summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/services/glance-api.yaml151
-rw-r--r--puppet/services/glance-base.yaml110
-rw-r--r--puppet/services/glance-registry.yaml76
-rw-r--r--puppet/services/nova-api.yaml18
4 files changed, 215 insertions, 140 deletions
diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml
index b47d98a7..33abdbf9 100644
--- a/puppet/services/glance-api.yaml
+++ b/puppet/services/glance-api.yaml
@@ -18,32 +18,14 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
- CephClientUserName:
- default: openstack
- type: string
Debug:
default: ''
description: Set to True to enable debugging on all services.
type: string
- GlanceNotifierStrategy:
- description: Strategy to use for Glance notification queue
- type: string
- default: noop
- GlanceLogFile:
- description: The filepath of the file to use for logging messages from Glance.
- type: string
- default: ''
GlancePassword:
description: The password for the glance service and db account, used by the glance services.
type: string
hidden: true
- GlanceBackend:
- default: swift
- description: The short name of the Glance backend to use. Should be one
- of swift, rbd, or file
- type: string
- constraints:
- - allowed_values: ['swift', 'file', 'rbd']
GlanceWorkers:
default: ''
description: |
@@ -55,31 +37,6 @@ parameters:
memory consumption. It is recommended that a suitable non-default value
be selected on such systems.
type: string
- GlanceRbdPoolName:
- default: images
- type: string
- RabbitPassword:
- description: The password for RabbitMQ
- type: string
- hidden: true
- RabbitUserName:
- default: guest
- description: The username for RabbitMQ
- type: string
- RabbitClientPort:
- default: 5672
- description: Set rabbit subscriber port, change this if using SSL
- type: number
- RabbitClientUseSSL:
- default: false
- description: >
- Rabbit client subscriber parameter to specify
- an SSL connection to the RabbitMQ host.
- type: string
- KeystoneRegion:
- type: string
- default: 'regionOne'
- description: Keystone region for endpoint
MonitoringSubscriptionGlanceApi:
default: 'overcloud-glance-api'
type: string
@@ -89,6 +46,14 @@ parameters:
tag: openstack.glance.api
path: /var/log/glance/api.log
+resources:
+ GlanceBase:
+ type: ./glance-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
outputs:
role_data:
description: Role data for the Glance API role.
@@ -99,66 +64,46 @@ outputs:
logging_groups:
- glance
config_settings:
- glance::api::database_connection:
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - '://glance:'
- - {get_param: GlancePassword}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/glance'
- glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
- glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
- glance::api::registry_host:
- str_replace:
- template: "'REGISTRY_HOST'"
- params:
- REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]}
- glance::api::registry_client_protocol: {get_param: [EndpointMap, GlanceRegistryInternal, protocol] }
- glance::api::authtoken::password: {get_param: GlancePassword}
- glance::api::enable_proxy_headers_parsing: true
- glance::api::debug: {get_param: Debug}
- glance::api::workers: {get_param: GlanceWorkers}
- glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
- glance_log_file: {get_param: GlanceLogFile}
- glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] }
- glance::backend::swift::swift_store_user: service:glance
- glance::backend::swift::swift_store_key: {get_param: GlancePassword}
- glance::backend::swift::swift_store_create_container_on_put: true
- glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
- glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
- glance_backend: {get_param: GlanceBackend}
- glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
- glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
- glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
- glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
- glance::notify::rabbitmq::notification_driver: messagingv2
- glance::registry::db::database_db_max_retries: -1
- glance::registry::db::database_max_retries: -1
- tripleo.glance_api.firewall_rules:
- '112 glance_api':
- dport:
- - 9292
- - 13292
- glance::api::authtoken::project_name: 'service'
- glance::api::pipeline: 'keystone'
- glance::api::show_image_direct_url: true
- # NOTE: bind IP is found in Heat replacing the network name with the
- # local node IP for the given network; replacement examples
- # (eg. for internal_api):
- # internal_api -> IP
- # internal_api_uri -> [IP]
- # internal_api_subnet - > IP/CIDR
- glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]}
+ map_merge:
+ - get_attr: [GlanceBase, role_data, config_settings]
+ - glance::api::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://glance:'
+ - {get_param: GlancePassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/glance'
+ glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
+ glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ glance::api::registry_host:
+ str_replace:
+ template: "'REGISTRY_HOST'"
+ params:
+ REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]}
+ glance::api::registry_client_protocol: {get_param: [EndpointMap, GlanceRegistryInternal, protocol] }
+ glance::api::authtoken::password: {get_param: GlancePassword}
+ glance::api::enable_proxy_headers_parsing: true
+ glance::api::debug: {get_param: Debug}
+ glance::api::workers: {get_param: GlanceWorkers}
+ tripleo.glance_api.firewall_rules:
+ '112 glance_api':
+ dport:
+ - 9292
+ - 13292
+ glance::api::authtoken::project_name: 'service'
+ glance::api::pipeline: 'keystone'
+ glance::api::show_image_direct_url: true
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]}
step_config: |
include ::tripleo::profile::base::glance::api
service_config_settings:
- keystone:
- glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
- glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
- glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
- glance::keystone::auth::password: {get_param: GlancePassword }
- glance::keystone::auth::region: {get_param: KeystoneRegion}
- glance::keystone::auth::tenant: 'service'
+ get_attr: [GlanceBase, role_data, service_config_settings]
diff --git a/puppet/services/glance-base.yaml b/puppet/services/glance-base.yaml
new file mode 100644
index 00000000..3294fc0f
--- /dev/null
+++ b/puppet/services/glance-base.yaml
@@ -0,0 +1,110 @@
+heat_template_version: 2016-10-14
+
+description: >
+ OpenStack Glance Common settings with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ CephClientUserName:
+ default: openstack
+ type: string
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ GlanceNotifierStrategy:
+ description: Strategy to use for Glance notification queue
+ type: string
+ default: noop
+ GlanceLogFile:
+ description: The filepath of the file to use for logging messages from Glance.
+ type: string
+ default: ''
+ GlancePassword:
+ description: The password for the glance service and db account, used by the glance services.
+ type: string
+ hidden: true
+ GlanceBackend:
+ default: swift
+ description: The short name of the Glance backend to use. Should be one
+ of swift, rbd, or file
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'file', 'rbd']
+ GlanceRbdPoolName:
+ default: images
+ type: string
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+
+outputs:
+ role_data:
+ description: Role data for the Glance common role.
+ value:
+ service_name: glance_base
+ config_settings:
+ glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
+ glance_log_file: {get_param: GlanceLogFile}
+ glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::backend::swift::swift_store_user: service:glance
+ glance::backend::swift::swift_store_key: {get_param: GlancePassword}
+ glance::backend::swift::swift_store_create_container_on_put: true
+ glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
+ glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
+ glance_backend: {get_param: GlanceBackend}
+ glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
+ glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
+ glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
+ glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ glance::notify::rabbitmq::notification_driver: messagingv2
+ glance::registry::db::database_db_max_retries: -1
+ glance::registry::db::database_max_retries: -1
+ service_config_settings:
+ keystone:
+ glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
+ glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
+ glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
+ glance::keystone::auth::password: {get_param: GlancePassword }
+ glance::keystone::auth::region: {get_param: KeystoneRegion}
+ glance::keystone::auth::tenant: 'service'
+ mysql:
+ glance::db::mysql::password: {get_param: GlancePassword}
+ glance::db::mysql::user: glance
+ glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ glance::db::mysql::dbname: glance
+ glance::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml
index 30df67fe..c45582d4 100644
--- a/puppet/services/glance-registry.yaml
+++ b/puppet/services/glance-registry.yaml
@@ -46,6 +46,14 @@ parameters:
tag: openstack.glance.registry
path: /var/log/glance/registry.log
+resources:
+ GlanceBase:
+ type: ./glance-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
outputs:
role_data:
description: Role data for the Glance Registry role.
@@ -56,43 +64,37 @@ outputs:
logging_groups:
- glance
config_settings:
- glance::registry::database_connection:
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - '://glance:'
- - {get_param: GlancePassword}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/glance'
- glance::registry::authtoken::password: {get_param: GlancePassword}
- glance::registry::authtoken::project_name: 'service'
- glance::registry::pipeline: 'keystone'
- glance::registry::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- glance::registry::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
- glance::registry::debug: {get_param: Debug}
- glance::registry::workers: {get_param: GlanceWorkers}
- glance::registry::db::database_db_max_retries: -1
- glance::registry::db::database_max_retries: -1
- tripleo.glance_registry.firewall_rules:
- '112 glance_registry':
- dport:
- - 9191
- # NOTE: bind IP is found in Heat replacing the network name with the
- # local node IP for the given network; replacement examples
- # (eg. for internal_api):
- # internal_api -> IP
- # internal_api_uri -> [IP]
- # internal_api_subnet - > IP/CIDR
- glance::registry::bind_host: {get_param: [ServiceNetMap, GlanceRegistryNetwork]}
+ map_merge:
+ - get_attr: [GlanceBase, role_data, config_settings]
+
+ - glance::registry::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://glance:'
+ - {get_param: GlancePassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/glance'
+ glance::registry::authtoken::password: {get_param: GlancePassword}
+ glance::registry::authtoken::project_name: 'service'
+ glance::registry::pipeline: 'keystone'
+ glance::registry::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::registry::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ glance::registry::debug: {get_param: Debug}
+ glance::registry::workers: {get_param: GlanceWorkers}
+ tripleo.glance_registry.firewall_rules:
+ '112 glance_registry':
+ dport:
+ - 9191
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ glance::registry::bind_host: {get_param: [ServiceNetMap, GlanceRegistryNetwork]}
step_config: |
include ::tripleo::profile::base::glance::registry
service_config_settings:
- mysql:
- glance::db::mysql::password: {get_param: GlancePassword}
- glance::db::mysql::user: glance
- glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- glance::db::mysql::dbname: glance
- glance::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
+ get_attr: [GlanceBase, role_data, config_settings]
diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml
index b2ec0038..51488491 100644
--- a/puppet/services/nova-api.yaml
+++ b/puppet/services/nova-api.yaml
@@ -53,6 +53,13 @@ parameters:
path: /var/log/nova/nova-api.log
resources:
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
NovaBase:
type: ./nova-base.yaml
properties:
@@ -72,6 +79,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
- nova::api::osapi_compute_workers: {get_param: NovaWorkers}
nova::api::metadata_workers: {get_param: NovaWorkers}
nova::cron::archive_deleted_rows::hour: '"*/12"'
@@ -100,6 +108,16 @@ outputs:
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
nova::api::api_bind_address: {get_param: [ServiceNetMap, NovaApiNetwork]}
+ nova::wsgi::apache::ssl: false
+ nova::wsgi::apache::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
+ nova::wsgi::apache::servername:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+ nova::wsgi::apache::workers: {get_param: NovaWorkers}
+ nova::wsgi::apache::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
nova::api::instance_name_template: {get_param: InstanceNameTemplate}