aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/controller.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/controller.yaml')
-rw-r--r--puppet/controller.yaml296
1 files changed, 223 insertions, 73 deletions
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 3b7ec7e7..388c06a2 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -4,6 +4,11 @@ description: >
OpenStack controller node configured by Puppet.
parameters:
+ AdminEmail:
+ default: 'admin@example.com'
+ description: The email for the keystone admin account.
+ type: string
+ hidden: true
AdminPassword:
default: unset
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
@@ -14,6 +19,9 @@ parameters:
description: The keystone auth secret and db password.
type: string
hidden: true
+ CeilometerApiVirtualIP:
+ type: string
+ default: ''
CeilometerBackend:
default: 'mongodb'
description: The ceilometer backend type.
@@ -28,6 +36,9 @@ parameters:
description: The password for the ceilometer service and db account.
type: string
hidden: true
+ CinderApiVirtualIP:
+ type: string
+ default: ''
CinderEnableNfsBackend:
default: false
description: Whether to enable or not the NFS backend for Cinder
@@ -95,6 +106,10 @@ parameters:
default: true
description: Whether to use Galera instead of regular MariaDB.
type: boolean
+ EnableLoadBalancer:
+ default: true
+ description: Whether to deploy a LoadBalancer on the Controller
+ type: boolean
EnableCephStorage:
default: false
description: Whether to deploy Ceph Storage (OSD) on the Controller
@@ -159,14 +174,6 @@ parameters:
description: The password for the glance service and db account, used by the glance services.
type: string
hidden: true
- GlancePort:
- default: "9292"
- description: Glance port.
- type: string
- GlanceProtocol:
- default: http
- description: Protocol to use when connecting to glance, set to https for SSL.
- type: string
GlanceBackend:
default: swift
description: The short name of the Glance backend to use. Should be one
@@ -174,6 +181,34 @@ parameters:
type: string
constraints:
- allowed_values: ['swift', 'file', 'rbd']
+ GlanceFilePcmkDevice:
+ default: ''
+ description: >
+ An exported storage device that should be mounted by Pacemaker
+ as Glance storage. Effective when GlanceFilePcmkManage is true.
+ type: string
+ GlanceFilePcmkFstype:
+ default: 'nfs'
+ description: >
+ Filesystem type for Pacemaker mount used as Glance storage.
+ Effective when GlanceFilePcmkManage is true.
+ type: string
+ GlanceFilePcmkManage:
+ default: false
+ description: >
+ Whether to make Glance file backend a mount managed by Pacemaker.
+ Effective when GlanceBackend is 'file'.
+ type: boolean
+ GlanceFilePcmkOptions:
+ default: ''
+ description: >
+ Mount options for Pacemaker mount used as Glance storage.
+ Effective when GlanceFilePcmkManage is true.
+ type: string
+ HAProxySyslogAddress:
+ default: /dev/log
+ description: Syslog address where HAproxy will send its log
+ type: string
HeatPassword:
default: unset
description: The password for the Heat service and db account, used by the Heat services.
@@ -187,9 +222,15 @@ parameters:
HeatAuthEncryptionKey:
description: Auth encryption key for heat-engine
type: string
+ hidden: true
+ HorizonAllowedHosts:
+ default: '*'
+ description: A list of IP/Hostname allowed to connect to horizon
+ type: comma_delimited_list
HorizonSecret:
description: Secret key for Django
type: string
+ hidden: true
Image:
type: string
default: overcloud-control
@@ -237,6 +278,18 @@ parameters:
type: string
constraints:
- allowed_values: [ 'basic', 'cadf' ]
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ ManageFirewall:
+ default: false
+ description: Whether to manage IPtables rules.
+ type: boolean
+ PurgeFirewallRules:
+ default: false
+ description: Whether IPtables rules should be purged before setting up the new ones.
+ type: boolean
MysqlClusterUniquePart:
description: A unique identifier of the MySQL cluster the controller is in.
type: string
@@ -277,6 +330,22 @@ parameters:
default: 'dhcp-option-force=26,1400'
description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
type: string
+ NeutronEnableDHCPAgent:
+ description: Knob to enable/disable DHCP Agent
+ type: boolean
+ default: true
+ NeutronEnableL3Agent:
+ description: Knob to enable/disable L3 agent
+ type: boolean
+ default: true
+ NeutronEnableMetadataAgent:
+ description: Knob to enable/disable Metadata agent
+ type: boolean
+ default: true
+ NeutronEnableOVSAgent:
+ description: Knob to enable/disable OVS Agent
+ type: boolean
+ default: true
NeutronAgentMode:
default: 'dvr_snat'
description: Agent mode for the neutron-l3-agent on the controller hosts
@@ -297,6 +366,7 @@ parameters:
default: 'unset'
description: Shared secret to prevent spoofing
type: string
+ hidden: true
NeutronCorePlugin:
default: 'ml2'
description: |
@@ -324,9 +394,18 @@ parameters:
default: 'True'
description: Allow automatic l3-agent failover
type: string
+ NeutronEnableIsolatedMetadata:
+ default: 'False'
+ description: If True, DHCP provide metadata route to VM.
+ type: string
NeutronEnableTunnelling:
type: string
default: "True"
+ NeutronEnableL2Pop:
+ type: string
+ description: >
+ Enable/disable the L2 population feature in the Neutron agents.
+ default: "False"
NeutronFlatNetworks:
type: string
default: 'datacentre'
@@ -395,6 +474,9 @@ parameters:
of VXLAN VNI IDs that are available for tenant network allocation
default: ["1:1000", ]
type: comma_delimited_list
+ NovaApiVirtualIP:
+ type: string
+ default: ''
NovaPassword:
default: unset
description: The password for the nova service and db account, used by nova-api.
@@ -405,18 +487,20 @@ parameters:
description: Should MongoDb journaling be disabled
type: boolean
NtpServer:
- type: string
default: ''
+ description: Comma-separated list of ntp servers
+ type: comma_delimited_list
PcsdPassword:
type: string
description: The password for the 'pcsd' user.
+ hidden: true
PublicVirtualInterface:
default: 'br-ex'
description: >
Specifies the interface where the public-facing virtual ip will be assigned.
This should be int_public when a VLAN is being used.
type: string
- PublicVirtualIP: # DEPRECATED: use per service settings instead
+ PublicVirtualIP:
type: string
default: '' # Has to be here because of the ignored empty value bug
RabbitCookie:
@@ -442,6 +526,10 @@ parameters:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
+ RabbitFDLimit:
+ default: 16384
+ description: Configures RabbitMQ FD limit
+ type: string
RedisVirtualIP:
type: string
default: '' # Has to be here because of the ignored empty value bug
@@ -454,20 +542,6 @@ parameters:
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
type: string
hidden: true
- SSLCACertificate:
- default: ''
- description: If set, the contents of an SSL certificate authority file.
- type: string
- SSLCertificate:
- default: ''
- description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
- type: string
- hidden: true
- SSLKey:
- default: ''
- description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
- type: string
- hidden: true
SwiftHashSuffix:
default: unset
description: A random string to be used as a salt when hashing to determine mappings
@@ -492,6 +566,9 @@ parameters:
services.
hidden: true
type: string
+ SwiftProxyVirtualIP:
+ type: string
+ default: ''
SwiftReplicas:
type: number
default: 3
@@ -529,6 +606,11 @@ parameters:
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry.
type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
UpdateIdentifier:
default: ''
type: string
@@ -538,6 +620,14 @@ parameters:
Hostname:
type: string
default: '' # Defaults to Heat created hostname
+ NetworkDeploymentActions:
+ type: comma_delimited_list
+ description: >
+ Heat action when to apply network configuration changes
+ default: ['CREATE']
+ NodeIndex:
+ type: number
+ default: 0
resources:
@@ -634,10 +724,26 @@ resources:
properties:
config: {get_resource: NetworkConfig}
server: {get_resource: Controller}
+ actions: {get_param: NetworkDeploymentActions}
input_values:
bridge_name: br-ex
interface_name: {get_param: NeutronPublicInterface}
+ # Resource for site-specific injection of root certificate
+ NodeTLSCAData:
+ depends_on: NetworkDeployment
+ type: OS::TripleO::NodeTLSCAData
+ properties:
+ server: {get_resource: Controller}
+
+ # Hook for site-specific passing of private keys/certificates
+ NodeTLSData:
+ depends_on: NodeTLSCAData
+ type: OS::TripleO::NodeTLSData
+ properties:
+ server: {get_resource: Controller}
+ NodeIndex: {get_param: NodeIndex}
+
ControllerDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: NetworkDeployment
@@ -647,6 +753,9 @@ resources:
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
+ neutron_enable_l2pop: {get_param: NeutronEnableL2Pop}
+ neutron_enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
+ haproxy_log_address: {get_param: HAProxySyslogAddress}
heat.watch_server_url:
list_join:
- ''
@@ -666,7 +775,9 @@ resources:
- {get_param: HeatApiVirtualIP}
- ':8000/v1/waitcondition'
heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
+ horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
horizon_secret: {get_param: HorizonSecret}
+ admin_email: {get_param: AdminEmail}
admin_password: {get_param: AdminPassword}
admin_token: {get_param: AdminToken}
neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
@@ -695,9 +806,13 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/cinder'
- glance_port: {get_param: GlancePort}
+ glance_port: {get_param: [EndpointMap, GlanceInternal, port]}
glance_password: {get_param: GlancePassword}
glance_backend: {get_param: GlanceBackend}
+ glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice}
+ glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype}
+ glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage}
+ glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions}
glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
glance_log_file: {get_param: GlanceLogFile}
glance_dsn:
@@ -718,7 +833,6 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/heat'
- keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]}
keystone_ca_certificate: {get_param: KeystoneCACertificate}
keystone_signing_key: {get_param: KeystoneSigningKey}
keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
@@ -734,28 +848,18 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/keystone'
- keystone_identity_uri:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystoneAdminApiVirtualIP}
- - ':35357/'
- keystone_auth_uri:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystonePublicApiVirtualIP}
- - ':5000/v2.0/'
- keystone_ec2_uri:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystonePublicApiVirtualIP}
- - ':5000/v2.0/ec2tokens'
+ keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ keystone_public_url: { get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
+ keystone_internal_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
+ keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
enable_fencing: {get_param: EnableFencing}
enable_galera: {get_param: EnableGalera}
+ enable_load_balancer: {get_param: EnableLoadBalancer}
enable_ceph_storage: {get_param: EnableCephStorage}
enable_swift_storage: {get_param: EnableSwiftStorage}
+ manage_firewall: {get_param: ManageFirewall}
+ purge_firewall_rules: {get_param: PurgeFirewallRules}
mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
mysql_max_connections: {get_param: MysqlMaxConnections}
mysql_root_password: {get_param: MysqlRootPassword}
@@ -785,6 +889,10 @@ resources:
list_join:
- "','"
- {get_param: NeutronTypeDrivers}
+ neutron_enable_dhcp_agent: {get_param: NeutronEnableDHCPAgent}
+ neutron_enable_l3_agent: {get_param: NeutronEnableL3Agent}
+ neutron_enable_metadata_agent: {get_param: NeutronEnableMetadataAgent}
+ neutron_enable_ovs_agent: {get_param: NeutronEnableOVSAgent}
neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
neutron_l3_ha: {get_param: NeutronL3HA}
@@ -831,18 +939,11 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/ovs_neutron?charset=utf8'
- neutron_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NeutronApiVirtualIP}
- - ':9696'
- neutron_admin_auth_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystoneAdminApiVirtualIP}
- - ':35357/v2.0'
+ neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
+ neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] }
+ neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
+ neutron_admin_auth_url: { get_param: [ EndpointMap, KeystoneAdmin, uri ] }
+ nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
ceilometer_backend: {get_param: CeilometerBackend}
ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
ceilometer_password: {get_param: CeilometerPassword}
@@ -855,7 +956,9 @@ resources:
ceilometer_dsn:
list_join:
- ''
- - - 'mysql://ceilometer:unset@'
+ - - 'mysql://ceilometer:'
+ - {get_param: CeilometerPassword}
+ - '@'
- {get_param: MysqlVirtualIP}
- '/ceilometer'
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
@@ -877,11 +980,15 @@ resources:
rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
rabbit_client_port: {get_param: RabbitClientPort}
mongodb_no_journal: {get_param: MongoDbNoJournal}
- ntp_servers:
+ # We need to force this into quotes or hiera will return integer causing
+ # the puppet module validation regexp to fail.
+ # Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401
+ rabbit_fd_limit:
str_replace:
- template: '["server"]'
+ template: "'LIMIT'"
params:
- server: {get_param: NtpServer}
+ LIMIT: {get_param: RabbitFDLimit}
+ ntp_servers: {get_param: NtpServer}
control_virtual_interface: {get_param: ControlVirtualInterface}
public_virtual_interface: {get_param: PublicVirtualInterface}
swift_hash_suffix: {get_param: SwiftHashSuffix}
@@ -898,18 +1005,12 @@ resources:
cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
- glance_api_servers:
- list_join:
- - ''
- - - {get_param: GlanceProtocol}
- - '://'
- - {get_param: GlanceApiVirtualIP}
- - ':'
- - {get_param: GlancePort}
+ glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
glance_registry_host: {get_param: GlanceRegistryVirtualIP}
heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
+ keystone_region: {get_param: KeystoneRegion}
mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
@@ -954,6 +1055,7 @@ resources:
- neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
- neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
- cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
+ - neutron_nuage_data # Optionally provided by ControllerExtraConfigPre
datafiles:
controller_extraconfig:
mapped_data: {get_param: ControllerExtraConfig}
@@ -978,6 +1080,7 @@ resources:
# Pacemaker
enable_fencing: {get_input: enable_fencing}
+ enable_load_balancer: {get_input: enable_load_balancer}
hacluster_pwd: {get_input: pcsd_password}
tripleo::fencing::config: {get_input: fencing_config}
@@ -1038,11 +1141,15 @@ resources:
glance::registry::auth_uri: {get_input: keystone_auth_uri}
glance::registry::identity_uri: {get_input: keystone_identity_uri}
glance::registry::debug: {get_input: debug}
- glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address}
+ glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_uri}
glance::backend::swift::swift_store_user: service:glance
glance::backend::swift::swift_store_key: {get_input: glance_password}
glance_backend: {get_input: glance_backend}
glance::db::mysql::password: {get_input: glance_password}
+ glance_file_pcmk_device: {get_input: glance_file_pcmk_device}
+ glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype}
+ glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage}
+ glance_file_pcmk_options: {get_input: glance_file_pcmk_options}
# Heat
heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
@@ -1083,6 +1190,12 @@ resources:
keystone::rabbit_port: {get_input: rabbit_client_port}
keystone::notification_driver: {get_input: keystone_notification_driver}
keystone::notification_format: {get_input: keystone_notification_format}
+ keystone::roles::admin::email: {get_input: admin_email}
+ keystone::roles::admin::password: {get_input: admin_password}
+ keystone::endpoint::public_url: {get_input: keystone_public_url}
+ keystone::endpoint::internal_url: {get_input: keystone_internal_url}
+ keystone::endpoint::admin_url: {get_input: keystone_identity_uri}
+ keystone::endpoint::region: {get_input: keystone_region}
# MongoDB
mongodb::server::bind_ip: {get_input: mongo_db_network}
mongodb::server::nojournal: {get_input: mongodb_no_journal}
@@ -1101,7 +1214,7 @@ resources:
# Neutron
neutron::bind_host: {get_input: neutron_api_network}
neutron::rabbit_password: {get_input: rabbit_password}
- neutron::rabbit_user: {get_input: rabbit_user}
+ neutron::rabbit_user: {get_input: rabbit_username}
neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
neutron::rabbit_port: {get_input: rabbit_client_port}
neutron::debug: {get_input: debug}
@@ -1110,6 +1223,8 @@ resources:
neutron::server::database_connection: {get_input: neutron_dsn}
neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
+ neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop}
+ neutron::agents::dhcp::enable_isolated_metadata: {get_input: neutron_enable_isolated_metadata}
neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
neutron_flat_networks: {get_input: neutron_flat_networks}
neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
@@ -1118,6 +1233,10 @@ resources:
neutron_router_distributed: {get_input: neutron_router_distributed}
neutron::core_plugin: {get_input: neutron_core_plugin}
neutron::service_plugins: {get_input: neutron_service_plugins}
+ neutron::enable_dhcp_agent: {get_input: neutron_enable_dhcp_agent}
+ neutron::enable_l3_agent: {get_input: neutron_enable_l3_agent}
+ neutron::enable_metadata_agent: {get_input: neutron_enable_metadata_agent}
+ neutron::enable_ovs_agent: {get_input: neutron_enable_ovs_agent}
neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers}
neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
@@ -1139,6 +1258,15 @@ resources:
neutron_dsn: {get_input: neutron_dsn}
neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
neutron::db::mysql::password: {get_input: neutron_password}
+ neutron::keystone::auth::public_url: {get_input: neutron_public_url }
+ neutron::keystone::auth::internal_url: {get_input: neutron_internal_url }
+ neutron::keystone::auth::admin_url: {get_input: neutron_admin_url }
+ neutron::keystone::auth::password: {get_input: neutron_password }
+ neutron::keystone::auth::region: {get_input: keystone_region}
+ neutron::server::notifications::nova_url: {get_input: nova_internal_url}
+ neutron::server::notifications::auth_url: {get_input: neutron_admin_auth_url}
+ neutron::server::notifications::tenant_name: 'service'
+ neutron::server::notifications::password: {get_input: nova_password}
# Ceilometer
ceilometer_backend: {get_input: ceilometer_backend}
@@ -1154,7 +1282,7 @@ resources:
ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
- ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address}
+ ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri}
ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
ceilometer::db::mysql::password: {get_input: ceilometer_password}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
@@ -1175,13 +1303,14 @@ resources:
nova::glance_api_servers: {get_input: glance_api_servers}
nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
- nova::network::neutron::neutron_url: {get_input: neutron_url}
+ nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
nova::vncproxy::host: {get_input: nova_api_network}
nova::db::mysql::password: {get_input: nova_password}
# Horizon
apache::ip: {get_input: horizon_network}
+ horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
horizon::django_debug: {get_input: debug}
horizon::secret_key: {get_input: horizon_secret}
horizon::bind_address: {get_input: horizon_network}
@@ -1190,9 +1319,15 @@ resources:
# Rabbit
rabbitmq::node_ip_address: {get_input: rabbitmq_network}
rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
+ rabbitmq::file_limit: {get_input: rabbit_fd_limit}
+ rabbitmq::default_user: {get_input: rabbit_username}
+ rabbitmq::default_pass: {get_input: rabbit_password}
# Redis
redis::bind: {get_input: redis_network}
redis_vip: {get_input: redis_vip}
+ # Firewall
+ tripleo::firewall::manage_firewall: {get_input: manage_firewall}
+ tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
# Misc
memcached::listen_ip: {get_input: memcached_network}
neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
@@ -1201,6 +1336,13 @@ resources:
public_virtual_interface: {get_input: public_virtual_interface}
tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
+ tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address}
+ # NOTE(jaosorior): The service certificate configuration for
+ # HAProxy was left commented because to properly use this, we
+ # need to be able to set up the keystone endpoints. And
+ # currently that is not possible, but is being addressed by
+ # other commits. A subsequent commit will uncomment this.
+ #tripleo::loadbalancer::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
tripleo::packages::enable_install: {get_input: enable_package_install}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
@@ -1214,7 +1356,7 @@ resources:
# Hook for site-specific additional pre-deployment config,
# applying to all nodes, e.g node registration/unregistration
NodeExtraConfig:
- depends_on: ControllerExtraConfigPre
+ depends_on: [ControllerExtraConfigPre, NodeTLSData]
type: OS::TripleO::NodeExtraConfig
properties:
server: {get_resource: Controller}
@@ -1294,5 +1436,13 @@ outputs:
list_join:
- ','
- - {get_attr: [ControllerDeployment, deploy_stdout]}
+ - {get_attr: [NodeTLSCAData, deploy_stdout]}
+ - {get_attr: [NodeTLSData, deploy_stdout]}
- {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
- {get_param: UpdateIdentifier}
+ tls_key_modulus_md5:
+ description: MD5 checksum of the TLS Key Modulus
+ value: {get_attr: [NodeTLSData, key_modulus_md5]}
+ tls_cert_modulus_md5:
+ description: MD5 checksum of the TLS Certificate Modulus
+ value: {get_attr: [NodeTLSData, cert_modulus_md5]}