summaryrefslogtreecommitdiffstats
path: root/puppet/role.role.j2.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/role.role.j2.yaml')
-rw-r--r--puppet/role.role.j2.yaml115
1 files changed, 112 insertions, 3 deletions
diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml
index 8617307b..18707b9a 100644
--- a/puppet/role.role.j2.yaml
+++ b/puppet/role.role.j2.yaml
@@ -1,3 +1,9 @@
+{# ## Some variables are set to enable rendering backwards compatible templates #}
+{# ## where a few parameter/resource names don't match the expected pattern #}
+{# ## FIXME: we need some way to deprecate the old inconsistent parameters #}
+{%- if role.name == 'Controller' -%}
+ {%- set deprecated_extraconfig_param = 'controllerExtraConfig' -%}
+{% endif %}
heat_template_version: pike
description: 'OpenStack {{role.name}} node configured by Puppet'
parameters:
@@ -70,6 +76,13 @@ parameters:
description: |
Role specific additional hiera configuration to inject into the cluster.
type: json
+{%- if deprecated_extraconfig_param is defined %}
+ {{deprecated_extraconfig_param}}:
+ default: {}
+ description: |
+ DEPRECATED use {{role.name}}ExtraConfig instead
+ type: json
+{%- endif %}
{{role.name}}IPs:
default: {}
type: json
@@ -189,6 +202,14 @@ parameters:
object: 0
default: {}
+{% if deprecated_extraconfig_param is defined %}
+parameter_groups:
+- label: deprecated
+ description: Do not use deprecated params, they will be removed.
+ parameters:
+ - {{deprecated_extraconfig_param}}
+{%- endif %}
+
conditions:
server_not_blacklisted:
not:
@@ -386,6 +407,7 @@ resources:
server: {get_resource: {{role.name}}}
RoleParameters: {get_param: RoleParameters}
ServiceNames: {get_param: ServiceNames}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
@@ -473,7 +495,12 @@ resources:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
- {{role.name.lower()}}_extraconfig: {get_param: {{role.name}}ExtraConfig}
+ {{role.name.lower()}}_extraconfig:
+ map_merge:
+{%- if deprecated_extraconfig_param is defined %}
+ - {get_param: {{deprecated_extraconfig_param}}}
+{%- endif %}
+ - {get_param: {{role.name}}ExtraConfig}
extraconfig: {get_param: ExtraConfig}
{{role.name.lower()}}:
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
@@ -486,26 +513,51 @@ resources:
fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
+ {%- if 'primary' in role.tags and 'controller' in role.tags %}
+ tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
+ {%- endif -%}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
- depends_on: {{role.name}}Deployment
+ depends_on: NetworkDeployment
type: OS::TripleO::NodeTLSCAData
properties:
server: {get_resource: {{role.name}}}
+ {%- if 'primary' in role.tags and 'controller' in role.tags %}
+ # Resource for site-specific passing of private keys/certificates
+ NodeTLSData:
+ depends_on: NodeTLSCAData
+ type: OS::TripleO::NodeTLSData
+ properties:
+ server: {get_resource: {{role.name}}}
+ NodeIndex: {get_param: NodeIndex}
+ {%- endif -%}
+
# Hook for site-specific additional pre-deployment config, e.g extra hieradata
{{role.name}}ExtraConfigPre:
depends_on: {{role.name}}Deployment
type: OS::TripleO::{{role.name}}ExtraConfigPre
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: {{role.name}}}
# Hook for site-specific additional pre-deployment config,
# applying to all nodes, e.g node registration/unregistration
NodeExtraConfig:
- depends_on: [{{role.name}}ExtraConfigPre, NodeTLSCAData]
+ depends_on:
+ - {{role.name}}ExtraConfigPre
+ {%- if 'primary' in role.tags and 'controller' in role.tags %}
+ - NodeTLSData
+ {%- else %}
+ - NodeTLSCAData
+ {%- endif %}
type: OS::TripleO::NodeExtraConfig
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: {{role.name}}}
@@ -528,11 +580,21 @@ resources:
- ['CREATE', 'UPDATE']
- []
+ DeploymentActions:
+ type: OS::Heat::Value
+ properties:
+ value:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
+
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: {{role.name}}Deployment
properties:
server: {get_resource: {{role.name}}}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
@@ -592,6 +654,53 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
value:
{get_resource: {{role.name}}}
condition: server_not_blacklisted
+ deployed_server_port_map:
+ description: |
+ Map of Heat created hostname of the server to ip address. This is the
+ hostname before it has been mapped with the HostnameMap parameter, and
+ the IP address from the ctlplane network. This map can be used to construct
+ the DeployedServerPortMap parameter when using split-stack.
+ value:
+ map_replace:
+ - hostname:
+ fixed_ips:
+ - ip_address: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ - keys:
+ hostname:
+ list_join:
+ - '-'
+ - - {get_param: Hostname}
+ - ctlplane
+ deployed_server_deployment_swift_data_map:
+ description:
+ Map of Heat created hostname of the server to the Swift container and object
+ used to created the temporary url for metadata polling with
+ os-collect-config.
+ value:
+ map_replace:
+ - hostname:
+ container:
+ str_split:
+ - '/'
+ - {get_attr: [{{role.name}}, os_collect_config, request, metadata_url]}
+ - 5
+ object:
+ str_split:
+ - '?'
+ - str_split:
+ - '/'
+ - {get_attr: [{{role.name}}, os_collect_config, request, metadata_url]}
+ - 6
+ - 0
+ - keys: {hostname: {get_param: Hostname}}
+ {%- if 'primary' in role.tags and 'controller' in role.tags %}
+ tls_key_modulus_md5:
+ description: MD5 checksum of the TLS Key Modulus
+ value: {get_attr: [NodeTLSData, key_modulus_md5]}
+ tls_cert_modulus_md5:
+ description: MD5 checksum of the TLS Certificate Modulus
+ value: {get_attr: [NodeTLSData, cert_modulus_md5]}
+ {%- endif %}
os_collect_config:
description: The os-collect-config configuration associated with this server resource
value: {get_attr: [{{role.name}}, os_collect_config]}