aboutsummaryrefslogtreecommitdiffstats
path: root/mcp/reclass/classes/cluster/mcp-common-ha/openstack_proxy.yml.j2
diff options
context:
space:
mode:
Diffstat (limited to 'mcp/reclass/classes/cluster/mcp-common-ha/openstack_proxy.yml.j2')
-rw-r--r--mcp/reclass/classes/cluster/mcp-common-ha/openstack_proxy.yml.j2100
1 files changed, 100 insertions, 0 deletions
diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_proxy.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_proxy.yml.j2
new file mode 100644
index 000000000..31bfeddb4
--- /dev/null
+++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_proxy.yml.j2
@@ -0,0 +1,100 @@
+##############################################################################
+# Copyright (c) 2018 Mirantis Inc., Enea AB and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+classes:
+ - system.nginx.server.single
+ - system.nginx.server.proxy.openstack_api
+ - system.nginx.server.proxy.openstack_vnc
+ - system.nginx.server.proxy.openstack_web
+ - system.nginx.server.proxy.openstack.aodh
+ - system.nginx.server.proxy.openstack.barbican
+ - system.apache.server.single
+ - system.horizon.server.single
+ - system.salt.minion.cert.proxy
+ - system.sphinx.server.doc.reclass
+ - service.keepalived.cluster.single
+ - system.keepalived.cluster.instance.openstack_web_public_vip
+ - cluster.all-mcp-arch-common.backports
+parameters:
+ _param:
+ cluster_vip_address: ${_param:openstack_proxy_address}
+ keepalived_openstack_web_public_vip_address: ${_param:cluster_vip_address}
+ keepalived_openstack_web_public_vip_interface: ${_param:single_nic}
+ keepalived_openstack_web_public_vip_password: ${_param:opnfv_main_password}
+ keepalived_vip_address: ${_param:openstack_proxy_control_address}
+ keepalived_vip_interface: ${_param:control_nic}
+ keepalived_vip_virtual_router_id: 240
+ nginx_proxy_ssl:
+ enabled: true
+ authority: ${_param:salt_minion_ca_authority}
+ engine: salt
+ mode: secure
+ salt_minion_ca_host: cfg01.${_param:cluster_domain}
+ linux:
+ system:
+ package:
+ libapache2-mod-wsgi:
+ version: latest
+{%- if not conf.MCP_VCP %}
+ nginx:
+ server:
+ # NOTE(armband): Define host.address for all proxies for uniformity
+ site:
+ nginx_proxy_novnc: &nginx_openstack_proxy_address
+ host:
+ address: ${_param:openstack_proxy_address}
+ nginx_proxy_openstack_api_aodh:
+ <<: *nginx_openstack_proxy_address
+ nginx_proxy_openstack_api_cinder:
+ <<: *nginx_openstack_proxy_address
+ nginx_proxy_openstack_api_glance:
+ <<: *nginx_openstack_proxy_address
+ nginx_proxy_openstack_api_heat:
+ <<: *nginx_openstack_proxy_address
+ nginx_proxy_openstack_api_heat_cfn:
+ <<: *nginx_openstack_proxy_address
+ nginx_proxy_openstack_api_heat_cloudwatch:
+ <<: *nginx_openstack_proxy_address
+ enabled: false
+ nginx_proxy_openstack_api_keystone:
+ <<: *nginx_openstack_proxy_address
+ nginx_proxy_openstack_api_keystone_private:
+ <<: *nginx_openstack_proxy_address
+ nginx_proxy_openstack_api_neutron:
+ <<: *nginx_openstack_proxy_address
+ nginx_proxy_openstack_api_nova:
+ <<: *nginx_openstack_proxy_address
+ nginx_proxy_openstack_web:
+ <<: *nginx_openstack_proxy_address
+ nginx_ssl_redirect_openstack_web:
+ <<: *nginx_openstack_proxy_address
+ nginx_static_reclass_doc:
+ <<: *nginx_openstack_proxy_address
+{%- else %}
+ nginx:
+ server:
+ site:
+ nginx_proxy_openstack_api_heat_cloudwatch:
+ enabled: false
+{%- endif %}
+ salt:
+ minion:
+ cert:
+ proxy:
+ alternative_names: "IP:${_param:openstack_proxy_address}"
+ key_usage: 'digitalSignature, keyEncipherment'
+ keepalived:
+ cluster:
+ vrrp_scripts:
+ check_pidof:
+ args: 'nginx'
+ apache:
+ server:
+ mod_wsgi: libapache2-mod-wsgi-py3
+ bind:
+ listen_default_ports: false