Merge "Convert ServiceNetMap evals to hiera interpolation"

This commit is contained in:
Zuul 2018-03-14 13:20:13 +00:00 committed by Gerrit Code Review
commit c931009702
59 changed files with 505 additions and 119 deletions

@ -231,7 +231,15 @@ outputs:
ceph_docker_image_tag: {get_attr: [DockerImageUrlParts, value, image_tag]} ceph_docker_image_tag: {get_attr: [DockerImageUrlParts, value, image_tag]}
containerized_deployment: true containerized_deployment: true
public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
monitor_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} monitor_address_block:
get_param:
- ServiceData
- net_cidr_map
- str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
cluster_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} cluster_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
user_config: true user_config: true
ceph_stable: true ceph_stable: true

@ -72,7 +72,15 @@ outputs:
- {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]} - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
- radosgw_keystone: true - radosgw_keystone: true
radosgw_keystone_ssl: false radosgw_keystone_ssl: false
radosgw_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephRgwNetwork]}]} radosgw_address_block:
get_param:
- ServiceData
- net_cidr_map
- str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CephRgwNetwork]}
radosgw_civetweb_port: {get_param: [EndpointMap, CephRgwInternal, port]} radosgw_civetweb_port: {get_param: [EndpointMap, CephRgwInternal, port]}
service_config_settings: service_config_settings:
keystone: keystone:

@ -89,7 +89,12 @@ outputs:
map_merge: map_merge:
- get_attr: [MistralBase, role_data, config_settings] - get_attr: [MistralBase, role_data, config_settings]
- mistral::api::api_workers: {get_param: MistralWorkers} - mistral::api::api_workers: {get_param: MistralWorkers}
mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]} mistral::api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
mistral::policy::policies: {get_param: MistralApiPolicies} mistral::policy::policies: {get_param: MistralApiPolicies}
tripleo.mistral_api.firewall_rules: tripleo.mistral_api.firewall_rules:
'133 mistral': '133 mistral':

@ -96,7 +96,11 @@ outputs:
tripleo::stunnel::manage_service: false tripleo::stunnel::manage_service: false
tripleo::stunnel::foreground: 'yes' tripleo::stunnel::foreground: 'yes'
tripleo::profile::pacemaker::database::redis_bundle::tls_proxy_bind_ip: tripleo::profile::pacemaker::database::redis_bundle::tls_proxy_bind_ip:
get_param: [ServiceNetMap, RedisNetwork] str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
tripleo::profile::pacemaker::database::redis_bundle::tls_proxy_fqdn: tripleo::profile::pacemaker::database::redis_bundle::tls_proxy_fqdn:
str_replace: str_replace:
template: template:

@ -539,10 +539,7 @@ resources:
service_names: {get_param: ServiceNames} service_names: {get_param: ServiceNames}
sensu::subscriptions: {get_param: MonitoringSubscriptions} sensu::subscriptions: {get_param: MonitoringSubscriptions}
net_ip_map: {get_attr: [NetIpMap, net_ip_map]} net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
service_configs: service_configs: {get_param: ServiceConfigSettings}
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
{{role.name.lower()}}_extraconfig: {{role.name.lower()}}_extraconfig:
map_merge: map_merge:
{%- if role.deprecated_param_extraconfig is defined %} {%- if role.deprecated_param_extraconfig is defined %}

@ -102,13 +102,18 @@ outputs:
"%{hiera('fqdn_$NETWORK')}" "%{hiera('fqdn_$NETWORK')}"
params: params:
$NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]} $NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the # NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples # local node IP for the given network; replacement examples
# (eg. for internal_api): # (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]} aodh::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]}
service_config_settings: service_config_settings:
get_attr: [AodhBase, role_data, service_config_settings] get_attr: [AodhBase, role_data, service_config_settings]
step_config: | step_config: |

@ -80,15 +80,21 @@ outputs:
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]} apache::ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
apache::default_vhost: false apache::default_vhost: false
apache::server_signature: 'Off' apache::server_signature: 'Off'
apache::server_tokens: 'Prod' apache::server_tokens: 'Prod'
apache_remote_proxy_ips_network: apache_remote_proxy_ips_network:
str_replace: str_replace:
template: "NETWORK_subnet" template:
"%{hiera('$NETWORK_subnet')}"
params: params:
NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]} $NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
apache::mod::prefork::maxclients: { get_param: ApacheMaxRequestWorkers } apache::mod::prefork::maxclients: { get_param: ApacheMaxRequestWorkers }
apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit } apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit }
apache::mod::remoteip::proxy_ips: apache::mod::remoteip::proxy_ips:

@ -132,7 +132,12 @@ outputs:
barbican::api::rabbit_port: {get_param: RabbitClientPort} barbican::api::rabbit_port: {get_param: RabbitClientPort}
barbican::api::rabbit_heartbeat_timeout_threshold: 60 barbican::api::rabbit_heartbeat_timeout_threshold: 60
barbican::api::service_name: 'httpd' barbican::api::service_name: 'httpd'
barbican::wsgi::apache::bind_host: {get_param: [ServiceNetMap, BarbicanApiNetwork]} barbican::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
barbican::wsgi::apache::ssl: {get_param: EnableInternalTLS} barbican::wsgi::apache::ssl: {get_param: EnableInternalTLS}
barbican::wsgi::apache::workers: {get_param: BarbicanWorkers} barbican::wsgi::apache::workers: {get_param: BarbicanWorkers}
barbican::wsgi::apache::servername: barbican::wsgi::apache::servername:

@ -107,22 +107,27 @@ outputs:
ceph::params::packages: ceph::params::packages:
- ceph-base - ceph-base
- ceph-mon - ceph-mon
# NOTE: bind IP is found in Heat replacing the network name with the local node IP # NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api): # for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
ceph::profile::params::cluster_network: ceph::profile::params::cluster_network:
str_replace: str_replace:
template: "NETWORK_subnet" template: "%{hiera('$NETWORK_subnet')}"
params: params:
NETWORK: {get_param: [ServiceNetMap, CephClusterNetwork]} NETWORK: {get_param: [ServiceNetMap, CephClusterNetwork]}
ceph::profile::params::public_network: ceph::profile::params::public_network:
str_replace: str_replace:
template: "NETWORK_subnet" template: "%{hiera('$NETWORK_subnet')}"
params: params:
NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]} NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephMonNetwork]} ceph::profile::params::public_addr:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
ceph::profile::params::client_keys: ceph::profile::params::client_keys:
map_replace: map_replace:
- client.admin: - client.admin:

@ -70,7 +70,12 @@ outputs:
- tripleo::profile::base::ceph::rgw::rgw_key: {get_param: CephRgwKey} - tripleo::profile::base::ceph::rgw::rgw_key: {get_param: CephRgwKey}
tripleo::profile::base::ceph::rgw::keystone_admin_token: {get_param: AdminToken} tripleo::profile::base::ceph::rgw::keystone_admin_token: {get_param: AdminToken}
tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
tripleo::profile::base::ceph::rgw::civetweb_bind_ip: {get_param: [ServiceNetMap, CephRgwNetwork]} tripleo::profile::base::ceph::rgw::civetweb_bind_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CephRgwNetwork]}
tripleo::profile::base::ceph::rgw::civetweb_bind_port: {get_param: [EndpointMap, CephRgwInternal, port]} tripleo::profile::base::ceph::rgw::civetweb_bind_port: {get_param: [EndpointMap, CephRgwInternal, port]}
tripleo::profile::base::ceph::rgw::rgw_keystone_version: v3 tripleo::profile::base::ceph::rgw::rgw_keystone_version: v3
ceph::profile::params::rgw_keystone_admin_domain: default ceph::profile::params::rgw_keystone_admin_domain: default

@ -137,12 +137,18 @@ outputs:
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]} $NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS} cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS}
cinder::api::service_name: 'httpd' cinder::api::service_name: 'httpd'
# NOTE: bind IP is found in Heat replacing the network name with the local node IP # NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api): # for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
cinder::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]} cinder::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
-
cinder::wsgi::apache::servername: cinder::wsgi::apache::servername:
str_replace: str_replace:
template: template:

@ -155,12 +155,17 @@ outputs:
tripleo.cinder_volume.firewall_rules: tripleo.cinder_volume.firewall_rules:
'120 iscsi initiator': '120 iscsi initiator':
dport: 3260 dport: 3260
# NOTE: bind IP is found in Heat replacing the network name with the local node IP # NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api): # for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_param: [ServiceNetMap, CinderIscsiNetwork]} tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
service_config_settings: service_config_settings:
fluentd: fluentd:
tripleo_fluentd_groups_cinder_volume: tripleo_fluentd_groups_cinder_volume:

@ -110,7 +110,12 @@ outputs:
congress::rabbit_password: {get_param: RabbitPassword} congress::rabbit_password: {get_param: RabbitPassword}
congress::rabbit_use_ssl: {get_param: RabbitClientUseSSL} congress::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
congress::rabbit_port: {get_param: RabbitClientPort} congress::rabbit_port: {get_param: RabbitClientPort}
congress::server::bind_host: {get_param: [ServiceNetMap, CongressApiNetwork]} congress::server::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CongressApiNetwork]}
congress::keystone::authtoken::password: {get_param: CongressPassword} congress::keystone::authtoken::password: {get_param: CongressPassword}
congress::keystone::authtoken::project_name: 'service' congress::keystone::authtoken::project_name: 'service'

@ -86,13 +86,18 @@ outputs:
dport: 27018 dport: 27018
'103 mongod': '103 mongod':
dport: 27017 dport: 27017
# NOTE: bind IP is found in Heat replacing the network name with the # NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples # local node IP for the given network; replacement examples
# (eg. for internal_api): # (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
mongodb_bind_ip: {get_param: [ServiceNetMap, MongodbNetwork]} mongodb_bind_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]}
# NOTE: This now takes an array, so we need to fetch the IP from hiera, # NOTE: This now takes an array, so we need to fetch the IP from hiera,
# else Heat won't substitute the network name for the IP. # else Heat won't substitute the network name for the IP.
mongodb::server::bind_ip: mongodb::server::bind_ip:

@ -45,7 +45,12 @@ outputs:
value: value:
service_name: mysql_client service_name: mysql_client
config_settings: config_settings:
tripleo::profile::base::database::mysql::client::mysql_client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]} tripleo::profile::base::database::mysql::client::mysql_client_bind_address:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS} tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS}
tripleo::profile::base::database::mysql::client::ssl_ca: {get_param: InternalTLSCAFile} tripleo::profile::base::database::mysql::client::ssl_ca: {get_param: InternalTLSCAFile}
step_config: | step_config: |

@ -102,13 +102,18 @@ outputs:
- {get_param: [DefaultPasswords, mysql_root_password]} - {get_param: [DefaultPasswords, mysql_root_password]}
mysql_clustercheck_password: {get_param: MysqlClustercheckPassword} mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
enable_galera: {get_param: EnableGalera} enable_galera: {get_param: EnableGalera}
# NOTE: bind IP is found in Heat replacing the network name with the # NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples # local node IP for the given network; replacement examples
# (eg. for internal_api): # (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]} mysql_bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
tripleo::profile::base::database::mysql::bind_address: tripleo::profile::base::database::mysql::bind_address:
str_replace: str_replace:
template: template:
@ -116,7 +121,11 @@ outputs:
params: params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
tripleo::profile::base::database::mysql::client_bind_address: tripleo::profile::base::database::mysql::client_bind_address:
{get_param: [ServiceNetMap, MysqlNetwork]} str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
tripleo::profile::base::database::mysql::generate_dropin_file_limit: tripleo::profile::base::database::mysql::generate_dropin_file_limit:
{get_param: MysqlIncreaseFileLimit} {get_param: MysqlIncreaseFileLimit}
- if: - if:

@ -60,7 +60,7 @@ outputs:
redis::masterauth: {get_param: RedisPassword} redis::masterauth: {get_param: RedisPassword}
redis::sentinel_auth_pass: {get_param: RedisPassword} redis::sentinel_auth_pass: {get_param: RedisPassword}
redis_ipv6: {get_param: RedisIPv6} redis_ipv6: {get_param: RedisIPv6}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP # NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api): # for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
@ -74,7 +74,11 @@ outputs:
- redis_ipv6 - redis_ipv6
- '::1' - '::1'
- '127.0.0.1' - '127.0.0.1'
- {get_param: [ServiceNetMap, RedisNetwork]} - str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
redis::port: 6379 redis::port: 6379
redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}" redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}"
redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}" redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}"
@ -86,5 +90,9 @@ outputs:
- redis_ipv6 - redis_ipv6
- '::1' - '::1'
- '127.0.0.1' - '127.0.0.1'
- {get_param: [ServiceNetMap, RedisNetwork]} - str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
redis::ulimit: {get_param: RedisFDLimit} redis::ulimit: {get_param: RedisFDLimit}

@ -38,7 +38,11 @@ outputs:
service_name: docker_registry service_name: docker_registry
config_settings: config_settings:
tripleo::profile::base::docker_registry::registry_host: tripleo::profile::base::docker_registry::registry_host:
{get_param: [ServiceNetMap, DockerRegistryNetwork]} str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, DockerRegistryNetwork]}
tripleo::profile::base::docker_registry::registry_port: tripleo::profile::base::docker_registry::registry_port:
{get_param: [EndpointMap, DockerRegistryInternal, port]} {get_param: [EndpointMap, DockerRegistryInternal, port]}
tripleo.docker_registry.firewall_rules: tripleo.docker_registry.firewall_rules:

@ -159,14 +159,22 @@ outputs:
if: if:
- use_tls_proxy - use_tls_proxy
- tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_bind_ip: - tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_bind_ip:
get_param: [ServiceNetMap, Ec2ApiNetwork] str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_fqdn: tripleo::profile::base::nova::ec2api::ec2_api_tls_proxy_fqdn:
str_replace: str_replace:
template: "%{hiera('fqdn_$NETWORK')}" template: "%{hiera('fqdn_$NETWORK')}"
params: params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]} $NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_bind_ip: tripleo::profile::base::nova::ec2api::metadata_tls_proxy_bind_ip:
get_param: [ServiceNetMap, Ec2ApiMetadataNetwork] str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_fqdn: tripleo::profile::base::nova::ec2api::metadata_tls_proxy_fqdn:
str_replace: str_replace:
template: "%{hiera('fqdn_$NETWORK')}" template: "%{hiera('fqdn_$NETWORK')}"

@ -60,12 +60,17 @@ outputs:
"%{hiera('fqdn_$NETWORK')}" "%{hiera('fqdn_$NETWORK')}"
params: params:
$NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]} $NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP # NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api): # for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
tripleo::profile::base::etcd::bind_ip: {get_param: [ServiceNetMap, EtcdNetwork]} tripleo::profile::base::etcd::bind_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
tripleo::profile::base::etcd::client_port: '2379' tripleo::profile::base::etcd::client_port: '2379'
tripleo::profile::base::etcd::peer_port: '2380' tripleo::profile::base::etcd::peer_port: '2380'
etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken} etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken}

@ -237,14 +237,18 @@ outputs:
glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]} glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]}
glance::api::os_region_name: {get_param: KeystoneRegion} glance::api::os_region_name: {get_param: KeystoneRegion}
glance::api::image_member_quota: {get_param: GlanceImageMemberQuota} glance::api::image_member_quota: {get_param: GlanceImageMemberQuota}
# NOTE: bind IP is found in Heat replacing the network name with the # NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples # local node IP for the given network; replacement examples
# (eg. for internal_api): # (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
tripleo::profile::base::glance::api::tls_proxy_bind_ip: tripleo::profile::base::glance::api::tls_proxy_bind_ip:
get_param: [ServiceNetMap, GlanceApiNetwork] str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
tripleo::profile::base::glance::api::tls_proxy_fqdn: tripleo::profile::base::glance::api::tls_proxy_fqdn:
str_replace: str_replace:
template: template:
@ -259,7 +263,11 @@ outputs:
if: if:
- use_tls_proxy - use_tls_proxy
- 'localhost' - 'localhost'
- {get_param: [ServiceNetMap, GlanceApiNetwork]} - str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
glance_notifier_strategy: {get_param: GlanceNotifierStrategy} glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
glance_log_file: {get_param: GlanceLogFile} glance_log_file: {get_param: GlanceLogFile}
glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneV3Internal, uri] } glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneV3Internal, uri] }

@ -124,13 +124,18 @@ outputs:
$NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]} $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend} tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend}
tripleo::profile::base::gnocchi::api::incoming_storage_driver: {get_param: GnocchiIncomingStorageDriver} tripleo::profile::base::gnocchi::api::incoming_storage_driver: {get_param: GnocchiIncomingStorageDriver}
# NOTE: bind IP is found in Heat replacing the network name with the # NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples # local node IP for the given network; replacement examples
# (eg. for internal_api): # (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]} gnocchi::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
gnocchi::wsgi::apache::wsgi_process_display_name: 'gnocchi_wsgi' gnocchi::wsgi::apache::wsgi_process_display_name: 'gnocchi_wsgi'
step_config: | step_config: |
include ::tripleo::profile::base::gnocchi::api include ::tripleo::profile::base::gnocchi::api

@ -95,15 +95,25 @@ outputs:
dport: dport:
- 8000 - 8000
- 13800 - 13800
heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]} heat::api_cfn::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
heat::wsgi::apache_api_cfn::ssl: {get_param: EnableInternalTLS} heat::wsgi::apache_api_cfn::ssl: {get_param: EnableInternalTLS}
heat::api_cfn::service_name: 'httpd' heat::api_cfn::service_name: 'httpd'
# NOTE: bind IP is found in Heat replacing the network name with the local node IP # NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api): # for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
heat::wsgi::apache_api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiCfnNetwork]} heat::wsgi::apache_api_cfn::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HeatApiCfnNetwork]}
heat::wsgi::apache_api_cfn::servername: heat::wsgi::apache_api_cfn::servername:
str_replace: str_replace:
template: template:

@ -101,16 +101,26 @@ outputs:
dport: dport:
- 8004 - 8004
- 13004 - 13004
heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]} heat::api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]}
heat::wsgi::apache_api::ssl: {get_param: EnableInternalTLS} heat::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
heat::policy::policies: {get_param: HeatApiPolicies} heat::policy::policies: {get_param: HeatApiPolicies}
heat::api::service_name: 'httpd' heat::api::service_name: 'httpd'
# NOTE: bind IP is found in Heat replacing the network name with the local node IP # NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api): # for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
heat::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]} heat::wsgi::apache_api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]}
heat::wsgi::apache_api::servername: heat::wsgi::apache_api::servername:
str_replace: str_replace:
template: template:

@ -115,7 +115,12 @@ outputs:
horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
horizon::django_session_engine: 'django.contrib.sessions.backends.cache' horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
horizon::vhost_extra_params: {get_param: HorizonVhostExtraParams} horizon::vhost_extra_params: {get_param: HorizonVhostExtraParams}
horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]} horizon::bind_address:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
horizon::password_validator: {get_param: [HorizonPasswordValidator]} horizon::password_validator: {get_param: [HorizonPasswordValidator]}
horizon::password_validator_help: {get_param: [HorizonPasswordValidatorHelp]} horizon::password_validator_help: {get_param: [HorizonPasswordValidatorHelp]}

@ -90,19 +90,29 @@ outputs:
ironic::api::authtoken::username: 'ironic' ironic::api::authtoken::username: 'ironic'
ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
# NOTE: bind IP is found in Heat replacing the network name with the # NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples # local node IP for the given network; replacement examples
# (eg. for internal_api): # (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
ironic::api::host_ip: {get_param: [ServiceNetMap, IronicApiNetwork]} ironic::api::host_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]} ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
# This is used to build links in responses # This is used to build links in responses
ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
ironic::api::service_name: 'httpd' ironic::api::service_name: 'httpd'
ironic::policy::policies: {get_param: IronicApiPolicies} ironic::policy::policies: {get_param: IronicApiPolicies}
ironic::wsgi::apache::bind_host: {get_param: [ServiceNetMap, IronicApiNetwork]} ironic::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
ironic::wsgi::apache::port: {get_param: [EndpointMap, IronicInternal, port]} ironic::wsgi::apache::port: {get_param: [EndpointMap, IronicInternal, port]}
ironic::wsgi::apache::servername: ironic::wsgi::apache::servername:
str_replace: str_replace:

@ -207,7 +207,12 @@ outputs:
ironic::conductor::automated_clean: {get_param: IronicAutomatedClean} ironic::conductor::automated_clean: {get_param: IronicAutomatedClean}
ironic::conductor::enabled_hardware_types: {get_param: IronicEnabledHardwareTypes} ironic::conductor::enabled_hardware_types: {get_param: IronicEnabledHardwareTypes}
# We need an endpoint containing a real IP, not a VIP here # We need an endpoint containing a real IP, not a VIP here
ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]} ironic_conductor_http_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
ironic::conductor::http_url: ironic::conductor::http_url:
list_join: list_join:
- '' - ''
@ -216,14 +221,24 @@ outputs:
- {get_param: IronicIPXEPort} - {get_param: IronicIPXEPort}
ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled} ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled}
ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
# NOTE: bind IP is found in Heat replacing the network name with the # NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples # local node IP for the given network; replacement examples
# (eg. for internal_api): # (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
ironic::drivers::pxe::tftp_server: {get_param: [ServiceNetMap, IronicNetwork]} ironic::drivers::pxe::tftp_server:
ironic::pxe::tftp_bind_host: {get_param: [ServiceNetMap, IronicNetwork]} str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
ironic::pxe::tftp_bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
# NOTE(dtantsur): UEFI only works with iPXE currently for us # NOTE(dtantsur): UEFI only works with iPXE currently for us
ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template' ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi' ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
@ -256,7 +271,12 @@ outputs:
# glance and neutron endpoints, virtual console IP. We override # glance and neutron endpoints, virtual console IP. We override
# the TFTP server IP in ironic-conductor.yaml as it should not be # the TFTP server IP in ironic-conductor.yaml as it should not be
# the VIP, but rather a real IP of the host. # the VIP, but rather a real IP of the host.
ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]} ironic::my_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
ironic::pxe::common::http_port: {get_param: IronicIPXEPort} ironic::pxe::common::http_port: {get_param: IronicIPXEPort}
# Credentials to access other services # Credentials to access other services
ironic::cinder::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} ironic::cinder::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}

@ -113,8 +113,18 @@ outputs:
monitoring_subscription: {get_param: MonitoringSubscriptionIronicInspector} monitoring_subscription: {get_param: MonitoringSubscriptionIronicInspector}
config_settings: config_settings:
map_merge: map_merge:
- ironic::inspector::listen_address: {get_param: [ServiceNetMap, IronicInspectorNetwork]} - ironic::inspector::listen_address:
ironic::inspector::dnsmasq_local_ip: {get_param: [ServiceNetMap, IronicInspectorNetwork]} str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
ironic::inspector::dnsmasq_local_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
ironic::inspector::dnsmasq_ip_range: {get_param: IronicInspectorIpRange} ironic::inspector::dnsmasq_ip_range: {get_param: IronicInspectorIpRange}
ironic::inspector::dnsmasq_interface: {get_param: IronicInspectorInterface} ironic::inspector::dnsmasq_interface: {get_param: IronicInspectorInterface}
ironic::inspector::debug: {get_param: Debug} ironic::inspector::debug: {get_param: Debug}

@ -424,15 +424,25 @@ outputs:
"%{hiera('fqdn_$NETWORK')}" "%{hiera('fqdn_$NETWORK')}"
params: params:
$NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} $NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the # NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples # local node IP for the given network; replacement examples
# (eg. for internal_api): # (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
# NOTE: this applies to all 2 bind IP settings below... # NOTE: this applies to all 2 bind IP settings below...
keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} keystone::wsgi::apache::bind_host:
keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
keystone::wsgi::apache::admin_bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
keystone::cron::token_flush::ensure: {get_param: KeystoneCronTokenFlushEnsure} keystone::cron::token_flush::ensure: {get_param: KeystoneCronTokenFlushEnsure}
keystone::cron::token_flush::minute: {get_param: KeystoneCronTokenFlushMinute} keystone::cron::token_flush::minute: {get_param: KeystoneCronTokenFlushMinute}
keystone::cron::token_flush::hour: {get_param: KeystoneCronTokenFlushHour} keystone::cron::token_flush::hour: {get_param: KeystoneCronTokenFlushHour}

@ -73,13 +73,18 @@ outputs:
dport: dport:
- 8786 - 8786
- 13786 - 13786
# NOTE: bind IP is found in Heat replacing the network name with the # NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples # local node IP for the given network; replacement examples
# (eg. for internal_api): # (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
manila::api::bind_host: {get_param: [ServiceNetMap, ManilaApiNetwork]} manila::api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ManilaApiNetwork]}
manila::api::enable_proxy_headers_parsing: true manila::api::enable_proxy_headers_parsing: true
manila::api::default_share_type: 'default' manila::api::default_share_type: 'default'
step_config: | step_config: |

@ -64,12 +64,17 @@ outputs:
service_name: memcached service_name: memcached
monitoring_subscription: {get_param: MonitoringSubscriptionMemcached} monitoring_subscription: {get_param: MonitoringSubscriptionMemcached}
config_settings: config_settings:
# NOTE: bind IP is found in Heat replacing the network name with the local node IP # NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api): # for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
memcached::listen_ip: {get_param: [ServiceNetMap, MemcachedNetwork]} memcached::listen_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]}
memcached::max_memory: {get_param: MemcachedMaxMemory} memcached::max_memory: {get_param: MemcachedMaxMemory}
memcached::verbosity: memcached::verbosity:
list_join: list_join:

@ -75,7 +75,12 @@ outputs:
map_merge: map_merge:
- get_attr: [MistralBase, role_data, config_settings] - get_attr: [MistralBase, role_data, config_settings]
- mistral::api::api_workers: {get_param: MistralWorkers} - mistral::api::api_workers: {get_param: MistralWorkers}
mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]} mistral::api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
mistral::wsgi::apache::ssl: {get_param: EnableInternalTLS} mistral::wsgi::apache::ssl: {get_param: EnableInternalTLS}
mistral::policy::policies: {get_param: MistralApiPolicies} mistral::policy::policies: {get_param: MistralApiPolicies}
tripleo.mistral_api.firewall_rules: tripleo.mistral_api.firewall_rules:
@ -84,7 +89,12 @@ outputs:
- 8989 - 8989
- 13989 - 13989
mistral::api::service_name: 'httpd' mistral::api::service_name: 'httpd'
mistral::wsgi::apache::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]} mistral::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
mistral::wsgi::apache::servername: mistral::wsgi::apache::servername:
str_replace: str_replace:
template: template:

@ -180,13 +180,17 @@ outputs:
- 13696 - 13696
neutron::server::router_distributed: {get_param: NeutronEnableDVR} neutron::server::router_distributed: {get_param: NeutronEnableDVR}
neutron::server::enable_dvr: {get_param: NeutronEnableDVR} neutron::server::enable_dvr: {get_param: NeutronEnableDVR}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP # NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api): # for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
tripleo::profile::base::neutron::server::tls_proxy_bind_ip: tripleo::profile::base::neutron::server::tls_proxy_bind_ip:
get_param: [ServiceNetMap, NeutronApiNetwork] str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
tripleo::profile::base::neutron::server::tls_proxy_fqdn: tripleo::profile::base::neutron::server::tls_proxy_fqdn:
str_replace: str_replace:
template: template:
@ -201,7 +205,11 @@ outputs:
if: if:
- use_tls_proxy - use_tls_proxy
- 'localhost' - 'localhost'
- {get_param: [ServiceNetMap, NeutronApiNetwork]} - str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA} tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA}
- -
if: if:

@ -76,7 +76,12 @@ outputs:
- neutron::agents::ml2::linuxbridge::physical_interface_mappings: {get_param: PhysicalInterfaceMapping} - neutron::agents::ml2::linuxbridge::physical_interface_mappings: {get_param: PhysicalInterfaceMapping}
neutron::agents::ml2::linuxbridge::l2_population: {get_param: NeutronEnableL2Pop} neutron::agents::ml2::linuxbridge::l2_population: {get_param: NeutronEnableL2Pop}
neutron::agents::ml2::linuxbridge::tunnel_types: {get_param: NeutronTunnelTypes} neutron::agents::ml2::linuxbridge::tunnel_types: {get_param: NeutronTunnelTypes}
neutron::agents::ml2::linuxbridge::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} neutron::agents::ml2::linuxbridge::local_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.BridgeInterfaceDriver' neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.BridgeInterfaceDriver'
neutron::agents::dhcp::dhcp_driver: 'neutron.agent.linux.dhcp.Dnsmasq' neutron::agents::dhcp::dhcp_driver: 'neutron.agent.linux.dhcp.Dnsmasq'
- -

@ -142,13 +142,18 @@ outputs:
neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder} neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder}
neutron::agents::ml2::ovs::tunnel_types: {get_param: NeutronTunnelTypes} neutron::agents::ml2::ovs::tunnel_types: {get_param: NeutronTunnelTypes}
neutron::agents::ml2::ovs::extensions: {get_param: NeutronAgentExtensions} neutron::agents::ml2::ovs::extensions: {get_param: NeutronAgentExtensions}
# NOTE: bind IP is found in Heat replacing the network name with the # NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples # local node IP for the given network; replacement examples
# (eg. for internal_api): # (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} neutron::agents::ml2::ovs::local_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
tripleo.neutron_ovs_agent.firewall_rules: tripleo.neutron_ovs_agent.firewall_rules:
'118 neutron vxlan networks': '118 neutron vxlan networks':
proto: 'udp' proto: 'udp'

@ -142,12 +142,17 @@ outputs:
nova_wsgi_enabled: true nova_wsgi_enabled: true
nova::api::service_name: 'httpd' nova::api::service_name: 'httpd'
nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS} nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP # NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api): # for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} nova::wsgi::apache_api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::wsgi::apache_api::servername: nova::wsgi::apache_api::servername:
str_replace: str_replace:
template: template:

@ -161,7 +161,12 @@ outputs:
service_name: nova_base service_name: nova_base
config_settings: config_settings:
map_merge: map_merge:
- nova::my_ip: {get_param: [ServiceNetMap, NovaApiNetwork]} - nova::my_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::rabbit_password: {get_param: RabbitPassword} nova::rabbit_password: {get_param: RabbitPassword}
nova::rabbit_userid: {get_param: RabbitUserName} nova::rabbit_userid: {get_param: RabbitUserName}
nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL}

@ -217,13 +217,18 @@ outputs:
# mode. # mode.
nova::migration::live_migration_tunnelled: {get_param: NovaEnableRbdBackend} nova::migration::live_migration_tunnelled: {get_param: NovaEnableRbdBackend}
nova::compute::neutron::libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver} nova::compute::neutron::libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver}
# NOTE: bind IP is found in Heat replacing the network name with the # NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples # local node IP for the given network; replacement examples
# (eg. for internal_api): # (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
nova::compute::vncserver_proxyclient_address: {get_param: [ServiceNetMap, NovaVncProxyNetwork]} nova::compute::vncserver_proxyclient_address:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaVncProxyNetwork]}
nova::compute::vncproxy_host: {get_param: [EndpointMap, NovaPublic, host_nobrackets]} nova::compute::vncproxy_host: {get_param: [EndpointMap, NovaPublic, host_nobrackets]}
nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]} nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]} nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]}

@ -209,7 +209,12 @@ outputs:
nova::compute::libvirt::qemu::configure_qemu: true nova::compute::libvirt::qemu::configure_qemu: true
nova::compute::libvirt::qemu::max_files: 32768 nova::compute::libvirt::qemu::max_files: 32768
nova::compute::libvirt::qemu::max_processes: 131072 nova::compute::libvirt::qemu::max_processes: 131072
nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} nova::compute::libvirt::vncserver_listen:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
rbd_persistent_storage: {get_param: CinderEnableRbdBackend} rbd_persistent_storage: {get_param: CinderEnableRbdBackend}
tripleo.nova_libvirt.firewall_rules: tripleo.nova_libvirt.firewall_rules:
'200 nova_libvirt': '200 nova_libvirt':
@ -226,7 +231,11 @@ outputs:
tripleo::profile::base::nova::migration::client::libvirt_tls: true tripleo::profile::base::nova::migration::client::libvirt_tls: true
tripleo::profile::base::nova::libvirt::tls_password: {get_param: [LibvirtTLSPassword]} tripleo::profile::base::nova::libvirt::tls_password: {get_param: [LibvirtTLSPassword]}
nova::migration::libvirt::listen_address: nova::migration::libvirt::listen_address:
get_param: [ServiceNetMap, NovaLibvirtNetwork] str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
nova::migration::libvirt::live_migration_inbound_addr: nova::migration::libvirt::live_migration_inbound_addr:
str_replace: str_replace:
template: template:

@ -66,7 +66,11 @@ outputs:
if: if:
- use_tls_proxy - use_tls_proxy
- 'localhost' - 'localhost'
- {get_param: [ServiceNetMap, NovaMetadataNetwork]} - str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
- -
if: if:
- nova_workers_zero - nova_workers_zero
@ -76,7 +80,11 @@ outputs:
if: if:
- use_tls_proxy - use_tls_proxy
- tripleo::profile::base::nova::api::metadata_tls_proxy_bind_ip: - tripleo::profile::base::nova::api::metadata_tls_proxy_bind_ip:
get_param: [ServiceNetMap, NovaMetadataNetwork] str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
tripleo::profile::base::nova::api::metadata_tls_proxy_fqdn: tripleo::profile::base::nova::api::metadata_tls_proxy_fqdn:
str_replace: str_replace:
template: template:

@ -56,13 +56,23 @@ outputs:
- "%{hiera('cold_migration_ssh_inbound_addr')}" - "%{hiera('cold_migration_ssh_inbound_addr')}"
- "%{hiera('live_migration_ssh_inbound_addr')}" - "%{hiera('live_migration_ssh_inbound_addr')}"
live_migration_ssh_inbound_addr: live_migration_ssh_inbound_addr:
get_param: str_replace:
- ServiceNetMap template:
- str_replace: "%{hiera('$NETWORK')}"
template: "ROLENAMEHostnameResolveNetwork" params:
params: $NETWORK:
ROLENAME: {get_param: RoleName} get_param:
cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaApiNetwork]} - ServiceNetMap
- str_replace:
template: "ROLENAMEHostnameResolveNetwork"
params:
ROLENAME: {get_param: RoleName}
cold_migration_ssh_inbound_addr:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
tripleo::profile::base::sshd::port: tripleo::profile::base::sshd::port:
- 22 - 22
- {get_param: MigrationSshPort} - {get_param: MigrationSshPort}

@ -100,12 +100,17 @@ outputs:
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
nova::wsgi::apache_placement::api_port: '8778' nova::wsgi::apache_placement::api_port: '8778'
nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS} nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP # NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api): # for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
nova::wsgi::apache_placement::bind_host: {get_param: [ServiceNetMap, NovaPlacementNetwork]} nova::wsgi::apache_placement::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaPlacementNetwork]}
nova::wsgi::apache_placement::servername: nova::wsgi::apache_placement::servername:
str_replace: str_replace:
template: template:

@ -115,12 +115,17 @@ outputs:
nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]} nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]} nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]}
nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]} nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP # NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api): # for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
nova::vncproxy::host: {get_param: [ServiceNetMap, NovaApiNetwork]} nova::vncproxy::host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
tripleo.nova_vnc_proxy.firewall_rules: tripleo.nova_vnc_proxy.firewall_rules:
'137 nova_vnc_proxy': '137 nova_vnc_proxy':
dport: dport:

@ -95,7 +95,12 @@ outputs:
dport: dport:
- 9876 - 9876
- 13876 - 13876
octavia::api::host: {get_param: [ServiceNetMap, OctaviaApiNetwork]} octavia::api::host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
step_config: | step_config: |
include tripleo::profile::base::octavia::api include tripleo::profile::base::octavia::api
service_config_settings: service_config_settings:

@ -125,7 +125,12 @@ outputs:
opendaylight::username: {get_param: OpenDaylightUsername} opendaylight::username: {get_param: OpenDaylightUsername}
opendaylight::password: {get_param: OpenDaylightPassword} opendaylight::password: {get_param: OpenDaylightPassword}
opendaylight::extra_features: {get_param: OpenDaylightFeatures} opendaylight::extra_features: {get_param: OpenDaylightFeatures}
opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]} opendaylight::odl_bind_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
opendaylight::manage_repositories: {get_param: OpenDaylightManageRepositories} opendaylight::manage_repositories: {get_param: OpenDaylightManageRepositories}
tripleo.opendaylight_api.firewall_rules: tripleo.opendaylight_api.firewall_rules:
'137 opendaylight api': '137 opendaylight api':

@ -188,7 +188,12 @@ outputs:
neutron::plugins::ovs::opendaylight::odl_username: {get_param: OpenDaylightUsername} neutron::plugins::ovs::opendaylight::odl_username: {get_param: OpenDaylightUsername}
neutron::plugins::ovs::opendaylight::odl_password: {get_param: OpenDaylightPassword} neutron::plugins::ovs::opendaylight::odl_password: {get_param: OpenDaylightPassword}
opendaylight_check_url: {get_param: OpenDaylightCheckURL} opendaylight_check_url: {get_param: OpenDaylightCheckURL}
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} neutron::agents::ml2::ovs::local_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
tripleo.opendaylight_ovs.firewall_rules: tripleo.opendaylight_ovs.firewall_rules:
'118 neutron vxlan networks': '118 neutron vxlan networks':
proto: 'udp' proto: 'udp'

@ -106,7 +106,12 @@ outputs:
- get_attr: [RoleParametersValue, value] - get_attr: [RoleParametersValue, value]
- ovn::southbound::port: {get_param: OVNSouthboundServerPort} - ovn::southbound::port: {get_param: OVNSouthboundServerPort}
ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType} ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType}
ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} ovn::controller::ovn_encap_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
ovn::controller::ovn_bridge: {get_param: OVNIntegrationBridge} ovn::controller::ovn_bridge: {get_param: OVNIntegrationBridge}
nova::compute::force_config_drive: {if: [force_config_drive, true, false]} nova::compute::force_config_drive: {if: [force_config_drive, true, false]}
tripleo.ovn_controller.firewall_rules: tripleo.ovn_controller.firewall_rules:

@ -47,7 +47,12 @@ outputs:
config_settings: config_settings:
ovn::northbound::port: {get_param: OVNNorthboundServerPort} ovn::northbound::port: {get_param: OVNNorthboundServerPort}
ovn::southbound::port: {get_param: OVNSouthboundServerPort} ovn::southbound::port: {get_param: OVNSouthboundServerPort}
ovn::northd::dbs_listen_ip: {get_param: [ServiceNetMap, OvnDbsNetwork]} ovn::northd::dbs_listen_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
tripleo::haproxy::ovn_dbs_manage_lb: true tripleo::haproxy::ovn_dbs_manage_lb: true
tripleo.ovn_dbs.firewall_rules: tripleo.ovn_dbs.firewall_rules:
'121 OVN DB server ports': '121 OVN DB server ports':

@ -63,14 +63,18 @@ outputs:
"%{hiera('fqdn_$NETWORK')}" "%{hiera('fqdn_$NETWORK')}"
params: params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the # NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples # local node IP for the given network; replacement examples
# (eg. for internal_api): # (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
tripleo::profile::pacemaker::database::mysql::gmcast_listen_addr: tripleo::profile::pacemaker::database::mysql::gmcast_listen_addr:
get_param: [ServiceNetMap, MysqlNetwork] str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
tripleo::profile::pacemaker::database::mysql::ca_file: tripleo::profile::pacemaker::database::mysql::ca_file:
get_param: InternalTLSCAFile get_param: InternalTLSCAFile
step_config: | step_config: |

@ -65,7 +65,11 @@ outputs:
redis::notify_service: false redis::notify_service: false
redis::managed_by_cluster_manager: true redis::managed_by_cluster_manager: true
tripleo::profile::pacemaker::database::redis::tls_proxy_bind_ip: tripleo::profile::pacemaker::database::redis::tls_proxy_bind_ip:
get_param: [ServiceNetMap, RedisNetwork] str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
tripleo::profile::pacemaker::database::redis::tls_proxy_fqdn: tripleo::profile::pacemaker::database::redis::tls_proxy_fqdn:
str_replace: str_replace:
template: template:

@ -103,13 +103,18 @@ outputs:
"%{hiera('fqdn_$NETWORK')}" "%{hiera('fqdn_$NETWORK')}"
params: params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the # NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples # local node IP for the given network; replacement examples
# (eg. for internal_api): # (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
panko::wsgi::apache::bind_host: {get_param: [ServiceNetMap, PankoApiNetwork]} panko::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
service_config_settings: service_config_settings:
get_attr: [PankoBase, role_data, service_config_settings] get_attr: [PankoBase, role_data, service_config_settings]
step_config: | step_config: |

@ -61,7 +61,12 @@ outputs:
'109 qdr': '109 qdr':
dport: dport:
- {get_param: RabbitClientPort} - {get_param: RabbitClientPort}
qdr::listener_addr: {get_param: [ServiceNetMap, QdrNetwork]} qdr::listener_addr:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, QdrNetwork]}
# cannot pass qdr::listener_port directly because it needs to be a string # cannot pass qdr::listener_port directly because it needs to be a string
# we do the conversion in the puppet layer # we do the conversion in the puppet layer
tripleo::profile::base::qdr::qdr_listener_port: {get_param: RabbitClientPort} tripleo::profile::base::qdr::qdr_listener_port: {get_param: RabbitClientPort}

@ -120,20 +120,30 @@ outputs:
passwords: passwords:
- {get_param: RabbitCookie} - {get_param: RabbitCookie}
- {get_param: [DefaultPasswords, rabbit_cookie]} - {get_param: [DefaultPasswords, rabbit_cookie]}
# NOTE: bind IP is found in Heat replacing the network name with the # NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples # local node IP for the given network; replacement examples
# (eg. for internal_api): # (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
rabbitmq::interface: {get_param: [ServiceNetMap, RabbitmqNetwork]} rabbitmq::interface:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues} rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues}
rabbitmq::ssl: {get_param: EnableInternalTLS} rabbitmq::ssl: {get_param: EnableInternalTLS}
rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS} rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
rabbitmq::ssl_port: 5672 rabbitmq::ssl_port: 5672
rabbitmq::ssl_depth: 1 rabbitmq::ssl_depth: 1
rabbitmq::ssl_only: {get_param: EnableInternalTLS} rabbitmq::ssl_only: {get_param: EnableInternalTLS}
rabbitmq::ssl_interface: {get_param: [ServiceNetMap, RabbitmqNetwork]} rabbitmq::ssl_interface:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
# TODO(jaosorior): Remove this once we set a proper default in # TODO(jaosorior): Remove this once we set a proper default in
# puppet-tripleo # puppet-tripleo
tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS} tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}

@ -80,12 +80,17 @@ outputs:
- sahara::port: {get_param: [EndpointMap, SaharaInternal, port]} - sahara::port: {get_param: [EndpointMap, SaharaInternal, port]}
sahara::policy::policies: {get_param: SaharaApiPolicies} sahara::policy::policies: {get_param: SaharaApiPolicies}
sahara::service::api::api_workers: {get_param: SaharaWorkers} sahara::service::api::api_workers: {get_param: SaharaWorkers}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP # NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api): # for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
sahara::host: {get_param: [ServiceNetMap, SaharaApiNetwork]} sahara::host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, SaharaApiNetwork]}
tripleo.sahara_api.firewall_rules: tripleo.sahara_api.firewall_rules:
'132 sahara': '132 sahara':
dport: dport:

@ -207,14 +207,18 @@ outputs:
- 'proxy-logging' - 'proxy-logging'
- 'proxy-server' - 'proxy-server'
swift::proxy::account_autocreate: true swift::proxy::account_autocreate: true
# NOTE: bind IP is found in Heat replacing the network name with the # NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples # local node IP for the given network; replacement examples
# (eg. for internal_api): # (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
tripleo::profile::base::swift::proxy::tls_proxy_bind_ip: tripleo::profile::base::swift::proxy::tls_proxy_bind_ip:
get_param: [ServiceNetMap, SwiftProxyNetwork] str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
tripleo::profile::base::swift::proxy::tls_proxy_fqdn: tripleo::profile::base::swift::proxy::tls_proxy_fqdn:
str_replace: str_replace:
template: template:
@ -228,7 +232,11 @@ outputs:
if: if:
- use_tls_proxy - use_tls_proxy
- 'localhost' - 'localhost'
- {get_param: [ServiceNetMap, SwiftProxyNetwork]} - str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
step_config: | step_config: |
include ::tripleo::profile::base::swift::proxy include ::tripleo::profile::base::swift::proxy
service_config_settings: service_config_settings:

@ -130,7 +130,12 @@ outputs:
- healthcheck - healthcheck
- account-server - account-server
swift::storage::disks::args: {get_param: SwiftRawDisks} swift::storage::disks::args: {get_param: SwiftRawDisks}
swift::storage::all::storage_local_net_ip: {get_param: [ServiceNetMap, SwiftStorageNetwork]} swift::storage::all::storage_local_net_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, SwiftStorageNetwork]}
swift::storage::all::account_server_workers: {get_param: SwiftAccountWorkers} swift::storage::all::account_server_workers: {get_param: SwiftAccountWorkers}
swift::storage::all::container_server_workers: {get_param: SwiftContainerWorkers} swift::storage::all::container_server_workers: {get_param: SwiftContainerWorkers}
swift::storage::all::object_server_workers: {get_param: SwiftObjectWorkers} swift::storage::all::object_server_workers: {get_param: SwiftObjectWorkers}

@ -111,7 +111,12 @@ outputs:
tacker::rabbit_password: {get_param: RabbitPassword} tacker::rabbit_password: {get_param: RabbitPassword}
tacker::rabbit_use_ssl: {get_param: RabbitClientUseSSL} tacker::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
tacker::rabbit_port: {get_param: RabbitClientPort} tacker::rabbit_port: {get_param: RabbitClientPort}
tacker::server::bind_host: {get_param: [ServiceNetMap, TackerApiNetwork]} tacker::server::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, TackerApiNetwork]}
tacker::keystone::authtoken::project_name: 'service' tacker::keystone::authtoken::project_name: 'service'
tacker::keystone::authtoken::user_domain_name: 'Default' tacker::keystone::authtoken::user_domain_name: 'Default'

@ -112,10 +112,25 @@ outputs:
- {get_param: Debug } - {get_param: Debug }
- {get_param: ZaqarDebug } - {get_param: ZaqarDebug }
zaqar::server::service_name: 'httpd' zaqar::server::service_name: 'httpd'
zaqar::transport::websocket::bind: {get_param: [ServiceNetMap, ZaqarApiNetwork]} zaqar::transport::websocket::bind:
zaqar::transport::websocket::notification_bind: {get_param: [ServiceNetMap, ZaqarApiNetwork]} str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
zaqar::transport::websocket::notification_bind:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS} zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS}
zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]} zaqar::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
zaqar::message_pipeline: 'zaqar.notification.notifier' zaqar::message_pipeline: 'zaqar.notification.notifier'
zaqar::max_messages_post_size: 1048576 zaqar::max_messages_post_size: 1048576
zaqar::unreliable: true zaqar::unreliable: true

@ -0,0 +1,9 @@
---
upgrade:
- |
Per-service config_settings should now use hiera interpolation to set
the bind IP for services, e.g "%{hiera('internal_api')}" whereas prior
to this release we replaced e.g internal_api for the IP address internally.
The network name can still be derived from the ServiceNetMap - all the
in-tree templates have been converted to the new format, but any out
of tree templates may require similar adjustment.