############################################################################## # Copyright (c) 2018 Mirantis Inc., Enea AB and others. # All rights reserved. This program and the accompanying materials # are made available under the terms of the Apache License, Version 2.0 # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- classes: - system.nginx.server.single - system.nginx.server.proxy.openstack_api - system.nginx.server.proxy.openstack_vnc - system.nginx.server.proxy.openstack_web - system.nginx.server.proxy.openstack.aodh - system.nginx.server.proxy.openstack.ceilometer - system.apache.server.single - system.horizon.server.single - system.salt.minion.cert.proxy - system.sphinx.server.doc.reclass - service.keepalived.cluster.single - system.keepalived.cluster.instance.openstack_web_public_vip parameters: _param: cluster_vip_address: ${_param:openstack_proxy_address} keepalived_openstack_web_public_vip_address: ${_param:cluster_vip_address} keepalived_openstack_web_public_vip_interface: ${_param:single_nic} keepalived_vip_address: ${_param:openstack_proxy_control_address} keepalived_vip_interface: ${_param:control_nic} keepalived_vip_virtual_router_id: 240 nginx_proxy_ssl: enabled: true authority: ${_param:salt_minion_ca_authority} engine: salt mode: secure salt_minion_ca_host: cfg01.${_param:cluster_domain} linux: system: package: libapache2-mod-wsgi: version: latest {%- if not conf.MCP_VCP %} # Set up routes similar to prx*ovs-ha network: interface: br-ex: route: public: address: 0.0.0.0 netmask: 0.0.0.0 gateway: ${_param:opnfv_net_public_gw} nginx: server: # NOTE(armband): Define host.address for all proxies for uniformity site: nginx_proxy_novnc: &nginx_openstack_proxy_address host: address: ${_param:openstack_proxy_address} nginx_proxy_openstack_api_aodh: <<: *nginx_openstack_proxy_address nginx_proxy_openstack_api_ceilometer: <<: *nginx_openstack_proxy_address nginx_proxy_openstack_api_cinder: <<: *nginx_openstack_proxy_address nginx_proxy_openstack_api_glance: <<: *nginx_openstack_proxy_address nginx_proxy_openstack_api_heat: <<: *nginx_openstack_proxy_address nginx_proxy_openstack_api_heat_cfn: <<: *nginx_openstack_proxy_address nginx_proxy_openstack_api_heat_cloudwatch: <<: *nginx_openstack_proxy_address nginx_proxy_openstack_api_keystone: <<: *nginx_openstack_proxy_address nginx_proxy_openstack_api_keystone_private: <<: *nginx_openstack_proxy_address nginx_proxy_openstack_api_neutron: <<: *nginx_openstack_proxy_address nginx_proxy_openstack_api_nova: <<: *nginx_openstack_proxy_address nginx_proxy_openstack_api_nova_ec2: <<: *nginx_openstack_proxy_address nginx_proxy_openstack_web: <<: *nginx_openstack_proxy_address nginx_ssl_redirect_openstack_web: <<: *nginx_openstack_proxy_address nginx_static_reclass_doc: <<: *nginx_openstack_proxy_address {%- endif %} salt: minion: cert: proxy: alternative_names: "IP:${_param:openstack_proxy_address}" key_usage: 'digitalSignature, keyEncipherment' keepalived: cluster: vrrp_scripts: check_pidof: args: 'nginx' apache: server: bind: listen_default_ports: false