summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/services/ceilometer-base.yaml2
-rw-r--r--puppet/services/etcd.yaml77
-rw-r--r--puppet/services/ironic-conductor.yaml8
3 files changed, 65 insertions, 22 deletions
diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml
index e1613720..d524e612 100644
--- a/puppet/services/ceilometer-base.yaml
+++ b/puppet/services/ceilometer-base.yaml
@@ -88,7 +88,6 @@ outputs:
value:
service_name: ceilometer_base
config_settings:
- ceilometer_auth_enabled: true
ceilometer::debug: {get_param: Debug}
ceilometer::db::database_connection:
list_join:
@@ -133,6 +132,7 @@ outputs:
ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret}
service_config_settings:
keystone:
+ ceilometer_auth_enabled: true
ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
diff --git a/puppet/services/etcd.yaml b/puppet/services/etcd.yaml
index 5db8bec0..ec682531 100644
--- a/puppet/services/etcd.yaml
+++ b/puppet/services/etcd.yaml
@@ -25,6 +25,13 @@ parameters:
MonitoringSubscriptionEtcd:
default: 'overcloud-etcd'
type: string
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
outputs:
role_data:
@@ -33,27 +40,47 @@ outputs:
service_name: etcd
monitoring_subscription: {get_param: MonitoringSubscriptionEtcd}
config_settings:
- etcd::etcd_name:
- str_replace:
- template:
- "%{hiera('fqdn_$NETWORK')}"
- params:
- $NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
- # NOTE: bind IP is found in Heat replacing the network name with the local node IP
- # for the given network; replacement examples (eg. for internal_api):
- # internal_api -> IP
- # internal_api_uri -> [IP]
- # internal_api_subnet - > IP/CIDR
- tripleo::profile::base::etcd::bind_ip: {get_param: [ServiceNetMap, EtcdNetwork]}
- tripleo::profile::base::etcd::client_port: '2379'
- tripleo::profile::base::etcd::peer_port: '2380'
- etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken}
- etcd::manage_package: false
- tripleo.etcd.firewall_rules:
- '141 etcd':
- dport:
- - 2379
- - 2380
+ map_merge:
+ -
+ etcd::etcd_name:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ tripleo::profile::base::etcd::bind_ip: {get_param: [ServiceNetMap, EtcdNetwork]}
+ tripleo::profile::base::etcd::client_port: '2379'
+ tripleo::profile::base::etcd::peer_port: '2380'
+ etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken}
+ etcd::manage_package: false
+ tripleo.etcd.firewall_rules:
+ '141 etcd':
+ dport:
+ - 2379
+ - 2380
+ -
+ if:
+ - internal_tls_enabled
+ - generate_service_certificates: true
+ tripleo::profile::base::etcd::certificate_specs:
+ service_certificate: '/etc/pki/tls/certs/etcd.crt'
+ service_key: '/etc/pki/tls/private/etcd.key'
+ hostname:
+ str_replace:
+ template: "%{hiera('fqdn_NETWORK')}"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
+ principal:
+ str_replace:
+ template: "etcd/%{hiera('fqdn_NETWORK')}"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
+ - {}
step_config: |
include ::tripleo::profile::base::etcd
upgrade_tasks:
@@ -71,3 +98,11 @@ outputs:
- name: Stop etcd service
tags: step2
service: name=etcd state=stopped
+ metadata_settings:
+ if:
+ - internal_tls_enabled
+ -
+ - service: etcd
+ network: {get_param: [ServiceNetMap, EtcdNetwork]}
+ type: node
+ - null
diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml
index 666967b9..83e2b850 100644
--- a/puppet/services/ironic-conductor.yaml
+++ b/puppet/services/ironic-conductor.yaml
@@ -32,6 +32,13 @@ parameters:
created yet) and should be changed to an actual UUID in
a post-deployment stack update.
type: string
+ IronicDefaultBootOption:
+ default: 'local'
+ description: How to boot the bare metal instances. Set to 'local' (the
+ default) to use local bootloader (requires grub2 for partition
+ images). Set to 'netboot' to make the instances boot from
+ controllers using PXE/iPXE.
+ type: string
IronicDefaultNetworkInterface:
default: 'flat'
description: Network interface implementation to use by default.
@@ -95,6 +102,7 @@ outputs:
ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase}
ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork}
ironic::conductor::provisioning_network: {get_param: IronicProvisioningNetwork}
+ ironic::conductor::default_boot_option: {get_param: IronicDefaultBootOption}
ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers}
ironic::conductor::enabled_hardware_types: {get_param: IronicEnabledHardwareTypes}
# We need an endpoint containing a real IP, not a VIP here