Move keystone::auth into service_config_settings

This patch moves the keystone::auth settings for all
services into the new service_config_settings section. This
is important because we execute the keystone commands via
puppet only on the role containing the keystone service
and without these settings it will fail.

Note that yaql merging/filtering is used here to ensure that
service_config_settings is optional in service templates,
and also that we'll only deploy hieradata for a given
service on a node running the service (the key in
the service_config_settings map must match the service_name
in the service template for this to work).

e.g the following will result in only deploying keystone: 123
in hiera on the role running the "keystone" service,
regardless of which service template defines it.

  service_config_settings:
    keystone:
      keystone: 123

Co-Authored-By: Steven Hardy <shardy@redhat.com>
Change-Id: I0c2fce037a1a38772f998d582a816b4b703f8265
Closes-bug: 1620829
This commit is contained in:
Dan Prince 2016-09-15 09:19:15 +02:00
parent f9d6db86ed
commit 9d67d7b3b1
19 changed files with 152 additions and 101 deletions

@ -261,6 +261,21 @@ resources:
{% for r in roles %}
- get_attr: [{{r.name}}ServiceChain, role_data, global_config_settings]
{% endfor %}
# This next step combines two yaql passes:
# - The inner one does a deep merge on the service_config_settings for all roles
# - The outer one filters the map based on the services enabled for the role
# then merges the result into one map.
- yaql:
expression: let(root => $) -> $.data.map.items().where($[0] in $root.data.services).select($[1]).reduce($1.mergeWith($2), {})
data:
map:
yaql:
expression: $.data.where($ != null).reduce($1.mergeWith($2), {})
data:
{% for r in roles %}
- get_attr: [{{r.name}}ServiceChain, role_data, service_config_settings]
{% endfor %}
services: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]}
ServiceNames: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]}
MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChain, role_data, monitoring_subscriptions]}
LoggingSources: {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]}

@ -74,5 +74,7 @@ outputs:
aodh::api::host: {get_param: [ServiceNetMap, AodhApiNetwork]}
aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]}
tripleo::profile::base::aodh::api::enable_combination_alarms: {get_param: EnableCombinationAlarms}
service_config_settings:
get_attr: [AodhBase, role_data, service_config_settings]
step_config: |
include tripleo::profile::base::aodh::api

@ -87,12 +87,6 @@ outputs:
aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
aodh::auth::auth_password: {get_param: AodhPassword}
aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]}
aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]}
aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]}
aodh::keystone::auth::password: {get_param: AodhPassword}
aodh::keystone::auth::region: {get_param: KeystoneRegion}
aodh::keystone::auth::tenant: 'service'
aodh::db::mysql::user: aodh
aodh::db::mysql::password: {get_param: AodhPassword}
aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
@ -102,3 +96,11 @@ outputs:
- "%{hiera('mysql_bind_host')}"
aodh::auth::auth_region: 'regionOne'
aodh::auth::auth_tenant_name: 'service'
service_config_settings:
keystone:
aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]}
aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]}
aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]}
aodh::keystone::auth::password: {get_param: AodhPassword}
aodh::keystone::auth::region: {get_param: KeystoneRegion}
aodh::keystone::auth::tenant: 'service'

@ -77,5 +77,7 @@ outputs:
'"%{::fqdn_$NETWORK}"'
params:
$NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
service_config_settings:
get_attr: [CeilometerServiceBase, role_data, service_config_settings]
step_config: |
include ::tripleo::profile::base::ceilometer::api

@ -107,12 +107,6 @@ outputs:
ceilometer::dispatcher::gnocchi::filter_project: 'service'
ceilometer::dispatcher::gnocchi::archive_policy: 'low'
ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
ceilometer::keystone::auth::password: {get_param: CeilometerPassword}
ceilometer::keystone::auth::region: {get_param: KeystoneRegion}
ceilometer::keystone::auth::tenant: 'service'
ceilometer::rabbit_userid: {get_param: RabbitUserName}
ceilometer::rabbit_password: {get_param: RabbitPassword}
ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
@ -127,3 +121,11 @@ outputs:
ceilometer::db::database_db_max_retries: -1
ceilometer::db::database_max_retries: -1
ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret}
service_config_settings:
keystone:
ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
ceilometer::keystone::auth::password: {get_param: CeilometerPassword}
ceilometer::keystone::auth::region: {get_param: KeystoneRegion}
ceilometer::keystone::auth::tenant: 'service'

@ -67,11 +67,13 @@ outputs:
tripleo.ceph_rgw.firewall_rules:
'122 ceph rgw':
dport: {get_param: [EndpointMap, CephRgwInternal, port]}
ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]}
ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
ceph::rgw::keystone::auth::tenant: 'service'
step_config: |
include ::tripleo::profile::base::ceph::rgw
service_config_settings:
keystone:
ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]}
ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
ceph::rgw::keystone::auth::tenant: 'service'

@ -65,19 +65,8 @@ outputs:
cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
cinder::keystone::authtoken::password: {get_param: CinderPassword}
cinder::keystone::authtoken::project_name: 'service'
cinder::keystone::auth::tenant: 'service'
cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]}
cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]}
cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]}
cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]}
cinder::keystone::auth::password: {get_param: CinderPassword}
cinder::keystone::auth::region: {get_param: KeystoneRegion}
cinder::api::enable_proxy_headers_parsing: true
cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL'
# TODO(emilien) move it to puppet-cinder
cinder::config:
@ -98,3 +87,17 @@ outputs:
cinder::api::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
step_config: |
include ::tripleo::profile::base::cinder::api
service_config_settings:
keystone:
cinder::keystone::auth::tenant: 'service'
cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]}
cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]}
cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]}
cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]}
cinder::keystone::auth::password: {get_param: CinderPassword}
cinder::keystone::auth::region: {get_param: KeystoneRegion}

@ -135,11 +135,6 @@ outputs:
glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
glance::keystone::auth::password: {get_param: GlancePassword }
glance::keystone::auth::region: {get_param: KeystoneRegion}
glance::registry::db::database_db_max_retries: -1
glance::registry::db::database_max_retries: -1
tripleo.glance_api.firewall_rules:
@ -147,7 +142,6 @@ outputs:
dport:
- 9292
- 13292
glance::keystone::auth::tenant: 'service'
glance::api::authtoken::project_name: 'service'
glance::api::pipeline: 'keystone'
glance::api::show_image_direct_url: true
@ -160,3 +154,11 @@ outputs:
glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]}
step_config: |
include ::tripleo::profile::base::glance::api
service_config_settings:
keystone:
glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
glance::keystone::auth::password: {get_param: GlancePassword }
glance::keystone::auth::region: {get_param: KeystoneRegion}
glance::keystone::auth::tenant: 'service'

@ -78,12 +78,6 @@ outputs:
- 13041
gnocchi::api::enabled: true
gnocchi::api::service_name: 'httpd'
gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
gnocchi::keystone::auth::tenant: 'service'
gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword}
@ -110,3 +104,11 @@ outputs:
gnocchi::storage::swift::swift_authurl: {get_param: [EndpointMap, KeystoneInternal, uri]}
step_config: |
include ::tripleo::profile::base::gnocchi::api
service_config_settings:
keystone:
gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
gnocchi::keystone::auth::tenant: 'service'

@ -60,12 +60,6 @@ outputs:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- heat::api_cfn::workers: {get_param: HeatWorkers}
heat::keystone::auth_cfn::tenant: 'service'
heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]}
heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]}
heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
heat::keystone::auth_cfn::password: {get_param: HeatPassword}
heat::keystone::auth::region: {get_param: KeystoneRegion}
tripleo.heat_api_cfn.firewall_rules:
'125 heat_cfn':
dport:
@ -80,3 +74,11 @@ outputs:
heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
step_config: |
include ::tripleo::profile::base::heat::api_cfn
service_config_settings:
keystone:
heat::keystone::auth_cfn::tenant: 'service'
heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]}
heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]}
heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
heat::keystone::auth_cfn::password: {get_param: HeatPassword}
heat::keystone::auth::region: {get_param: KeystoneRegion}

@ -60,12 +60,6 @@ outputs:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- heat::api::workers: {get_param: HeatWorkers}
heat::keystone::auth::tenant: 'service'
heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]}
heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]}
heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
heat::keystone::auth::password: {get_param: HeatPassword}
heat::keystone::auth::region: {get_param: KeystoneRegion}
tripleo.heat_api.firewall_rules:
'125 heat_api':
dport:
@ -80,3 +74,11 @@ outputs:
heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
step_config: |
include ::tripleo::profile::base::heat::api
service_config_settings:
keystone:
heat::keystone::auth::tenant: 'service'
heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]}
heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]}
heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
heat::keystone::auth::password: {get_param: HeatPassword}
heat::keystone::auth::region: {get_param: KeystoneRegion}

@ -58,12 +58,6 @@ outputs:
ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
# This is used to build links in responses
ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
ironic::keystone::auth::auth_name: 'ironic'
ironic::keystone::auth::password: {get_param: IronicPassword }
ironic::keystone::auth::tenant: 'service'
tripleo.ironic_api.firewall_rules:
'133 ironic api':
dport:
@ -71,3 +65,11 @@ outputs:
- 13385
step_config: |
include ::tripleo::profile::base::ironic::api
service_config_settings:
keystone:
ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
ironic::keystone::auth::auth_name: 'ironic'
ironic::keystone::auth::password: {get_param: IronicPassword }
ironic::keystone::auth::tenant: 'service'

@ -51,14 +51,6 @@ outputs:
manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
manila::keystone::authtoken::project_name: 'service'
manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]}
manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]}
manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]}
manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]}
manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]}
manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]}
manila::keystone::auth::password: {get_param: ManilaPassword }
manila::keystone::auth::region: {get_param: KeystoneRegion }
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
@ -69,4 +61,13 @@ outputs:
manila::api::enable_proxy_headers_parsing: true
step_config: |
include ::tripleo::profile::base::manila::api
service_config_settings:
keystone:
manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]}
manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]}
manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]}
manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]}
manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]}
manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]}
manila::keystone::auth::password: {get_param: ManilaPassword}
manila::keystone::auth::region: {get_param: KeystoneRegion}

@ -114,12 +114,6 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/ovs_neutron'
neutron::keystone::auth::tenant: 'service'
neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
neutron::keystone::auth::password: {get_param: NeutronPassword}
neutron::keystone::auth::region: {get_param: KeystoneRegion}
neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
neutron::server::api_workers: {get_param: NeutronWorkers}
@ -161,3 +155,11 @@ outputs:
neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]}
step_config: |
include tripleo::profile::base::neutron::server
service_config_settings:
keystone:
neutron::keystone::auth::tenant: 'service'
neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
neutron::keystone::auth::password: {get_param: NeutronPassword}
neutron::keystone::auth::region: {get_param: KeystoneRegion}

@ -94,12 +94,6 @@ outputs:
nova::api::default_floating_pool: 'public'
nova::api::sync_db_api: true
nova::api::enable_proxy_headers_parsing: true
nova::keystone::auth::tenant: 'service'
nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
nova::keystone::auth::password: {get_param: NovaPassword}
nova::keystone::auth::region: {get_param: KeystoneRegion}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
@ -113,3 +107,11 @@ outputs:
step_config: |
include tripleo::profile::base::nova::api
service_config_settings:
keystone:
nova::keystone::auth::tenant: 'service'
nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
nova::keystone::auth::password: {get_param: NovaPassword}
nova::keystone::auth::region: {get_param: KeystoneRegion}

@ -61,11 +61,6 @@ outputs:
- get_attr: [SaharaBase, role_data, config_settings]
- sahara::port: {get_param: [EndpointMap, SaharaInternal, port]}
sahara::service::api::api_workers: {get_param: SaharaWorkers}
sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]}
sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]}
sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]}
sahara::keystone::auth::password: {get_param: SaharaPassword }
sahara::keystone::auth::region: {get_param: KeystoneRegion}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
@ -79,3 +74,11 @@ outputs:
- 13386
step_config: |
include ::tripleo::profile::base::sahara::api
service_config_settings:
keystone:
sahara::keystone::auth::tenant: 'service'
sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]}
sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]}
sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]}
sahara::keystone::auth::password: {get_param: SaharaPassword }
sahara::keystone::auth::region: {get_param: KeystoneRegion}

@ -85,6 +85,5 @@ outputs:
- storm
sahara::rpc_backend: rabbit
sahara::admin_tenant_name: 'service'
sahara::keystone::auth::tenant: 'service'
sahara::db::database_db_max_retries: -1
sahara::db::database_max_retries: -1

@ -102,4 +102,8 @@ outputs:
yaql:
expression: list($.data.where($ != null).select($.get('global_config_settings')).where($ != null))
data: {get_attr: [ServiceChain, role_data]}
service_config_settings:
yaql:
expression: $.data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {})
data: {get_attr: [ServiceChain, role_data]}
step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]}

@ -66,25 +66,11 @@ outputs:
swift::proxy::authtoken::project_name: 'service'
swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
swift::proxy::workers: {get_param: SwiftWorkers}
swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
swift::keystone::auth::password: {get_param: SwiftPassword}
swift::keystone::auth::region: {get_param: KeystoneRegion}
tripleo.swift_proxy.firewall_rules:
'122 swift proxy':
dport:
- 8080
- 13808
swift::keystone::auth::tenant: 'service'
swift::keystone::auth::configure_s3_endpoint: false
swift::keystone::auth::operator_roles:
- admin
- swiftoperator
- ResellerAdmin
swift::proxy::keystone::operator_roles:
- admin
- swiftoperator
@ -113,3 +99,19 @@ outputs:
swift::proxy::proxy_local_net_ip: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
step_config: |
include ::tripleo::profile::base::swift::proxy
service_config_settings:
keystone:
swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
swift::keystone::auth::password: {get_param: SwiftPassword}
swift::keystone::auth::region: {get_param: KeystoneRegion}
swift::keystone::auth::tenant: 'service'
swift::keystone::auth::configure_s3_endpoint: false
swift::keystone::auth::operator_roles:
- admin
- swiftoperator
- ResellerAdmin