yardstick -

Linux Foundation Collaborative Projects

about summary refs log tree commit diff stats

path: root/gui

diff options

Diffstat (limited to 'gui')

0 files changed, 0 insertions, 0 deletions

Open Platform for NFV and OPNFV are trademarks of the Open Platform for NFV Project, Inc.

Linux Foundation is a registered trademark of The Linux Foundation. Linux is a registered trademark of Linus Torvalds.

Please see our terms of use, trademark policy, and privacy policy.

4' href='#n94'>94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200

heat_template_version: ocata

description: >
  OpenStack Swift Proxy service configured with Puppet

parameters:
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  Debug:
    default: ''
    description: Set to True to enable debugging on all services.
    type: string
  SwiftPassword:
    description: The password for the swift service account, used by the swift proxy services.
    type: string
    hidden: true
  SwiftProxyNodeTimeout:
    default: 60
    description: Timeout for requests going from swift-proxy to swift a/c/o services.
    type: number
  SwiftWorkers:
    default: auto
    description: Number of workers for Swift service.
    type: string
  KeystoneRegion:
    type: string
    default: 'regionOne'
    description: Keystone region for endpoint
  MonitoringSubscriptionSwiftProxy:
    default: 'overcloud-swift-proxy'
    type: string
  RabbitPassword:
    description: The password for RabbitMQ
    type: string
    hidden: true
  RabbitUserName:
    default: guest
    description: The username for RabbitMQ
    type: string
  SwiftCeilometerPipelineEnabled:
    description: Set to False to disable the swift proxy ceilometer pipeline.
    default: True
    type: boolean
  RabbitClientPort:
    default: 5672
    description: Set rabbit subscriber port, change this if using SSL
    type: number
  RabbitClientUseSSL:
    default: false
    description: >
        Rabbit client subscriber parameter to specify
        an SSL connection to the RabbitMQ host.
    type: string
  EnableInternalTLS:
    type: boolean
    default: false

conditions:

  ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, True]}
  use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}

resources:
  SwiftBase:
    type: ./swift-base.yaml
    properties:
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      EndpointMap: {get_param: EndpointMap}

  TLSProxyBase:
    type: OS::TripleO::Services::TLSProxyBase
    properties:
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      EndpointMap: {get_param: EndpointMap}
      EnableInternalTLS: {get_param: EnableInternalTLS}

outputs:
  role_data:
    description: Role data for the Swift proxy service.
    value:
      service_name: swift_proxy
      monitoring_subscription: {get_param: MonitoringSubscriptionSwiftProxy}
      config_settings:
        map_merge:
          - get_attr: [SwiftBase, role_data, config_settings]
          - get_attr: [TLSProxyBase, role_data, config_settings]
          - swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
            swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
            swift::proxy::authtoken::password: {get_param: SwiftPassword}
            swift::proxy::authtoken::project_name: 'service'
            swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
            swift::proxy::workers: {get_param: SwiftWorkers}
            swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName}
            swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword}
            swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]}
            swift::proxy::ceilometer::nonblocking_notify: true
            tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort}
            tripleo::profile::base::swift::proxy::ceilometer_messaging_use_ssl: {get_param: RabbitClientUseSSL}
            tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled}
            tripleo.swift_proxy.firewall_rules:
              '122 swift proxy':
                dport:
                  - 8080
                  - 13808
            swift::proxy::keystone::operator_roles:
              - admin
              - swiftoperator
              - ResellerAdmin
            swift::proxy::versioned_writes::allow_versioned_writes: true
            swift::proxy::pipeline:
              yaql:
                expression: $.data.pipeline.where($ != '')
                data:
                  pipeline:
                  - 'catch_errors'
                  - 'healthcheck'
                  - 'proxy-logging'
                  - 'cache'
                  - 'ratelimit'
                  - 'bulk'
                  - 'tempurl'
                  - 'formpost'
                  - 'authtoken'
                  - 'keystone'
                  - 'staticweb'
                  - 'copy'
                  - 'container_quotas'
                  - 'account_quotas'
                  - 'slo'
                  - 'dlo'
                  - 'versioned_writes'
                  -
                    if:
                    - ceilometer_pipeline_enabled
                    - 'ceilometer'
                    - ''
                  - 'proxy-logging'
                  - 'proxy-server'
            swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
            swift::proxy::account_autocreate: true
            # NOTE: bind IP is found in Heat replacing the network name with the
            # local node IP for the given network; replacement examples
            # (eg. for internal_api):
            # internal_api -> IP
            # internal_api_uri -> [IP]
            # internal_api_subnet - > IP/CIDR
            tripleo::profile::base::swift::proxy::tls_proxy_bind_ip:
              get_param: [ServiceNetMap, SwiftProxyNetwork]
            tripleo::profile::base::swift::proxy::tls_proxy_fqdn:
              str_replace:
                template:
                  "%{hiera('fqdn_$NETWORK')}"
                params:
                  $NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
            tripleo::profile::base::swift::proxy::tls_proxy_port:
              get_param: [EndpointMap, SwiftInternal, port]
            swift::proxy::port: {get_param: [EndpointMap, SwiftInternal, port]}
            swift::proxy::proxy_local_net_ip:
              if:
              - use_tls_proxy
              - 'localhost'
              - {get_param: [ServiceNetMap, SwiftProxyNetwork]}
      step_config: |
        include ::tripleo::profile::base::swift::proxy
      service_config_settings:
        keystone:
          swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
          swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
          swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
          swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
          swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
          swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
          swift::keystone::auth::password: {get_param: SwiftPassword}
          swift::keystone::auth::region: {get_param: KeystoneRegion}
          swift::keystone::auth::tenant: 'service'
          swift::keystone::auth::configure_s3_endpoint: false
          swift::keystone::auth::operator_roles:
            - admin
            - swiftoperator
            - ResellerAdmin
      upgrade_tasks:
        - name: Stop swift_proxy service
          tags: step1
          service: name=openstack-swift-proxy state=stopped
      metadata_settings:
        get_attr: [TLSProxyBase, role_data, metadata_settings]


context:
space:
mode: