summaryrefslogtreecommitdiffstats
path: root/mcp/reclass/classes/cluster/mcp-common-ha/openstack_proxy.yml.j2
blob: ead2ac8de91da7fb2e80bba4ac345061c363c671 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
##############################################################################
# Copyright (c) 2018 Mirantis Inc., Enea AB and others.
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
---
classes:
  - system.linux.system.repo.mcp.mirror.v1.openstack
  - system.linux.system.single.simple
  - system.nginx.server.single
  - system.nginx.server.proxy.openstack_api
  - system.nginx.server.proxy.openstack_vnc
  - system.nginx.server.proxy.openstack_web
  - system.nginx.server.proxy.openstack.aodh
  - system.nginx.server.proxy.openstack.ceilometer
  - system.nginx.server.proxy.openstack.barbican
  - system.apache.server.single
  - system.horizon.server.single
  - system.salt.minion.cert.proxy
  - system.sphinx.server.doc.reclass
  - service.keepalived.cluster.single
  - system.keepalived.cluster.instance.openstack_web_public_vip
parameters:
  _param:
    cluster_vip_address: ${_param:openstack_proxy_address}
    keepalived_openstack_web_public_vip_address: ${_param:cluster_vip_address}
    keepalived_openstack_web_public_vip_interface: ${_param:single_nic}
    keepalived_vip_address: ${_param:openstack_proxy_control_address}
    keepalived_vip_interface: ${_param:control_nic}
    keepalived_vip_virtual_router_id: 240
    nginx_proxy_ssl:
      enabled: true
      authority: ${_param:salt_minion_ca_authority}
      engine: salt
      mode: secure
    salt_minion_ca_host: cfg01.${_param:cluster_domain}
  linux:
    system:
      package:
        libapache2-mod-wsgi:
          version: latest
      kernel:
        ~boot_options:
          - ipv6.disable=0
{%- if not conf.MCP_VCP %}
  nginx:
    server:
      # NOTE(armband): Define host.address for all proxies for uniformity
      site:
        nginx_proxy_novnc: &nginx_openstack_proxy_address
          host:
            address: ${_param:openstack_proxy_address}
        nginx_proxy_openstack_api_aodh:
          <<: *nginx_openstack_proxy_address
        nginx_proxy_openstack_api_ceilometer:
          <<: *nginx_openstack_proxy_address
        nginx_proxy_openstack_api_cinder:
          <<: *nginx_openstack_proxy_address
        nginx_proxy_openstack_api_glance:
          <<: *nginx_openstack_proxy_address
        nginx_proxy_openstack_api_heat:
          <<: *nginx_openstack_proxy_address
        nginx_proxy_openstack_api_heat_cfn:
          <<: *nginx_openstack_proxy_address
        nginx_proxy_openstack_api_heat_cloudwatch:
          <<: *nginx_openstack_proxy_address
          enabled: false
        nginx_proxy_openstack_api_keystone:
          <<: *nginx_openstack_proxy_address
        nginx_proxy_openstack_api_keystone_private:
          <<: *nginx_openstack_proxy_address
        nginx_proxy_openstack_api_neutron:
          <<: *nginx_openstack_proxy_address
        nginx_proxy_openstack_api_nova:
          <<: *nginx_openstack_proxy_address
        nginx_proxy_openstack_web:
          <<: *nginx_openstack_proxy_address
        nginx_ssl_redirect_openstack_web:
          <<: *nginx_openstack_proxy_address
        nginx_static_reclass_doc:
          <<: *nginx_openstack_proxy_address
{%- else %}
  nginx:
    server:
      site:
        nginx_proxy_openstack_api_heat_cloudwatch:
          enabled: false
{%- endif %}
  salt:
    minion:
      cert:
        proxy:
          alternative_names: "IP:${_param:openstack_proxy_address}"
          key_usage: 'digitalSignature, keyEncipherment'
  keepalived:
    cluster:
      vrrp_scripts:
        check_pidof:
          args: 'nginx'
  apache:
    server:
      bind:
        listen_default_ports: false