CinderEnableNfsBackend: default: false description: Whether to enable or not the NFS backend for Cinder @@ -95,6 +106,10 @@ parameters: default: true description: Whether to use Galera instead of regular MariaDB. type: boolean + EnableLoadBalancer: + default: true + description: Whether to deploy a LoadBalancer on the Controller + type: boolean EnableCephStorage: default: false description: Whether to deploy Ceph Storage (OSD) on the Controller @@ -159,14 +174,6 @@ parameters: description: The password for the glance service and db account, used by the glance services. type: string hidden: true - GlancePort: - default: "9292" - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string GlanceBackend: default: swift description: The short name of the Glance backend to use. Should be one @@ -174,6 +181,34 @@ parameters: type: string constraints: - allowed_values: ['swift', 'file', 'rbd'] + GlanceFilePcmkDevice: + default: '' + description: > + An exported storage device that should be mounted by Pacemaker + as Glance storage. Effective when GlanceFilePcmkManage is true. + type: string + GlanceFilePcmkFstype: + default: 'nfs' + description: > + Filesystem type for Pacemaker mount used as Glance storage. + Effective when GlanceFilePcmkManage is true. + type: string + GlanceFilePcmkManage: + default: false + description: > + Whether to make Glance file backend a mount managed by Pacemaker. + Effective when GlanceBackend is 'file'. + type: boolean + GlanceFilePcmkOptions: + default: '' + description: > + Mount options for Pacemaker mount used as Glance storage. + Effective when GlanceFilePcmkManage is true. + type: string + HAProxySyslogAddress: + default: /dev/log + description: Syslog address where HAproxy will send its log + type: string HeatPassword: default: unset description: The password for the Heat service and db account, used by the Heat services. @@ -187,9 +222,15 @@ parameters: HeatAuthEncryptionKey: description: Auth encryption key for heat-engine type: string + hidden: true + HorizonAllowedHosts: + default: '*' + description: A list of IP/Hostname allowed to connect to horizon + type: comma_delimited_list HorizonSecret: description: Secret key for Django type: string + hidden: true Image: type: string default: overcloud-control @@ -237,6 +278,18 @@ parameters: type: string constraints: - allowed_values: [ 'basic', 'cadf' ] + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + ManageFirewall: + default: false + description: Whether to manage IPtables rules. + type: boolean + PurgeFirewallRules: + default: false + description: Whether IPtables rules should be purged before setting up the new ones. + type: boolean MysqlClusterUniquePart: description: A unique identifier of the MySQL cluster the controller is in. type: string @@ -277,6 +330,22 @@ parameters: default: 'dhcp-option-force=26,1400' description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead. type: string + NeutronEnableDHCPAgent: + description: Knob to enable/disable DHCP Agent + type: boolean + default: true + NeutronEnableL3Agent: + description: Knob to enable/disable L3 agent + type: boolean + default: true + NeutronEnableMetadataAgent: + description: Knob to enable/disable Metadata agent + type: boolean + default: true + NeutronEnableOVSAgent: + description: Knob to enable/disable OVS Agent + type: boolean + default: true NeutronAgentMode: default: 'dvr_snat' description: Agent mode for the neutron-l3-agent on the controller hosts @@ -297,6 +366,7 @@ parameters: default: 'unset' description: Shared secret to prevent spoofing type: string + hidden: true NeutronCorePlugin: default: 'ml2' description: | @@ -324,9 +394,18 @@ parameters: default: 'True' description: Allow automatic l3-agent failover type: string + NeutronEnableIsolatedMetadata: + default: 'False' + description: If True, DHCP provide metadata route to VM. + type: string NeutronEnableTunnelling: type: string default: "True" + NeutronEnableL2Pop: + type: string + description: > + Enable/disable the L2 population feature in the Neutron agents. + default: "False" NeutronFlatNetworks: type: string default: 'datacentre' @@ -395,6 +474,9 @@ parameters: of VXLAN VNI IDs that are available for tenant network allocation default: ["1:1000", ] type: comma_delimited_list + NovaApiVirtualIP: + type: string + default: '' NovaPassword: default: unset description: The password for the nova service and db account, used by nova-api. @@ -405,18 +487,20 @@ parameters: description: Should MongoDb journaling be disabled type: boolean NtpServer: - type: string default: '' + description: Comma-separated list of ntp servers + type: comma_delimited_list PcsdPassword: type: string description: The password for the 'pcsd' user. + hidden: true PublicVirtualInterface: default: 'br-ex' description: > Specifies the interface where the public-facing virtual ip will be assigned. This should be int_public when a VLAN is being used. type: string - PublicVirtualIP: # DEPRECATED: use per service settings instead + PublicVirtualIP: type: string default: '' # Has to be here because of the ignored empty value bug RabbitCookie: @@ -442,6 +526,10 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number + RabbitFDLimit: + default: 16384 + description: Configures RabbitMQ FD limit + type: string RedisVirtualIP: type: string default: '' # Has to be here because of the ignored empty value bug @@ -454,20 +542,6 @@ parameters: description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true - SSLCACertificate: - default: '' - description: If set, the contents of an SSL certificate authority file. - type: string - SSLCertificate: - default: '' - description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints. - type: string - hidden: true - SSLKey: - default: '' - description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints. - type: string - hidden: true SwiftHashSuffix: default: unset description: A random string to be used as a salt when hashing to determine mappings @@ -492,6 +566,9 @@ parameters: services. hidden: true type: string + SwiftProxyVirtualIP: + type: string + default: '' SwiftReplicas: type: number default: 3 @@ -529,6 +606,11 @@ parameters: description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json UpdateIdentifier: default: '' type: string @@ -538,6 +620,14 @@ parameters: Hostname: type: string default: '' # Defaults to Heat created hostname + NetworkDeploymentActions: + type: comma_delimited_list + description: > + Heat action when to apply network configuration changes + default: ['CREATE'] + NodeIndex: + type: number + default: 0 resources: @@ -634,10 +724,26 @@ resources: properties: config: {get_resource: NetworkConfig} server: {get_resource: Controller} + actions: {get_param: NetworkDeploymentActions} input_values: bridge_name: br-ex interface_name: {get_param: NeutronPublicInterface} + # Resource for site-specific injection of root certificate + NodeTLSCAData: + depends_on: NetworkDeployment + type: OS::TripleO::NodeTLSCAData + properties: + server: {get_resource: Controller} + + # Hook for site-specific passing of private keys/certificates + NodeTLSData: + depends_on: NodeTLSCAData + type: OS::TripleO::NodeTLSData + properties: + server: {get_resource: Controller} + NodeIndex: {get_param: NodeIndex} + ControllerDeployment: type: OS::TripleO::SoftwareDeployment depends_on: NetworkDeployment @@ -647,6 +753,9 @@ resources: input_values: bootstack_nodeid: {get_attr: [Controller, name]} neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} + neutron_enable_l2pop: {get_param: NeutronEnableL2Pop} + neutron_enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata} + haproxy_log_address: {get_param: HAProxySyslogAddress} heat.watch_server_url: list_join: - '' @@ -666,7 +775,9 @@ resources: - {get_param: HeatApiVirtualIP} - ':8000/v1/waitcondition' heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} + horizon_allowed_hosts: {get_param: HorizonAllowedHosts} horizon_secret: {get_param: HorizonSecret} + admin_email: {get_param: AdminEmail} admin_password: {get_param: AdminPassword} admin_token: {get_param: AdminToken} neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP} @@ -695,9 +806,13 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/cinder' - glance_port: {get_param: GlancePort} + glance_port: {get_param: [EndpointMap, GlanceInternal, port]} glance_password: {get_param: GlancePassword} glance_backend: {get_param: GlanceBackend} + glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice} + glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype} + glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage} + glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions} glance_notifier_strategy: {get_param: GlanceNotifierStrategy} glance_log_file: {get_param: GlanceLogFile} glance_dsn: @@ -718,7 +833,6 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/heat' - keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]} keystone_ca_certificate: {get_param: KeystoneCACertificate} keystone_signing_key: {get_param: KeystoneSigningKey} keystone_signing_certificate: {get_param: KeystoneSigningCertificate} @@ -734,28 +848,18 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/keystone' - keystone_identity_uri: - list_join: - - '' - - - 'http://' - - {get_param: KeystoneAdminApiVirtualIP} - - ':35357/' - keystone_auth_uri: - list_join: - - '' - - - 'http://' - - {get_param: KeystonePublicApiVirtualIP} - - ':5000/v2.0/' - keystone_ec2_uri: - list_join: - - '' - - - 'http://' - - {get_param: KeystonePublicApiVirtualIP} - - ':5000/v2.0/ec2tokens' + keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + keystone_public_url: { get_param: [EndpointMap, KeystonePublic, uri_no_suffix] } + keystone_internal_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] } enable_fencing: {get_param: EnableFencing} enable_galera: {get_param: EnableGalera} + enable_load_balancer: {get_param: EnableLoadBalancer} enable_ceph_storage: {get_param: EnableCephStorage} enable_swift_storage: {get_param: EnableSwiftStorage} + manage_firewall: {get_param: ManageFirewall} + purge_firewall_rules: {get_param: PurgeFirewallRules} mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} mysql_max_connections: {get_param: MysqlMaxConnections} mysql_root_password: {get_param: MysqlRootPassword} @@ -785,6 +889,10 @@ resources: list_join: - "','" - {get_param: NeutronTypeDrivers} + neutron_enable_dhcp_agent: {get_param: NeutronEnableDHCPAgent} + neutron_enable_l3_agent: {get_param: NeutronEnableL3Agent} + neutron_enable_metadata_agent: {get_param: NeutronEnableMetadataAgent} + neutron_enable_ovs_agent: {get_param: NeutronEnableOVSAgent} neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} neutron_l3_ha: {get_param: NeutronL3HA} @@ -831,18 +939,11 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/ovs_neutron?charset=utf8' - neutron_url: - list_join: - - '' - - - 'http://' - - {get_param: NeutronApiVirtualIP} - - ':9696' - neutron_admin_auth_url: - list_join: - - '' - - - 'http://' - - {get_param: KeystoneAdminApiVirtualIP} - - ':35357/v2.0' + neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } + neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] } + neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } + neutron_admin_auth_url: { get_param: [ EndpointMap, KeystoneAdmin, uri ] } + nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] } ceilometer_backend: {get_param: CeilometerBackend} ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} ceilometer_password: {get_param: CeilometerPassword} @@ -855,7 +956,9 @@ resources: ceilometer_dsn: list_join: - '' - - - 'mysql://ceilometer:unset@' + - - 'mysql://ceilometer:' + - {get_param: CeilometerPassword} + - '@' - {get_param: MysqlVirtualIP} - '/ceilometer' snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} @@ -877,11 +980,15 @@ resources: rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} mongodb_no_journal: {get_param: MongoDbNoJournal} - ntp_servers: + # We need to force this into quotes or hiera will return integer causing + # the puppet module validation regexp to fail. + # Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401 + rabbit_fd_limit: str_replace: - template: '["server"]' + template: "'LIMIT'" params: - server: {get_param: NtpServer} + LIMIT: {get_param: RabbitFDLimit} + ntp_servers: {get_param: NtpServer} control_virtual_interface: {get_param: ControlVirtualInterface} public_virtual_interface: {get_param: PublicVirtualInterface} swift_hash_suffix: {get_param: SwiftHashSuffix} @@ -898,18 +1005,12 @@ resources: cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} - glance_api_servers: - list_join: - - '' - - - {get_param: GlanceProtocol} - - '://' - - {get_param: GlanceApiVirtualIP} - - ':' - - {get_param: GlancePort} + glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]} glance_registry_host: {get_param: GlanceRegistryVirtualIP} heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} + keystone_region: {get_param: KeystoneRegion} mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]} neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} @@ -954,6 +1055,7 @@ resources: - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre + - neutron_nuage_data # Optionally provided by ControllerExtraConfigPre datafiles: controller_extraconfig: mapped_data: {get_param: ControllerExtraConfig} @@ -978,6 +1080,7 @@ resources: # Pacemaker enable_fencing: {get_input: enable_fencing} + enable_load_balancer: {get_input: enable_load_balancer} hacluster_pwd: {get_input: pcsd_password} tripleo::fencing::config: {get_input: fencing_config} @@ -1038,11 +1141,15 @@ resources: glance::registry::auth_uri: {get_input: keystone_auth_uri} glance::registry::identity_uri: {get_input: keystone_identity_uri} glance::registry::debug: {get_input: debug} - glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address} + glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_uri} glance::backend::swift::swift_store_user: service:glance glance::backend::swift::swift_store_key: {get_input: glance_password} glance_backend: {get_input: glance_backend} glance::db::mysql::password: {get_input: glance_password} + glance_file_pcmk_device: {get_input: glance_file_pcmk_device} + glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype} + glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage} + glance_file_pcmk_options: {get_input: glance_file_pcmk_options} # Heat heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password} @@ -1083,6 +1190,12 @@ resources: keystone::rabbit_port: {get_input: rabbit_client_port} keystone::notification_driver: {get_input: keystone_notification_driver} keystone::notification_format: {get_input: keystone_notification_format} + keystone::roles::admin::email: {get_input: admin_email} + keystone::roles::admin::password: {get_input: admin_password} + keystone::endpoint::public_url: {get_input: keystone_public_url} + keystone::endpoint::internal_url: {get_input: keystone_internal_url} + keystone::endpoint::admin_url: {get_input: keystone_identity_uri} + keystone::endpoint::region: {get_input: keystone_region} # MongoDB mongodb::server::bind_ip: {get_input: mongo_db_network} mongodb::server::nojournal: {get_input: mongodb_no_journal} @@ -1101,7 +1214,7 @@ resources: # Neutron neutron::bind_host: {get_input: neutron_api_network} neutron::rabbit_password: {get_input: rabbit_password} - neutron::rabbit_user: {get_input: rabbit_user} + neutron::rabbit_user: {get_input: rabbit_username} neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} neutron::rabbit_port: {get_input: rabbit_client_port} neutron::debug: {get_input: debug} @@ -1110,6 +1223,8 @@ resources: neutron::server::database_connection: {get_input: neutron_dsn} neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge} neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} + neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop} + neutron::agents::dhcp::enable_isolated_metadata: {get_input: neutron_enable_isolated_metadata} neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} neutron_flat_networks: {get_input: neutron_flat_networks} neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret} @@ -1118,6 +1233,10 @@ resources: neutron_router_distributed: {get_input: neutron_router_distributed} neutron::core_plugin: {get_input: neutron_core_plugin} neutron::service_plugins: {get_input: neutron_service_plugins} + neutron::enable_dhcp_agent: {get_input: neutron_enable_dhcp_agent} + neutron::enable_l3_agent: {get_input: neutron_enable_l3_agent} + neutron::enable_metadata_agent: {get_input: neutron_enable_metadata_agent} + neutron::enable_ovs_agent: {get_input: neutron_enable_ovs_agent} neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers} neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers} neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover} @@ -1139,6 +1258,15 @@ resources: neutron_dsn: {get_input: neutron_dsn} neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri} neutron::db::mysql::password: {get_input: neutron_password} + neutron::keystone::auth::public_url: {get_input: neutron_public_url } + neutron::keystone::auth::internal_url: {get_input: neutron_internal_url } + neutron::keystone::auth::admin_url: {get_input: neutron_admin_url } + neutron::keystone::auth::password: {get_input: neutron_password } + neutron::keystone::auth::region: {get_input: keystone_region} + neutron::server::notifications::nova_url: {get_input: nova_internal_url} + neutron::server::notifications::auth_url: {get_input: neutron_admin_auth_url} + neutron::server::notifications::tenant_name: 'service' + neutron::server::notifications::password: {get_input: nova_password} # Ceilometer ceilometer_backend: {get_input: ceilometer_backend} @@ -1154,7 +1282,7 @@ resources: ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri} ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri} ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} - ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address} + ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri} ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url} ceilometer::db::mysql::password: {get_input: ceilometer_password} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} @@ -1175,13 +1303,14 @@ resources: nova::glance_api_servers: {get_input: glance_api_servers} nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} nova::network::neutron::neutron_admin_password: {get_input: neutron_password} - nova::network::neutron::neutron_url: {get_input: neutron_url} + nova::network::neutron::neutron_url: {get_input: neutron_internal_url} nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url} nova::vncproxy::host: {get_input: nova_api_network} nova::db::mysql::password: {get_input: nova_password} # Horizon apache::ip: {get_input: horizon_network} + horizon::allowed_hosts: {get_input: horizon_allowed_hosts} horizon::django_debug: {get_input: debug} horizon::secret_key: {get_input: horizon_secret} horizon::bind_address: {get_input: horizon_network} @@ -1190,9 +1319,15 @@ resources: # Rabbit rabbitmq::node_ip_address: {get_input: rabbitmq_network} rabbitmq::erlang_cookie: {get_input: rabbit_cookie} + rabbitmq::file_limit: {get_input: rabbit_fd_limit} + rabbitmq::default_user: {get_input: rabbit_username} + rabbitmq::default_pass: {get_input: rabbit_password} # Redis redis::bind: {get_input: redis_network} redis_vip: {get_input: redis_vip} + # Firewall + tripleo::firewall::manage_firewall: {get_input: manage_firewall} + tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules} # Misc memcached::listen_ip: {get_input: memcached_network} neutron_public_interface_ip: {get_input: neutron_public_interface_ip} @@ -1201,6 +1336,13 @@ resources: public_virtual_interface: {get_input: public_virtual_interface} tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface} tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface} + tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address} + # NOTE(jaosorior): The service certificate configuration for + # HAProxy was left commented because to properly use this, we + # need to be able to set up the keystone endpoints. And + # currently that is not possible, but is being addressed by + # other commits. A subsequent commit will uncomment this. + #tripleo::loadbalancer::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} @@ -1214,7 +1356,7 @@ resources: # Hook for site-specific additional pre-deployment config, # applying to all nodes, e.g node registration/unregistration NodeExtraConfig: - depends_on: ControllerExtraConfigPre + depends_on: [ControllerExtraConfigPre, NodeTLSData] type: OS::TripleO::NodeExtraConfig properties: server: {get_resource: Controller} @@ -1294,5 +1436,13 @@ outputs: list_join: - ',' - - {get_attr: [ControllerDeployment, deploy_stdout]} + - {get_attr: [NodeTLSCAData, deploy_stdout]} + - {get_attr: [NodeTLSData, deploy_stdout]} - {get_attr: [ControllerExtraConfigPre, deploy_stdout]} - {get_param: UpdateIdentifier} + tls_key_modulus_md5: + description: MD5 checksum of the TLS Key Modulus + value: {get_attr: [NodeTLSData, key_modulus_md5]} + tls_cert_modulus_md5: + description: MD5 checksum of the TLS Certificate Modulus + value: {get_attr: [NodeTLSData, cert_modulus_md5]} |