Move keystone::auth into service_config_settings
This patch moves the keystone::auth settings for all services into the new service_config_settings section. This is important because we execute the keystone commands via puppet only on the role containing the keystone service and without these settings it will fail. Note that yaql merging/filtering is used here to ensure that service_config_settings is optional in service templates, and also that we'll only deploy hieradata for a given service on a node running the service (the key in the service_config_settings map must match the service_name in the service template for this to work). e.g the following will result in only deploying keystone: 123 in hiera on the role running the "keystone" service, regardless of which service template defines it. service_config_settings: keystone: keystone: 123 Co-Authored-By: Steven Hardy <shardy@redhat.com> Change-Id: I0c2fce037a1a38772f998d582a816b4b703f8265 Closes-bug: 1620829
This commit is contained in:
parent
f9d6db86ed
commit
9d67d7b3b1
overcloud.j2.yaml
puppet/services
@ -261,6 +261,21 @@ resources:
|
||||
{% for r in roles %}
|
||||
- get_attr: [{{r.name}}ServiceChain, role_data, global_config_settings]
|
||||
{% endfor %}
|
||||
# This next step combines two yaql passes:
|
||||
# - The inner one does a deep merge on the service_config_settings for all roles
|
||||
# - The outer one filters the map based on the services enabled for the role
|
||||
# then merges the result into one map.
|
||||
- yaql:
|
||||
expression: let(root => $) -> $.data.map.items().where($[0] in $root.data.services).select($[1]).reduce($1.mergeWith($2), {})
|
||||
data:
|
||||
map:
|
||||
yaql:
|
||||
expression: $.data.where($ != null).reduce($1.mergeWith($2), {})
|
||||
data:
|
||||
{% for r in roles %}
|
||||
- get_attr: [{{r.name}}ServiceChain, role_data, service_config_settings]
|
||||
{% endfor %}
|
||||
services: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]}
|
||||
ServiceNames: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]}
|
||||
MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChain, role_data, monitoring_subscriptions]}
|
||||
LoggingSources: {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]}
|
||||
|
@ -74,5 +74,7 @@ outputs:
|
||||
aodh::api::host: {get_param: [ServiceNetMap, AodhApiNetwork]}
|
||||
aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]}
|
||||
tripleo::profile::base::aodh::api::enable_combination_alarms: {get_param: EnableCombinationAlarms}
|
||||
service_config_settings:
|
||||
get_attr: [AodhBase, role_data, service_config_settings]
|
||||
step_config: |
|
||||
include tripleo::profile::base::aodh::api
|
||||
|
@ -87,12 +87,6 @@ outputs:
|
||||
aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
|
||||
aodh::auth::auth_password: {get_param: AodhPassword}
|
||||
aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]}
|
||||
aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]}
|
||||
aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]}
|
||||
aodh::keystone::auth::password: {get_param: AodhPassword}
|
||||
aodh::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
aodh::keystone::auth::tenant: 'service'
|
||||
aodh::db::mysql::user: aodh
|
||||
aodh::db::mysql::password: {get_param: AodhPassword}
|
||||
aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
||||
@ -102,3 +96,11 @@ outputs:
|
||||
- "%{hiera('mysql_bind_host')}"
|
||||
aodh::auth::auth_region: 'regionOne'
|
||||
aodh::auth::auth_tenant_name: 'service'
|
||||
service_config_settings:
|
||||
keystone:
|
||||
aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]}
|
||||
aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]}
|
||||
aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]}
|
||||
aodh::keystone::auth::password: {get_param: AodhPassword}
|
||||
aodh::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
aodh::keystone::auth::tenant: 'service'
|
||||
|
@ -77,5 +77,7 @@ outputs:
|
||||
'"%{::fqdn_$NETWORK}"'
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
|
||||
service_config_settings:
|
||||
get_attr: [CeilometerServiceBase, role_data, service_config_settings]
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::ceilometer::api
|
||||
|
@ -107,12 +107,6 @@ outputs:
|
||||
ceilometer::dispatcher::gnocchi::filter_project: 'service'
|
||||
ceilometer::dispatcher::gnocchi::archive_policy: 'low'
|
||||
ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
|
||||
ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
|
||||
ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
|
||||
ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
|
||||
ceilometer::keystone::auth::password: {get_param: CeilometerPassword}
|
||||
ceilometer::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
ceilometer::keystone::auth::tenant: 'service'
|
||||
ceilometer::rabbit_userid: {get_param: RabbitUserName}
|
||||
ceilometer::rabbit_password: {get_param: RabbitPassword}
|
||||
ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
|
||||
@ -127,3 +121,11 @@ outputs:
|
||||
ceilometer::db::database_db_max_retries: -1
|
||||
ceilometer::db::database_max_retries: -1
|
||||
ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret}
|
||||
service_config_settings:
|
||||
keystone:
|
||||
ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
|
||||
ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
|
||||
ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
|
||||
ceilometer::keystone::auth::password: {get_param: CeilometerPassword}
|
||||
ceilometer::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
ceilometer::keystone::auth::tenant: 'service'
|
||||
|
@ -67,11 +67,13 @@ outputs:
|
||||
tripleo.ceph_rgw.firewall_rules:
|
||||
'122 ceph rgw':
|
||||
dport: {get_param: [EndpointMap, CephRgwInternal, port]}
|
||||
ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]}
|
||||
ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
|
||||
ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
|
||||
ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
|
||||
ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
ceph::rgw::keystone::auth::tenant: 'service'
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::ceph::rgw
|
||||
service_config_settings:
|
||||
keystone:
|
||||
ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]}
|
||||
ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
|
||||
ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
|
||||
ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
|
||||
ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
ceph::rgw::keystone::auth::tenant: 'service'
|
||||
|
@ -65,19 +65,8 @@ outputs:
|
||||
cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
cinder::keystone::authtoken::password: {get_param: CinderPassword}
|
||||
cinder::keystone::authtoken::project_name: 'service'
|
||||
cinder::keystone::auth::tenant: 'service'
|
||||
cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]}
|
||||
cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
|
||||
cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
|
||||
cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
|
||||
cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
|
||||
cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
|
||||
cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]}
|
||||
cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]}
|
||||
cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]}
|
||||
cinder::keystone::auth::password: {get_param: CinderPassword}
|
||||
cinder::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
cinder::api::enable_proxy_headers_parsing: true
|
||||
|
||||
cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL'
|
||||
# TODO(emilien) move it to puppet-cinder
|
||||
cinder::config:
|
||||
@ -98,3 +87,17 @@ outputs:
|
||||
cinder::api::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::cinder::api
|
||||
service_config_settings:
|
||||
keystone:
|
||||
cinder::keystone::auth::tenant: 'service'
|
||||
cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]}
|
||||
cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
|
||||
cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
|
||||
cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
|
||||
cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
|
||||
cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
|
||||
cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]}
|
||||
cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]}
|
||||
cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]}
|
||||
cinder::keystone::auth::password: {get_param: CinderPassword}
|
||||
cinder::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
|
@ -135,11 +135,6 @@ outputs:
|
||||
glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
|
||||
glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
|
||||
glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
|
||||
glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
|
||||
glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
|
||||
glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
|
||||
glance::keystone::auth::password: {get_param: GlancePassword }
|
||||
glance::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
glance::registry::db::database_db_max_retries: -1
|
||||
glance::registry::db::database_max_retries: -1
|
||||
tripleo.glance_api.firewall_rules:
|
||||
@ -147,7 +142,6 @@ outputs:
|
||||
dport:
|
||||
- 9292
|
||||
- 13292
|
||||
glance::keystone::auth::tenant: 'service'
|
||||
glance::api::authtoken::project_name: 'service'
|
||||
glance::api::pipeline: 'keystone'
|
||||
glance::api::show_image_direct_url: true
|
||||
@ -160,3 +154,11 @@ outputs:
|
||||
glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::glance::api
|
||||
service_config_settings:
|
||||
keystone:
|
||||
glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
|
||||
glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
|
||||
glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
|
||||
glance::keystone::auth::password: {get_param: GlancePassword }
|
||||
glance::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
glance::keystone::auth::tenant: 'service'
|
||||
|
@ -78,12 +78,6 @@ outputs:
|
||||
- 13041
|
||||
gnocchi::api::enabled: true
|
||||
gnocchi::api::service_name: 'httpd'
|
||||
gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
|
||||
gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
|
||||
gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
|
||||
gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
|
||||
gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
gnocchi::keystone::auth::tenant: 'service'
|
||||
gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||
gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword}
|
||||
@ -110,3 +104,11 @@ outputs:
|
||||
gnocchi::storage::swift::swift_authurl: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::gnocchi::api
|
||||
service_config_settings:
|
||||
keystone:
|
||||
gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
|
||||
gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
|
||||
gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
|
||||
gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
|
||||
gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
gnocchi::keystone::auth::tenant: 'service'
|
||||
|
@ -60,12 +60,6 @@ outputs:
|
||||
map_merge:
|
||||
- get_attr: [HeatBase, role_data, config_settings]
|
||||
- heat::api_cfn::workers: {get_param: HeatWorkers}
|
||||
heat::keystone::auth_cfn::tenant: 'service'
|
||||
heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]}
|
||||
heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]}
|
||||
heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
|
||||
heat::keystone::auth_cfn::password: {get_param: HeatPassword}
|
||||
heat::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
tripleo.heat_api_cfn.firewall_rules:
|
||||
'125 heat_cfn':
|
||||
dport:
|
||||
@ -80,3 +74,11 @@ outputs:
|
||||
heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::heat::api_cfn
|
||||
service_config_settings:
|
||||
keystone:
|
||||
heat::keystone::auth_cfn::tenant: 'service'
|
||||
heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]}
|
||||
heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]}
|
||||
heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
|
||||
heat::keystone::auth_cfn::password: {get_param: HeatPassword}
|
||||
heat::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
|
@ -60,12 +60,6 @@ outputs:
|
||||
map_merge:
|
||||
- get_attr: [HeatBase, role_data, config_settings]
|
||||
- heat::api::workers: {get_param: HeatWorkers}
|
||||
heat::keystone::auth::tenant: 'service'
|
||||
heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]}
|
||||
heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]}
|
||||
heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
|
||||
heat::keystone::auth::password: {get_param: HeatPassword}
|
||||
heat::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
tripleo.heat_api.firewall_rules:
|
||||
'125 heat_api':
|
||||
dport:
|
||||
@ -80,3 +74,11 @@ outputs:
|
||||
heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::heat::api
|
||||
service_config_settings:
|
||||
keystone:
|
||||
heat::keystone::auth::tenant: 'service'
|
||||
heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]}
|
||||
heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]}
|
||||
heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
|
||||
heat::keystone::auth::password: {get_param: HeatPassword}
|
||||
heat::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
|
@ -58,12 +58,6 @@ outputs:
|
||||
ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
|
||||
# This is used to build links in responses
|
||||
ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
|
||||
ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
|
||||
ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
|
||||
ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
|
||||
ironic::keystone::auth::auth_name: 'ironic'
|
||||
ironic::keystone::auth::password: {get_param: IronicPassword }
|
||||
ironic::keystone::auth::tenant: 'service'
|
||||
tripleo.ironic_api.firewall_rules:
|
||||
'133 ironic api':
|
||||
dport:
|
||||
@ -71,3 +65,11 @@ outputs:
|
||||
- 13385
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::ironic::api
|
||||
service_config_settings:
|
||||
keystone:
|
||||
ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
|
||||
ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
|
||||
ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
|
||||
ironic::keystone::auth::auth_name: 'ironic'
|
||||
ironic::keystone::auth::password: {get_param: IronicPassword }
|
||||
ironic::keystone::auth::tenant: 'service'
|
||||
|
@ -51,14 +51,6 @@ outputs:
|
||||
manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
|
||||
manila::keystone::authtoken::project_name: 'service'
|
||||
manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]}
|
||||
manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]}
|
||||
manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]}
|
||||
manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]}
|
||||
manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]}
|
||||
manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]}
|
||||
manila::keystone::auth::password: {get_param: ManilaPassword }
|
||||
manila::keystone::auth::region: {get_param: KeystoneRegion }
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
@ -69,4 +61,13 @@ outputs:
|
||||
manila::api::enable_proxy_headers_parsing: true
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::manila::api
|
||||
|
||||
service_config_settings:
|
||||
keystone:
|
||||
manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]}
|
||||
manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]}
|
||||
manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]}
|
||||
manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]}
|
||||
manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]}
|
||||
manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]}
|
||||
manila::keystone::auth::password: {get_param: ManilaPassword}
|
||||
manila::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
|
@ -114,12 +114,6 @@ outputs:
|
||||
- '@'
|
||||
- {get_param: [EndpointMap, MysqlInternal, host]}
|
||||
- '/ovs_neutron'
|
||||
neutron::keystone::auth::tenant: 'service'
|
||||
neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
|
||||
neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
|
||||
neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
|
||||
neutron::keystone::auth::password: {get_param: NeutronPassword}
|
||||
neutron::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
neutron::server::api_workers: {get_param: NeutronWorkers}
|
||||
@ -161,3 +155,11 @@ outputs:
|
||||
neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]}
|
||||
step_config: |
|
||||
include tripleo::profile::base::neutron::server
|
||||
service_config_settings:
|
||||
keystone:
|
||||
neutron::keystone::auth::tenant: 'service'
|
||||
neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
|
||||
neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
|
||||
neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
|
||||
neutron::keystone::auth::password: {get_param: NeutronPassword}
|
||||
neutron::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
|
@ -94,12 +94,6 @@ outputs:
|
||||
nova::api::default_floating_pool: 'public'
|
||||
nova::api::sync_db_api: true
|
||||
nova::api::enable_proxy_headers_parsing: true
|
||||
nova::keystone::auth::tenant: 'service'
|
||||
nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
|
||||
nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
|
||||
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
|
||||
nova::keystone::auth::password: {get_param: NovaPassword}
|
||||
nova::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
@ -113,3 +107,11 @@ outputs:
|
||||
|
||||
step_config: |
|
||||
include tripleo::profile::base::nova::api
|
||||
service_config_settings:
|
||||
keystone:
|
||||
nova::keystone::auth::tenant: 'service'
|
||||
nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
|
||||
nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
|
||||
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
|
||||
nova::keystone::auth::password: {get_param: NovaPassword}
|
||||
nova::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
|
@ -61,11 +61,6 @@ outputs:
|
||||
- get_attr: [SaharaBase, role_data, config_settings]
|
||||
- sahara::port: {get_param: [EndpointMap, SaharaInternal, port]}
|
||||
sahara::service::api::api_workers: {get_param: SaharaWorkers}
|
||||
sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]}
|
||||
sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]}
|
||||
sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]}
|
||||
sahara::keystone::auth::password: {get_param: SaharaPassword }
|
||||
sahara::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
@ -79,3 +74,11 @@ outputs:
|
||||
- 13386
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::sahara::api
|
||||
service_config_settings:
|
||||
keystone:
|
||||
sahara::keystone::auth::tenant: 'service'
|
||||
sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]}
|
||||
sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]}
|
||||
sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]}
|
||||
sahara::keystone::auth::password: {get_param: SaharaPassword }
|
||||
sahara::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
|
@ -85,6 +85,5 @@ outputs:
|
||||
- storm
|
||||
sahara::rpc_backend: rabbit
|
||||
sahara::admin_tenant_name: 'service'
|
||||
sahara::keystone::auth::tenant: 'service'
|
||||
sahara::db::database_db_max_retries: -1
|
||||
sahara::db::database_max_retries: -1
|
||||
|
@ -102,4 +102,8 @@ outputs:
|
||||
yaql:
|
||||
expression: list($.data.where($ != null).select($.get('global_config_settings')).where($ != null))
|
||||
data: {get_attr: [ServiceChain, role_data]}
|
||||
service_config_settings:
|
||||
yaql:
|
||||
expression: $.data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {})
|
||||
data: {get_attr: [ServiceChain, role_data]}
|
||||
step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]}
|
||||
|
@ -66,25 +66,11 @@ outputs:
|
||||
swift::proxy::authtoken::project_name: 'service'
|
||||
swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
|
||||
swift::proxy::workers: {get_param: SwiftWorkers}
|
||||
swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
|
||||
swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
|
||||
swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
|
||||
swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
|
||||
swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
|
||||
swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
|
||||
swift::keystone::auth::password: {get_param: SwiftPassword}
|
||||
swift::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
tripleo.swift_proxy.firewall_rules:
|
||||
'122 swift proxy':
|
||||
dport:
|
||||
- 8080
|
||||
- 13808
|
||||
swift::keystone::auth::tenant: 'service'
|
||||
swift::keystone::auth::configure_s3_endpoint: false
|
||||
swift::keystone::auth::operator_roles:
|
||||
- admin
|
||||
- swiftoperator
|
||||
- ResellerAdmin
|
||||
swift::proxy::keystone::operator_roles:
|
||||
- admin
|
||||
- swiftoperator
|
||||
@ -113,3 +99,19 @@ outputs:
|
||||
swift::proxy::proxy_local_net_ip: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::swift::proxy
|
||||
service_config_settings:
|
||||
keystone:
|
||||
swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
|
||||
swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
|
||||
swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
|
||||
swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
|
||||
swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
|
||||
swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
|
||||
swift::keystone::auth::password: {get_param: SwiftPassword}
|
||||
swift::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
swift::keystone::auth::tenant: 'service'
|
||||
swift::keystone::auth::configure_s3_endpoint: false
|
||||
swift::keystone::auth::operator_roles:
|
||||
- admin
|
||||
- swiftoperator
|
||||
- ResellerAdmin
|
||||
|
Loading…
x
Reference in New Issue
Block a user