blob: 1cde4d43bf091629e8ecf53d30d5595d228726ac (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
##############################################################################
# Copyright (c) 2018 Mirantis Inc., Enea AB and others.
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
---
classes:
- system.linux.system.repo.mcp.apt_mirantis.openstack
- system.nginx.server.single
- system.nginx.server.proxy.openstack_api
- system.nginx.server.proxy.openstack_vnc
- system.nginx.server.proxy.openstack_web
- system.nginx.server.proxy.openstack.aodh
- system.nginx.server.proxy.openstack.barbican
- system.apache.server.single
- system.horizon.server.single
- system.salt.minion.cert.proxy
- system.sphinx.server.doc.reclass
- service.keepalived.cluster.single
- system.keepalived.cluster.instance.openstack_web_public_vip
parameters:
_param:
cluster_vip_address: ${_param:openstack_proxy_address}
keepalived_openstack_web_public_vip_address: ${_param:cluster_vip_address}
keepalived_openstack_web_public_vip_interface: ${_param:single_nic}
keepalived_vip_address: ${_param:openstack_proxy_control_address}
keepalived_vip_interface: ${_param:control_nic}
keepalived_vip_virtual_router_id: 240
nginx_proxy_ssl:
enabled: true
authority: ${_param:salt_minion_ca_authority}
engine: salt
mode: secure
salt_minion_ca_host: cfg01.${_param:cluster_domain}
linux:
system:
package:
libapache2-mod-wsgi:
version: latest
{%- if not conf.MCP_VCP %}
nginx:
server:
# NOTE(armband): Define host.address for all proxies for uniformity
site:
nginx_proxy_novnc: &nginx_openstack_proxy_address
host:
address: ${_param:openstack_proxy_address}
nginx_proxy_openstack_api_aodh:
<<: *nginx_openstack_proxy_address
nginx_proxy_openstack_api_cinder:
<<: *nginx_openstack_proxy_address
nginx_proxy_openstack_api_glance:
<<: *nginx_openstack_proxy_address
nginx_proxy_openstack_api_heat:
<<: *nginx_openstack_proxy_address
nginx_proxy_openstack_api_heat_cfn:
<<: *nginx_openstack_proxy_address
nginx_proxy_openstack_api_heat_cloudwatch:
<<: *nginx_openstack_proxy_address
enabled: false
nginx_proxy_openstack_api_keystone:
<<: *nginx_openstack_proxy_address
nginx_proxy_openstack_api_keystone_private:
<<: *nginx_openstack_proxy_address
nginx_proxy_openstack_api_neutron:
<<: *nginx_openstack_proxy_address
nginx_proxy_openstack_api_nova:
<<: *nginx_openstack_proxy_address
nginx_proxy_openstack_web:
<<: *nginx_openstack_proxy_address
nginx_ssl_redirect_openstack_web:
<<: *nginx_openstack_proxy_address
nginx_static_reclass_doc:
<<: *nginx_openstack_proxy_address
{%- else %}
nginx:
server:
site:
nginx_proxy_openstack_api_heat_cloudwatch:
enabled: false
{%- endif %}
salt:
minion:
cert:
proxy:
alternative_names: "IP:${_param:openstack_proxy_address}"
key_usage: 'digitalSignature, keyEncipherment'
keepalived:
cluster:
vrrp_scripts:
check_pidof:
args: 'nginx'
apache:
server:
bind:
listen_default_ports: false
|