aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/controller.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/controller.yaml')
-rw-r--r--puppet/controller.yaml458
1 files changed, 133 insertions, 325 deletions
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 009199d4..2c1c18a3 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -106,6 +106,10 @@ parameters:
default: true
description: Whether to use Galera instead of regular MariaDB.
type: boolean
+ EnableLoadBalancer:
+ default: true
+ description: Whether to deploy a LoadBalancer on the Controller
+ type: boolean
EnableCephStorage:
default: false
description: Whether to deploy Ceph Storage (OSD) on the Controller
@@ -170,14 +174,6 @@ parameters:
description: The password for the glance service and db account, used by the glance services.
type: string
hidden: true
- GlancePort:
- default: "9292"
- description: Glance port.
- type: string
- GlanceProtocol:
- default: http
- description: Protocol to use when connecting to glance, set to https for SSL.
- type: string
GlanceBackend:
default: swift
description: The short name of the Glance backend to use. Should be one
@@ -286,6 +282,14 @@ parameters:
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ ManageFirewall:
+ default: false
+ description: Whether to manage IPtables rules.
+ type: boolean
+ PurgeFirewallRules:
+ default: false
+ description: Whether IPtables rules should be purged before setting up the new ones.
+ type: boolean
MysqlClusterUniquePart:
description: A unique identifier of the MySQL cluster the controller is in.
type: string
@@ -326,6 +330,22 @@ parameters:
default: 'dhcp-option-force=26,1400'
description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
type: string
+ NeutronEnableDHCPAgent:
+ description: Knob to enable/disable DHCP Agent
+ type: boolean
+ default: true
+ NeutronEnableL3Agent:
+ description: Knob to enable/disable L3 agent
+ type: boolean
+ default: true
+ NeutronEnableMetadataAgent:
+ description: Knob to enable/disable Metadata agent
+ type: boolean
+ default: true
+ NeutronEnableOVSAgent:
+ description: Knob to enable/disable OVS Agent
+ type: boolean
+ default: true
NeutronAgentMode:
default: 'dvr_snat'
description: Agent mode for the neutron-l3-agent on the controller hosts
@@ -374,9 +394,18 @@ parameters:
default: 'True'
description: Allow automatic l3-agent failover
type: string
+ NeutronEnableIsolatedMetadata:
+ default: 'False'
+ description: If True, DHCP provide metadata route to VM.
+ type: string
NeutronEnableTunnelling:
type: string
default: "True"
+ NeutronEnableL2Pop:
+ type: string
+ description: >
+ Enable/disable the L2 population feature in the Neutron agents.
+ default: "False"
NeutronFlatNetworks:
type: string
default: 'datacentre'
@@ -458,8 +487,9 @@ parameters:
description: Should MongoDb journaling be disabled
type: boolean
NtpServer:
- type: string
default: ''
+ description: Comma-separated list of ntp servers
+ type: comma_delimited_list
PcsdPassword:
type: string
description: The password for the 'pcsd' user.
@@ -512,20 +542,6 @@ parameters:
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
type: string
hidden: true
- SSLCACertificate:
- default: ''
- description: If set, the contents of an SSL certificate authority file.
- type: string
- SSLCertificate:
- default: ''
- description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
- type: string
- hidden: true
- SSLKey:
- default: ''
- description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
- type: string
- hidden: true
SwiftHashSuffix:
default: unset
description: A random string to be used as a salt when hashing to determine mappings
@@ -590,6 +606,11 @@ parameters:
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry.
type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
UpdateIdentifier:
default: ''
type: string
@@ -599,6 +620,20 @@ parameters:
Hostname:
type: string
default: '' # Defaults to Heat created hostname
+ NetworkDeploymentActions:
+ type: comma_delimited_list
+ description: >
+ Heat action when to apply network configuration changes
+ default: ['CREATE']
+ NodeIndex:
+ type: number
+ default: 0
+ CloudDomain:
+ default: ''
+ type: string
+ description: >
+ The DNS domain used for the hosts. This should match the dhcp_domain
+ configured in the Undercloud neutron. Defaults to localdomain.
resources:
@@ -695,10 +730,26 @@ resources:
properties:
config: {get_resource: NetworkConfig}
server: {get_resource: Controller}
+ actions: {get_param: NetworkDeploymentActions}
input_values:
bridge_name: br-ex
interface_name: {get_param: NeutronPublicInterface}
+ # Resource for site-specific injection of root certificate
+ NodeTLSCAData:
+ depends_on: NetworkDeployment
+ type: OS::TripleO::NodeTLSCAData
+ properties:
+ server: {get_resource: Controller}
+
+ # Resource for site-specific passing of private keys/certificates
+ NodeTLSData:
+ depends_on: NodeTLSCAData
+ type: OS::TripleO::NodeTLSData
+ properties:
+ server: {get_resource: Controller}
+ NodeIndex: {get_param: NodeIndex}
+
ControllerDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: NetworkDeployment
@@ -708,6 +759,8 @@ resources:
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
+ neutron_enable_l2pop: {get_param: NeutronEnableL2Pop}
+ neutron_enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
haproxy_log_address: {get_param: HAProxySyslogAddress}
heat.watch_server_url:
list_join:
@@ -727,24 +780,6 @@ resources:
- - 'http://'
- {get_param: HeatApiVirtualIP}
- ':8000/v1/waitcondition'
- heat_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8004/v1/%(tenant_id)s'
- heat_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: HeatApiVirtualIP}
- - ':8004/v1/%(tenant_id)s'
- heat_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: HeatApiVirtualIP}
- - ':8004/v1/%(tenant_id)s'
heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
horizon_secret: {get_param: HorizonSecret}
@@ -777,43 +812,7 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/cinder'
- cinder_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8776/v1/%(tenant_id)s'
- cinder_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: CinderApiVirtualIP}
- - ':8776/v1/%(tenant_id)s'
- cinder_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: CinderApiVirtualIP}
- - ':8776/v1/%(tenant_id)s'
- cinder_public_url_v2:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8776/v2/%(tenant_id)s'
- cinder_internal_url_v2:
- list_join:
- - ''
- - - 'http://'
- - {get_param: CinderApiVirtualIP}
- - ':8776/v2/%(tenant_id)s'
- cinder_admin_url_v2:
- list_join:
- - ''
- - - 'http://'
- - {get_param: CinderApiVirtualIP}
- - ':8776/v2/%(tenant_id)s'
- glance_port: {get_param: GlancePort}
+ glance_port: {get_param: [EndpointMap, GlanceInternal, port]}
glance_password: {get_param: GlancePassword}
glance_backend: {get_param: GlanceBackend}
glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice}
@@ -840,7 +839,6 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/heat'
- keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]}
keystone_ca_certificate: {get_param: KeystoneCACertificate}
keystone_signing_key: {get_param: KeystoneSigningKey}
keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
@@ -856,40 +854,18 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/keystone'
- keystone_identity_uri:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystoneAdminApiVirtualIP}
- - ':35357'
- keystone_auth_uri:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystonePublicApiVirtualIP}
- - ':5000/v2.0/'
- keystone_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':5000'
- keystone_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystonePublicApiVirtualIP}
- - ':5000'
- keystone_ec2_uri:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystonePublicApiVirtualIP}
- - ':5000/v2.0/ec2tokens'
+ keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ keystone_public_url: { get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
+ keystone_internal_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
+ keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
enable_fencing: {get_param: EnableFencing}
enable_galera: {get_param: EnableGalera}
+ enable_load_balancer: {get_param: EnableLoadBalancer}
enable_ceph_storage: {get_param: EnableCephStorage}
enable_swift_storage: {get_param: EnableSwiftStorage}
+ manage_firewall: {get_param: ManageFirewall}
+ purge_firewall_rules: {get_param: PurgeFirewallRules}
mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
mysql_max_connections: {get_param: MysqlMaxConnections}
mysql_root_password: {get_param: MysqlRootPassword}
@@ -919,6 +895,10 @@ resources:
list_join:
- "','"
- {get_param: NeutronTypeDrivers}
+ neutron_enable_dhcp_agent: {get_param: NeutronEnableDHCPAgent}
+ neutron_enable_l3_agent: {get_param: NeutronEnableL3Agent}
+ neutron_enable_metadata_agent: {get_param: NeutronEnableMetadataAgent}
+ neutron_enable_ovs_agent: {get_param: NeutronEnableOVSAgent}
neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
neutron_l3_ha: {get_param: NeutronL3HA}
@@ -965,30 +945,11 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/ovs_neutron?charset=utf8'
- neutron_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NeutronApiVirtualIP}
- - ':9696'
- neutron_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':9696'
- neutron_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NeutronApiVirtualIP}
- - ':9696'
- neutron_admin_auth_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystoneAdminApiVirtualIP}
- - ':35357/v2.0'
+ neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
+ neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] }
+ neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
+ neutron_admin_auth_url: { get_param: [ EndpointMap, KeystoneAdmin, uri ] }
+ nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
ceilometer_backend: {get_param: CeilometerBackend}
ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
ceilometer_password: {get_param: CeilometerPassword}
@@ -1006,24 +967,6 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/ceilometer'
- ceilometer_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8777'
- ceilometer_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: CeilometerApiVirtualIP}
- - ':8777'
- ceilometer_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: CeilometerApiVirtualIP}
- - ':8777'
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
nova_password: {get_param: NovaPassword}
@@ -1035,60 +978,6 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/nova'
- nova_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8774/v2/%(tenant_id)s'
- nova_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NovaApiVirtualIP}
- - ':8774/v2/%(tenant_id)s'
- nova_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NovaApiVirtualIP}
- - ':8774/v2/%(tenant_id)s'
- nova_v3_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8774/v3'
- nova_v3_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NovaApiVirtualIP}
- - ':8774/v3'
- nova_v3_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NovaApiVirtualIP}
- - ':8774/v3'
- nova_ec2_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8773/services/Cloud'
- nova_ec2_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NovaApiVirtualIP}
- - ':8773/services/Cloud'
- nova_ec2_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NovaApiVirtualIP}
- - ':8773/services/Admin'
fencing_config: {get_param: FencingConfig}
pcsd_password: {get_param: PcsdPassword}
rabbit_username: {get_param: RabbitUserName}
@@ -1105,11 +994,7 @@ resources:
template: "'LIMIT'"
params:
LIMIT: {get_param: RabbitFDLimit}
- ntp_servers:
- str_replace:
- template: '["server"]'
- params:
- server: {get_param: NtpServer}
+ ntp_servers: {get_param: NtpServer}
control_virtual_interface: {get_param: ControlVirtualInterface}
public_virtual_interface: {get_param: PublicVirtualInterface}
swift_hash_suffix: {get_param: SwiftHashSuffix}
@@ -1118,42 +1003,6 @@ resources:
swift_replicas: {get_param: SwiftReplicas}
swift_min_part_hours: {get_param: SwiftMinPartHours}
swift_mount_check: {get_param: SwiftMountCheck}
- swift_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8080/v1/AUTH_%(tenant_id)s'
- swift_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: SwiftProxyVirtualIP}
- - ':8080/v1/AUTH_%(tenant_id)s'
- swift_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: SwiftProxyVirtualIP}
- - ':8080'
- swift_public_url_s3:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8080'
- swift_internal_url_s3:
- list_join:
- - ''
- - - 'http://'
- - {get_param: SwiftProxyVirtualIP}
- - ':8080'
- swift_admin_url_s3:
- list_join:
- - ''
- - - 'http://'
- - {get_param: SwiftProxyVirtualIP}
- - ':8080'
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
@@ -1162,39 +1011,8 @@ resources:
cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
- glance_api_servers:
- list_join:
- - ''
- - - {get_param: GlanceProtocol}
- - '://'
- - {get_param: GlanceApiVirtualIP}
- - ':'
- - {get_param: GlancePort}
+ glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
glance_registry_host: {get_param: GlanceRegistryVirtualIP}
- glance_public_url:
- list_join:
- - ''
- - - {get_param: GlanceProtocol}
- - '://'
- - {get_param: PublicVirtualIP}
- - ':'
- - {get_param: GlancePort}
- glance_internal_url:
- list_join:
- - ''
- - - {get_param: GlanceProtocol}
- - '://'
- - {get_param: GlanceApiVirtualIP}
- - ':'
- - {get_param: GlancePort}
- glance_admin_url:
- list_join:
- - ''
- - - {get_param: GlanceProtocol}
- - '://'
- - {get_param: GlanceApiVirtualIP}
- - ':'
- - {get_param: GlancePort}
heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
@@ -1243,6 +1061,7 @@ resources:
- neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
- neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
- cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
+ - neutron_nuage_data # Optionally provided by ControllerExtraConfigPre
datafiles:
controller_extraconfig:
mapped_data: {get_param: ControllerExtraConfig}
@@ -1267,6 +1086,7 @@ resources:
# Pacemaker
enable_fencing: {get_input: enable_fencing}
+ enable_load_balancer: {get_input: enable_load_balancer}
hacluster_pwd: {get_input: pcsd_password}
tripleo::fencing::config: {get_input: fencing_config}
@@ -1281,14 +1101,6 @@ resources:
tripleo::ringbuilder::replicas: {get_input: swift_replicas}
tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
swift_mount_check: {get_input: swift_mount_check}
- swift::keystone::auth::public_url: {get_input: swift_public_url }
- swift::keystone::auth::internal_url: {get_input: swift_internal_url }
- swift::keystone::auth::admin_url: {get_input: swift_admin_url }
- swift::keystone::auth::public_url_s3: {get_input: swift_public_url_v3 }
- swift::keystone::auth::internal_url_s3: {get_input: swift_internal_url_v3 }
- swift::keystone::auth::admin_url_s3: {get_input: swift_admin_url_v3 }
- swift::keystone::auth::password: {get_input: swift_password }
- swift::keystone::auth::region: {get_input: keystone_region}
# NOTE(dprince): build_ring support is currently not wired in.
# See: https://review.openstack.org/#/c/109225/
@@ -1316,14 +1128,6 @@ resources:
cinder::glance::glance_api_servers: {get_input: glance_api_servers}
cinder_backend_config: {get_input: CinderBackendConfig}
cinder::db::mysql::password: {get_input: cinder_password}
- cinder::keystone::auth::public_url: {get_input: cinder_public_url }
- cinder::keystone::auth::internal_url: {get_input: cinder_internal_url }
- cinder::keystone::auth::admin_url: {get_input: cinder_admin_url }
- cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 }
- cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 }
- cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 }
- cinder::keystone::auth::password: {get_input: cinder_password }
- cinder::keystone::auth::region: {get_input: keystone_region}
# Glance
glance::api::bind_port: {get_input: glance_port}
@@ -1343,16 +1147,11 @@ resources:
glance::registry::auth_uri: {get_input: keystone_auth_uri}
glance::registry::identity_uri: {get_input: keystone_identity_uri}
glance::registry::debug: {get_input: debug}
- glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address}
+ glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_uri}
glance::backend::swift::swift_store_user: service:glance
glance::backend::swift::swift_store_key: {get_input: glance_password}
glance_backend: {get_input: glance_backend}
glance::db::mysql::password: {get_input: glance_password}
- glance::keystone::auth::public_url: {get_input: glance_public_url }
- glance::keystone::auth::internal_url: {get_input: glance_internal_url }
- glance::keystone::auth::admin_url: {get_input: glance_admin_url }
- glance::keystone::auth::password: {get_input: glance_password }
- glance::keystone::auth::region: {get_input: keystone_region}
glance_file_pcmk_device: {get_input: glance_file_pcmk_device}
glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype}
glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage}
@@ -1378,11 +1177,6 @@ resources:
heat::database_connection: {get_input: heat_dsn}
heat::debug: {get_input: debug}
heat::db::mysql::password: {get_input: heat_password}
- heat::keystone::auth::public_url: {get_input: heat_public_url }
- heat::keystone::auth::internal_url: {get_input: heat_internal_url }
- heat::keystone::auth::admin_url: {get_input: heat_admin_url }
- heat::keystone::auth::password: {get_input: heat_password }
- heat::keystone::auth::region: {get_input: keystone_region}
# Keystone
keystone::admin_token: {get_input: admin_token}
@@ -1426,7 +1220,7 @@ resources:
# Neutron
neutron::bind_host: {get_input: neutron_api_network}
neutron::rabbit_password: {get_input: rabbit_password}
- neutron::rabbit_user: {get_input: rabbit_user}
+ neutron::rabbit_user: {get_input: rabbit_username}
neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
neutron::rabbit_port: {get_input: rabbit_client_port}
neutron::debug: {get_input: debug}
@@ -1435,6 +1229,8 @@ resources:
neutron::server::database_connection: {get_input: neutron_dsn}
neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
+ neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop}
+ neutron::agents::dhcp::enable_isolated_metadata: {get_input: neutron_enable_isolated_metadata}
neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
neutron_flat_networks: {get_input: neutron_flat_networks}
neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
@@ -1443,6 +1239,10 @@ resources:
neutron_router_distributed: {get_input: neutron_router_distributed}
neutron::core_plugin: {get_input: neutron_core_plugin}
neutron::service_plugins: {get_input: neutron_service_plugins}
+ neutron::enable_dhcp_agent: {get_input: neutron_enable_dhcp_agent}
+ neutron::enable_l3_agent: {get_input: neutron_enable_l3_agent}
+ neutron::enable_metadata_agent: {get_input: neutron_enable_metadata_agent}
+ neutron::enable_ovs_agent: {get_input: neutron_enable_ovs_agent}
neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers}
neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
@@ -1469,6 +1269,10 @@ resources:
neutron::keystone::auth::admin_url: {get_input: neutron_admin_url }
neutron::keystone::auth::password: {get_input: neutron_password }
neutron::keystone::auth::region: {get_input: keystone_region}
+ neutron::server::notifications::nova_url: {get_input: nova_internal_url}
+ neutron::server::notifications::auth_url: {get_input: neutron_admin_auth_url}
+ neutron::server::notifications::tenant_name: 'service'
+ neutron::server::notifications::password: {get_input: nova_password}
# Ceilometer
ceilometer_backend: {get_input: ceilometer_backend}
@@ -1484,14 +1288,9 @@ resources:
ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
- ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address}
+ ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri}
ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
ceilometer::db::mysql::password: {get_input: ceilometer_password}
- ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url }
- ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url }
- ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url }
- ceilometer::keystone::auth::password: {get_input: ceilometer_password }
- ceilometer::keystone::auth::region: {get_input: keystone_region}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
@@ -1514,17 +1313,6 @@ resources:
nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
nova::vncproxy::host: {get_input: nova_api_network}
nova::db::mysql::password: {get_input: nova_password}
- nova::keystone::auth::public_url: {get_input: nova_public_url}
- nova::keystone::auth::internal_url: {get_input: nova_internal_url}
- nova::keystone::auth::admin_url: {get_input: nova_admin_url}
- nova::keystone::auth::public_url_v3: {get_input: nova_v3_public_url}
- nova::keystone::auth::internal_url_v3: {get_input: nova_v3_internal_url}
- nova::keystone::auth::admin_url_v3: {get_input: nova_v3_admin_url}
- nova::keystone::auth::ec2_public_url: {get_input: nova_ec2_public_url}
- nova::keystone::auth::ec2_internal_url: {get_input: nova_ec2_internal_url}
- nova::keystone::auth::ec2_admin_url: {get_input: nova_ec2_admin_url}
- nova::keystone::auth::password: {get_input: nova_password }
- nova::keystone::auth::region: {get_input: keystone_region}
# Horizon
apache::ip: {get_input: horizon_network}
@@ -1538,9 +1326,14 @@ resources:
rabbitmq::node_ip_address: {get_input: rabbitmq_network}
rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
rabbitmq::file_limit: {get_input: rabbit_fd_limit}
+ rabbitmq::default_user: {get_input: rabbit_username}
+ rabbitmq::default_pass: {get_input: rabbit_password}
# Redis
redis::bind: {get_input: redis_network}
redis_vip: {get_input: redis_vip}
+ # Firewall
+ tripleo::firewall::manage_firewall: {get_input: manage_firewall}
+ tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
# Misc
memcached::listen_ip: {get_input: memcached_network}
neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
@@ -1550,6 +1343,12 @@ resources:
tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address}
+ # NOTE(jaosorior): The service certificate configuration for
+ # HAProxy was left commented because to properly use this, we
+ # need to be able to set up the keystone endpoints. And
+ # currently that is not possible, but is being addressed by
+ # other commits. A subsequent commit will uncomment this.
+ #tripleo::loadbalancer::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
tripleo::packages::enable_install: {get_input: enable_package_install}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
@@ -1563,7 +1362,7 @@ resources:
# Hook for site-specific additional pre-deployment config,
# applying to all nodes, e.g node registration/unregistration
NodeExtraConfig:
- depends_on: ControllerExtraConfigPre
+ depends_on: [ControllerExtraConfigPre, NodeTLSData]
type: OS::TripleO::NodeExtraConfig
properties:
server: {get_resource: Controller}
@@ -1614,9 +1413,10 @@ outputs:
Server's IP address and hostname in the /etc/hosts format
value:
str_replace:
- template: IP HOST.localdomain HOST CLOUDNAME
+ template: IP HOST.DOMAIN HOST CLOUDNAME
params:
IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
+ DOMAIN: {get_param: CloudDomain}
HOST: {get_attr: [Controller, name]}
CLOUDNAME: {get_param: CloudName}
nova_server_resource:
@@ -1643,5 +1443,13 @@ outputs:
list_join:
- ','
- - {get_attr: [ControllerDeployment, deploy_stdout]}
+ - {get_attr: [NodeTLSCAData, deploy_stdout]}
+ - {get_attr: [NodeTLSData, deploy_stdout]}
- {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
- {get_param: UpdateIdentifier}
+ tls_key_modulus_md5:
+ description: MD5 checksum of the TLS Key Modulus
+ value: {get_attr: [NodeTLSData, key_modulus_md5]}
+ tls_cert_modulus_md5:
+ description: MD5 checksum of the TLS Certificate Modulus
+ value: {get_attr: [NodeTLSData, cert_modulus_md5]}