From 995ad9c32b86a8b04f0390265d82d8aa2bc066e7 Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Wed, 11 Nov 2015 15:32:47 +0000 Subject: Pass parameters to manage endpoints via puppet This commit passes the necessary hieradata in order to create the endpoints, users and roles of the services in keystone via puppet. Change-Id: I2470dfa4661be7ba8218f6035fffa05f547214f0 --- puppet/controller.yaml | 84 ++++++++++++++++++++++++++++++++++++++++ puppet/hieradata/controller.yaml | 15 +++++++ puppet/services/glance-api.yaml | 4 ++ 3 files changed, 103 insertions(+) diff --git a/puppet/controller.yaml b/puppet/controller.yaml index bf196d24..a08ed1bb 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -908,6 +908,9 @@ resources: - - 'http://' - {get_param: HeatApiVirtualIPUri} - ':8000/v1/waitcondition' + heat_public_url: {get_param: [EndpointMap, HeatPublic, uri]} + heat_internal_url: {get_param: [EndpointMap, HeatInternal, uri]} + heat_admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} heat_enable_db_purge: {get_param: HeatEnableDBPurge} horizon_allowed_hosts: {get_param: HorizonAllowedHosts} @@ -937,6 +940,12 @@ resources: - '@' - {get_param: MysqlVirtualIPUri} - '/cinder' + cinder_public_url: {get_param: [EndpointMap, CinderPublic, uri]} + cinder_internal_url: {get_param: [EndpointMap, CinderInternal, uri]} + cinder_admin_url: {get_param: [EndpointMap, CinderAdmin, uri]} + cinder_public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]} + cinder_internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]} + cinder_admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]} heat_password: {get_param: HeatPassword} heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} heat_dsn: @@ -1062,6 +1071,9 @@ resources: ceilometer_password: {get_param: CeilometerPassword} ceilometer_store_events: {get_param: CeilometerStoreEvents} aodh_password: {get_param: AodhPassword} + aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] } + aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] } + aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] } ceilometer_meter_dispatcher: {get_param: CeilometerMeterDispatcher} gnocchi_password: {get_param: GnocchiPassword} gnocchi_backend: {get_param: GnocchiBackend} @@ -1091,6 +1103,11 @@ resources: - {get_param: MysqlVirtualIPUri} - '/gnocchi' gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} + gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } + gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } + ceilometer_public_url: {get_param: [EndpointMap, CeilometerPublic, uri]} + ceilometer_internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]} + ceilometer_admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]} snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} nova_enable_db_purge: {get_param: NovaEnableDBPurge} @@ -1116,6 +1133,12 @@ resources: - '/nova_api' upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute} instance_name_template: {get_param: InstanceNameTemplate} + nova_public_url: {get_param: [EndpointMap, NovaPublic, uri]} + nova_internal_url: {get_param: [EndpointMap, NovaInternal, uri]} + nova_admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} + nova_ec2_public_url: {get_param: [EndpointMap, NovaEC2Public, uri]} + nova_ec2_internal_url: {get_param: [EndpointMap, NovaEC2Internal, uri]} + nova_ec2_admin_url: {get_param: [EndpointMap, NovaEC2Admin, uri]} fencing_config: {get_param: FencingConfig} pcsd_password: {get_param: PcsdPassword} rabbit_username: {get_param: RabbitUserName} @@ -1138,9 +1161,18 @@ resources: swift_replicas: {get_param: SwiftReplicas} swift_min_part_hours: {get_param: SwiftMinPartHours} swift_mount_check: {get_param: SwiftMountCheck} + swift_public_url: {get_param: [EndpointMap, SwiftPublic, uri]} + swift_internal_url: {get_param: [EndpointMap, SwiftInternal, uri]} + swift_admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]} + swift_public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]} + swift_internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]} + swift_admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} sahara_password: {get_param: SaharaPassword} + sahara_public_url: {get_param: [EndpointMap, SaharaPublic, uri]} + sahara_internal_url: {get_param: [EndpointMap, SaharaInternal, uri]} + sahara_admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} sahara_dsn: list_join: - '' @@ -1272,6 +1304,14 @@ resources: tripleo::ringbuilder::replicas: {get_input: swift_replicas} tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours} swift_mount_check: {get_input: swift_mount_check} + swift::keystone::auth::public_url: {get_input: swift_public_url } + swift::keystone::auth::internal_url: {get_input: swift_internal_url } + swift::keystone::auth::admin_url: {get_input: swift_admin_url } + swift::keystone::auth::public_url_s3: {get_input: swift_public_url_v3 } + swift::keystone::auth::internal_url_s3: {get_input: swift_internal_url_v3 } + swift::keystone::auth::admin_url_s3: {get_input: swift_admin_url_v3 } + swift::keystone::auth::password: {get_input: swift_password } + swift::keystone::auth::region: {get_input: keystone_region} # Cinder cinder_enable_db_purge: {get_input: cinder_enable_db_purge} @@ -1296,10 +1336,20 @@ resources: cinder::glance::glance_api_servers: {get_input: glance_api_servers} cinder_backend_config: {get_input: CinderBackendConfig} cinder::db::mysql::password: {get_input: cinder_password} + cinder::keystone::auth::public_url: {get_input: cinder_public_url } + cinder::keystone::auth::internal_url: {get_input: cinder_internal_url } + cinder::keystone::auth::admin_url: {get_input: cinder_admin_url } + cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 } + cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 } + cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 } + cinder::keystone::auth::password: {get_input: cinder_password } + cinder::keystone::auth::region: {get_input: keystone_region} # Glance glance::api::bind_host: {get_input: glance_api_network} glance::registry::bind_host: {get_input: glance_registry_network} + glance::keystone::auth::region: {get_input: keystone_region} + # Heat heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password} heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url} @@ -1326,6 +1376,12 @@ resources: heat::db::mysql::password: {get_input: heat_password} heat_enable_db_purge: {get_input: heat_enable_db_purge} heat::keystone::domain::domain_password: {get_input: heat_stack_domain_admin_password} + heat::keystone::auth::public_url: {get_input: heat_public_url } + heat::keystone::auth::internal_url: {get_input: heat_internal_url } + heat::keystone::auth::admin_url: {get_input: heat_admin_url } + heat::keystone::auth::password: {get_input: heat_password } + heat::keystone::auth::region: {get_input: keystone_region} + # Keystone keystone::admin_bind_host: {get_input: keystone_admin_api_network} keystone::public_bind_host: {get_input: keystone_public_api_network} @@ -1433,6 +1489,11 @@ resources: ceilometer::dispatcher::gnocchi::filter_project: 'service' ceilometer::dispatcher::gnocchi::archive_policy: 'low' ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml' + ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url } + ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url } + ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url } + ceilometer::keystone::auth::password: {get_input: ceilometer_password } + ceilometer::keystone::auth::region: {get_input: keystone_region} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} @@ -1453,6 +1514,11 @@ resources: aodh::db::mysql::password: {get_input: aodh_password} # for a migration path from ceilometer-alarm to aodh, we use the same database & coordination aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url} + aodh::keystone::auth::public_url: {get_input: aodh_public_url } + aodh::keystone::auth::internal_url: {get_input: aodh_internal_url } + aodh::keystone::auth::admin_url: {get_input: aodh_admin_url } + aodh::keystone::auth::password: {get_input: aodh_password } + aodh::keystone::auth::region: {get_input: keystone_region} # Gnocchi gnocchi_backend: {get_input: gnocchi_backend} @@ -1469,6 +1535,11 @@ resources: gnocchi::db::mysql::password: {get_input: gnocchi_password} gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri} gnocchi::storage::swift::swift_key: {get_input: gnocchi_password} + gnocchi::keystone::auth::public_url: {get_input: gnocchi_public_url } + gnocchi::keystone::auth::internal_url: {get_input: gnocchi_internal_url } + gnocchi::keystone::auth::admin_url: {get_input: gnocchi_admin_url } + gnocchi::keystone::auth::password: {get_input: gnocchi_password } + gnocchi::keystone::auth::region: {get_input: keystone_region} # Nova nova::rabbit_userid: {get_input: rabbit_username} @@ -1499,6 +1570,14 @@ resources: nova::db::mysql::password: {get_input: nova_password} nova::db::mysql_api::password: {get_input: nova_password} nova_enable_db_purge: {get_input: nova_enable_db_purge} + nova::keystone::auth::public_url: {get_input: nova_public_url} + nova::keystone::auth::internal_url: {get_input: nova_internal_url} + nova::keystone::auth::admin_url: {get_input: nova_admin_url} + nova::keystone::auth::ec2_public_url: {get_input: nova_ec2_public_url} + nova::keystone::auth::ec2_internal_url: {get_input: nova_ec2_internal_url} + nova::keystone::auth::ec2_admin_url: {get_input: nova_ec2_admin_url} + nova::keystone::auth::password: {get_input: nova_password } + nova::keystone::auth::region: {get_input: keystone_region} # Horizon apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet} @@ -1531,6 +1610,11 @@ resources: sahara::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} sahara::rabbit_port: {get_input: rabbit_client_port} sahara::db::mysql::password: {get_input: sahara_password} + sahara::keystone::auth::public_url: {get_input: sahara_public_url } + sahara::keystone::auth::internal_url: {get_input: sahara_internal_url } + sahara::keystone::auth::admin_url: {get_input: sahara_admin_url } + sahara::keystone::auth::password: {get_input: sahara_password } + sahara::keystone::auth::region: {get_input: keystone_region} # Rabbit rabbitmq::node_ip_address: {get_input: rabbitmq_network} diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 9316cf17..b662bc64 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -57,6 +57,16 @@ ceilometer::api::keystone_tenant: 'service' gnocchi::api::keystone_tenant: 'service' heat::keystone_tenant: 'service' sahara::admin_tenant_name: 'service' +aodh::keystone::auth::tenant: 'service' +ceilometer::keystone::auth::tenant: 'service' +cinder::keystone::auth::tenant: 'service' +glance::keystone::auth::tenant: 'service' +gnocchi::keystone::auth::tenant: 'service' +heat::keystone::auth::tenant: 'service' +neutron::keystone::auth::tenant: 'service' +nova::keystone::auth::tenant: 'service' +sahara::keystone::auth::tenant: 'service' +swift::keystone::auth::tenant: 'service' # keystone keystone::cron::token_flush::maxdelay: 3600 @@ -86,6 +96,10 @@ swift::proxy::pipeline: - 'proxy-server' swift::proxy::account_autocreate: true +swift::keystone::auth::configure_s3_endpoint: false +swift::keystone::auth::operator_roles: + - admin + - swiftoperator # glance glance::api::pipeline: 'keystone' @@ -106,6 +120,7 @@ nova::scheduler::filter::ram_allocation_ratio: '1.0' nova::cron::archive_deleted_rows::hour: '*/12' nova::cron::archive_deleted_rows::destination: '/dev/null' nova::notification_driver: messaging +nova::keystone::auth::configure_ec2_endpoint: false # ceilometer ceilometer::agent::auth::auth_endpoint_type: 'internalURL' diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 3e8784b7..ca50d91d 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -94,5 +94,9 @@ outputs: glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort} glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword} glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]} + glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]} + glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]} + glance::keystone::auth::password: {get_param: GlancePassword } step_config: | include ::tripleo::profile::base::glance::api -- cgit 1.2.3-korg