Switch to Queens OpenStack release
Change-Id: Ieda0b6445480facd98be9851e7559d46849b9ce2
diff --git a/classes/cluster/virtual-mcp11-aio-barbican/.env b/classes/cluster/virtual-mcp11-aio-barbican/.env
new file mode 100644
index 0000000..033df11
--- /dev/null
+++ b/classes/cluster/virtual-mcp11-aio-barbican/.env
@@ -0,0 +1 @@
+FORMULAS_SALT_MASTER+=(java openssh ntp nginx collectd sensu heka sphinx mysql galera grafana libvirt rsyslog glusterfs postfix xtrabackup freeipa prometheus telegraf elasticsearch kibana rundeck devops-portal libvirt rsyslog memcached rabbitmq apache keystone glance nova neutron cinder heat horizon ironic tftpd-hpa bind powerdns designate barbican iptables manila runtest artifactory logrotate)
diff --git a/classes/cluster/virtual-mcp11-aio-barbican/infra/config.yml b/classes/cluster/virtual-mcp11-aio-barbican/infra/config.yml
new file mode 100644
index 0000000..199e9d8
--- /dev/null
+++ b/classes/cluster/virtual-mcp11-aio-barbican/infra/config.yml
@@ -0,0 +1,3 @@
+classes:
+- cluster.virtual-mcp11-aio-barbican
+- cluster.virtual-mcp11-aio.infra.config
diff --git a/classes/cluster/virtual-mcp11-aio-barbican/infra/init.yml b/classes/cluster/virtual-mcp11-aio-barbican/infra/init.yml
new file mode 100644
index 0000000..219ed8d
--- /dev/null
+++ b/classes/cluster/virtual-mcp11-aio-barbican/infra/init.yml
@@ -0,0 +1,2 @@
+classes:
+ - cluster.virtual-mcp11-aio.infra
diff --git a/classes/cluster/virtual-mcp11-aio-barbican/init.yml b/classes/cluster/virtual-mcp11-aio-barbican/init.yml
new file mode 100755
index 0000000..b1cb0a4
--- /dev/null
+++ b/classes/cluster/virtual-mcp11-aio-barbican/init.yml
@@ -0,0 +1,5 @@
+classes:
+- cluster.virtual-mcp11-aio-barbican.infra
+- cluster.virtual-mcp11-aio-barbican.openstack
+- cluster.virtual-mcp11-aio
+- cluster.overrides
diff --git a/classes/cluster/virtual-mcp11-aio-barbican/openstack/init.yml b/classes/cluster/virtual-mcp11-aio-barbican/openstack/init.yml
new file mode 100755
index 0000000..e4503f8
--- /dev/null
+++ b/classes/cluster/virtual-mcp11-aio-barbican/openstack/init.yml
@@ -0,0 +1,40 @@
+classes:
+- system.galera.server.database.barbican
+- system.keystone.client.service.barbican
+- system.barbican.server.single
+- service.barbican.server.plugin.simple_crypto
+- cluster.virtual-mcp11-aio.openstack
+parameters:
+ _param:
+ keystone_barbican_password: workshop
+ barbican_service_host: ${_param:single_address}
+ mysql_barbican_password: workshop
+ barbican_simple_crypto_kek: YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=
+ barbican_integration_enabled: true
+ barbican:
+ server:
+ enabled: true
+ dogtag_admin_cert:
+ engine: mine
+ minion: ${linux:network:fqdn}
+ ks_notifications_enable: True
+ store:
+ software:
+ crypto_plugin: simple_crypto
+ store_plugin: store_crypto
+ global_default: True
+ nova:
+ compute:
+ barbican:
+ enabled: ${_param:barbican_integration_enabled}
+ controller:
+ barbican:
+ enabled: ${_param:barbican_integration_enabled}
+ cinder:
+ controller:
+ barbican:
+ enabled: ${_param:barbican_integration_enabled}
+ glance:
+ server:
+ barbican:
+ enabled: ${_param:barbican_integration_enabled}
diff --git a/classes/cluster/virtual-mcp11-aio-ironic/.env b/classes/cluster/virtual-mcp11-aio-ironic/.env
new file mode 100644
index 0000000..5875c35
--- /dev/null
+++ b/classes/cluster/virtual-mcp11-aio-ironic/.env
@@ -0,0 +1 @@
+FORMULAS_SALT_MASTER+=(java openssh ntp nginx collectd sensu heka sphinx mysql galera grafana libvirt rsyslog glusterfs postfix xtrabackup freeipa prometheus telegraf elasticsearch kibana rundeck devops-portal libvirt rsyslog memcached rabbitmq apache keystone glance nova neutron cinder heat horizon ironic bind powerdns designate iptables runtest artifactory tftpd-hpa baremetal-simulator logrotate)
\ No newline at end of file
diff --git a/classes/cluster/virtual-mcp11-aio-ironic/infra/config.yml b/classes/cluster/virtual-mcp11-aio-ironic/infra/config.yml
new file mode 100644
index 0000000..3044dc2
--- /dev/null
+++ b/classes/cluster/virtual-mcp11-aio-ironic/infra/config.yml
@@ -0,0 +1,3 @@
+classes:
+- cluster.virtual-mcp11-aio-ironic
+- cluster.virtual-mcp11-aio.infra.config
diff --git a/classes/cluster/virtual-mcp11-aio-ironic/infra/init.yml b/classes/cluster/virtual-mcp11-aio-ironic/infra/init.yml
new file mode 100644
index 0000000..219ed8d
--- /dev/null
+++ b/classes/cluster/virtual-mcp11-aio-ironic/infra/init.yml
@@ -0,0 +1,2 @@
+classes:
+ - cluster.virtual-mcp11-aio.infra
diff --git a/classes/cluster/virtual-mcp11-aio-ironic/init.yml b/classes/cluster/virtual-mcp11-aio-ironic/init.yml
new file mode 100755
index 0000000..448fe80
--- /dev/null
+++ b/classes/cluster/virtual-mcp11-aio-ironic/init.yml
@@ -0,0 +1,5 @@
+classes:
+- cluster.virtual-mcp11-aio
+- cluster.virtual-mcp11-aio-ironic.infra
+- cluster.virtual-mcp11-aio-ironic.openstack
+- cluster.overrides
diff --git a/classes/cluster/virtual-mcp11-aio-ironic/openstack/init.yml b/classes/cluster/virtual-mcp11-aio-ironic/openstack/init.yml
new file mode 100755
index 0000000..60611af
--- /dev/null
+++ b/classes/cluster/virtual-mcp11-aio-ironic/openstack/init.yml
@@ -0,0 +1,151 @@
+classes:
+- cluster.virtual-mcp11-aio.openstack
+- system.galera.server.database.ironic
+- system.keystone.client.service.ironic
+- system.nova.compute_ironic.single
+- system.neutron.gateway.ironic
+- system.neutron.client.service.ironic
+- system.ironic.api.single
+- system.ironic.tftpd_hpa
+- system.ironic.conductor.single
+- system.apache.server.site.ironic
+- service.ironic.client
+- service.baremetal_simulator.simulator
+- service.baremetal_simulator.nodes_flat
+- service.baremetal_simulator.network.ovs
+- system.salt.master.formula.pkg.baremetal
+- system.neutron.gateway.ironic
+- system.nova.compute_ironic.single
+parameters:
+ _param:
+ interface_mtu: 1450
+ cluster_internal_protocol: http
+ cluster_public_protocol: http
+ baremetal_interface: ens7
+ baremetal_gateway_ip: 192.168.90.1
+ ironic_version: ${_param:openstack_version}
+ ironic_service_protocol: ${_param:cluster_internal_protocol}
+ ironic_api_type: 'public'
+ cluster_baremetal_local_address: ${_param:single_baremetal_address}
+ openstack_baremetal_node01_address: ${_param:single_address}
+ single_baremetal_address: ${_param:openstack_baremetal_node01_baremetal_address}
+ openstack_baremetal_node01_baremetal_address: 192.168.90.11
+ openstack_baremetal_node01_hostname: cfg01
+ openstack_baremetal_address: 192.168.90.10
+ keystone_ironic_password: workshop
+ ironic_service_host: ${_param:single_address}
+ mysql_ironic_password: workshop
+ openstack_baremeta_neutron_subnet_cidr: 192.168.90.0/24
+ openstack_baremeta_neutron_subnet_allocation_start: 192.168.90.100
+ openstack_baremeta_neutron_subnet_allocation_end: 192.168.90.150
+ ironic:
+ api:
+ bind:
+ address: 0.0.0.0
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ conductor:
+ api_url: http://${_param:single_baremetal_address}:6385
+ http_url: http://${_param:single_baremetal_address}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ enabled_drivers:
+ - pxe_ipmitool
+ identity:
+ engine: keystone
+ region: RegionOne
+ host: ${_param:single_address}
+ port: 35357
+ user: ironic
+ password: ${_param:keystone_ironic_password}
+ tenant: service
+ auth_type: password
+ user_domain_id: default
+ project_domain_id: default
+ protocol: ${_param:cluster_internal_protocol}
+ neutron:
+ auth_strategy: keystone
+ auth_type: password
+ cleaning_network: baremetal-flat-network
+ provisioning_network: baremetal-flat-network
+ project_domain_id: ${ironic:conductor:identity:project_domain_id}
+ user_domain_id: ${ironic:conductor:identity:user_domain_id}
+ project_name: ${ironic:conductor:identity:tenant}
+ password: ${ironic:conductor:identity:password}
+ username: ${ironic:conductor:identity:user}
+ url: http://${_param:neutron_service_host}:9696
+ project_name: service
+ glance:
+ auth_strategy: 'keystone'
+ auth_type: password
+ host: ${_param:cluster_vip_address}
+ port: 9292
+ region: ${_param:openstack_region}
+ username: glance
+ tenant: service
+ project_name: service
+ project_domain_id: ${ironic:conductor:identity:project_domain_id}
+ user_domain_id: ${ironic:conductor:identity:user_domain_id}
+ password: ${_param:keystone_glance_password}
+ nova:
+ controller:
+ compute_driver: ironic.IronicDriver
+ ironic:
+ protocol: ${_param:cluster_internal_protocol}
+ host: ${_param:single_address}
+ port: 6385
+ auth_type: password
+ project_domain_name: default
+ user: ironic
+ user_domain_name: default
+ password: ${_param:keystone_ironic_password}
+ linux:
+ network:
+ interface:
+ baremetal_interface:
+ enabled: true
+ name: ${_param:baremetal_interface}
+ mtu: ${_param:interface_mtu}
+ proto: static
+ address: ${_param:baremetal_gateway_ip}
+ netmask: 255.255.255.0
+ type: eth
+ br-baremetal:
+ enabled: true
+ type: ovs_bridge
+ mtu: ${_param:interface_mtu}
+ phy-baremetal:
+ enabled: true
+ type: ovs_port
+ bridge: br-baremetal
+ proto: static
+ address: ${_param:cluster_baremetal_local_address}
+ netmask: 255.255.255.0
+ system:
+ group:
+ libvirtd:
+ enabled: true
+ name: libvirtd
+ neutron:
+ server:
+ ironic_enabled: true
+ backend:
+ ironic_vlan_range: 100:1000
+ salt:
+ master:
+ environment:
+ prd:
+ formula:
+ baremetal_simulator:
+ name: salt-formula-baremetal-simulator
+ source: pkg
diff --git a/classes/cluster/virtual-mcp11-aio-manila/.env b/classes/cluster/virtual-mcp11-aio-manila/.env
index b48fd91..156a87d 100644
--- a/classes/cluster/virtual-mcp11-aio-manila/.env
+++ b/classes/cluster/virtual-mcp11-aio-manila/.env
@@ -1 +1 @@
-FORMULAS_SALT_MASTER+=(java openssh ntp nginx collectd sensu heka sphinx mysql galera grafana libvirt rsyslog glusterfs postfix xtrabackup freeipa prometheus telegraf elasticsearch kibana rundeck devops-portal libvirt rsyslog memcached rabbitmq apache keystone glance nova neutron cinder heat horizon ironic tftpd-hpa bind powerdns designate barbican iptables manila runtest artifactory)
+FORMULAS_SALT_MASTER+=(java openssh ntp nginx collectd sensu heka sphinx mysql galera grafana libvirt rsyslog glusterfs postfix xtrabackup freeipa prometheus telegraf elasticsearch kibana rundeck devops-portal libvirt rsyslog memcached rabbitmq apache keystone glance nova neutron cinder heat horizon ironic tftpd-hpa bind powerdns designate iptables manila runtest artifactory logrotate)
\ No newline at end of file
diff --git a/classes/cluster/virtual-mcp11-aio-manila/infra/config.yml b/classes/cluster/virtual-mcp11-aio-manila/infra/config.yml
index f073af7..7108728 100644
--- a/classes/cluster/virtual-mcp11-aio-manila/infra/config.yml
+++ b/classes/cluster/virtual-mcp11-aio-manila/infra/config.yml
@@ -1,28 +1,3 @@
classes:
- - cluster.virtual-mcp11-aio-manila
-parameters:
- _param:
- linux_system_codename: xenial
- linux:
- system:
- name: cfg01
- domain: ${_param:cluster_domain}
- purge_repos: ${_param:linux_system_purge_repos}
- salt:
- api:
- pkgs:
- - salt-api
- - python-cherrypy3
- master:
- worker_threads: 5
- environment:
- prd:
- formula:
- runtest:
- source: git
- address: 'https://gerrit.mcp.mirantis.net/salt-formulas/runtest'
- revision: master
- module:
- runtest: runtest
- state:
- runtest.py: runtest.py
+- cluster.virtual-mcp11-aio-manila
+- cluster.virtual-mcp11-aio.infra.config
diff --git a/classes/cluster/virtual-mcp11-aio-manila/infra/init.yml b/classes/cluster/virtual-mcp11-aio-manila/infra/init.yml
index d00a830..219ed8d 100644
--- a/classes/cluster/virtual-mcp11-aio-manila/infra/init.yml
+++ b/classes/cluster/virtual-mcp11-aio-manila/infra/init.yml
@@ -1,8 +1,2 @@
-parameters:
- _param:
- apt_mk_version: stable
- linux_system_purge_repos: false
- salt:
- minion:
- trusted_ca_minions:
- - cfg01.${_param:cluster_domain}
+classes:
+ - cluster.virtual-mcp11-aio.infra
diff --git a/classes/cluster/virtual-mcp11-aio-manila/init.yml b/classes/cluster/virtual-mcp11-aio-manila/init.yml
index 242e910..0d382b8 100755
--- a/classes/cluster/virtual-mcp11-aio-manila/init.yml
+++ b/classes/cluster/virtual-mcp11-aio-manila/init.yml
@@ -1,111 +1,5 @@
classes:
-- system.linux.network.dynamic_hosts
-- service.git.client
-- system.linux.system.single.debian
-- system.linux.system.repo.mcp.salt
-- system.openssh.client.lab
-- system.salt.master.api
-- system.salt.master.pkg
-- system.salt.minion.ca.salt_master
-- system.salt.minion.cert.proxy
-- system.reclass.storage.salt
-- system.mysql.client
-- system.memcached.server.single
-- system.rabbitmq.server.single
- cluster.virtual-mcp11-aio-manila.infra
- cluster.virtual-mcp11-aio-manila.openstack
+- cluster.virtual-mcp11-aio
- cluster.overrides
-parameters:
- _param:
- reclass_data_repository: https://gerrit.mcp.mirantis.net/salt-models/mcp-virtual-aio
- reclass_data_revision: master
- salt_master_environment_repository: "https://github.com/tcpcloud"
- salt_master_environment_revision: master
- reclass_config_master: 192.168.10.90
- single_address: 172.16.10.90
- infra_config_address: ${_param:single_address}
- cluster_domain: virtual-mcp11-aio-manila.local
- cluster_name: virtual-mcp11-aio-manila
- infra_config_hostname: cfg01
-
- mysql_admin_user: root
- mysql_admin_password: workshop
- mysql_cluster_role: master
- rabbitmq_secret_key: workshop
- rabbitmq_admin_password: workshop
- loopback_device_size: 20
- loopback_device1_size: 10
- salt_master_host: 192.168.10.90
- salt_master_base_environment: prd
- salt_minion_ca_host: ${linux:network:fqdn}
- salt_api_password_hash: "$6$sGnRlxGf$al5jMCetLP.vfI/fTl3Z0N7Za1aeiexL487jAtyRABVfT3NlwZxQGVhO7S1N8OwS/34VHYwZQA8lkXwKMN/GS1"
- openssh:
- server:
- password_auth: true
- permit_root_login: true
- linux:
- system:
- user:
- root:
- enabled: true
- # r00tme
- password: $6$9ojWyyN.$26Vj46JtCUL6C7XBQ8RmQTZLwo8/8SkqTRElXh0X2YBLrt7E/aVe2AYQ5gguYUwUknZNOSn5q7M9M3Jyf2gof/
- repo:
- linux_system_repo:
- source: ${_param:linux_system_repo}
- architectures: amd64
- clean_file: true
- pin:
- - pin: ${_param:linux_system_repo_pin}
- priority: ${_param:linux_system_repo_priority}
- package: '*'
- # workaround for PROD-15657, mysql 5.7 isn't built, using 5.6 instead
- - pin: 'version 5.6*'
- priority: 1300
- package: 'mysql-client'
- network:
- bridge: openvswitch
- interface:
- br-floating:
- enabled: true
- type: ovs_bridge
- phy-public:
- enabled: true
- type: ovs_port
- bridge: br-floating
- proto: static
- address: ${_param:openstack_public_neutron_subnet_gateway}
- netmask: 255.255.255.0
- ens4:
- enabled: true
- type: eth
- proto: static
- address: ${_param:single_address}
- netmask: 255.255.255.0
- ens3:
- enabled: true
- type: eth
- proto: dhcp
-# override on this level
- nova:
- compute:
- cache:
- members:
- - host: ${_param:single_address}
- port: 11211
- cinder:
- volume:
- cache:
- members:
- - host: ${_param:single_address}
- port: 11211
- galera:
- master:
- members:
- - host: ${_param:single_address}
- port: 4567
- neutron:
- server:
- message_queue:
- members:
- - host: ${_param:single_address}
diff --git a/classes/cluster/virtual-mcp11-aio-manila/openstack/init.yml b/classes/cluster/virtual-mcp11-aio-manila/openstack/init.yml
index 99c54eb..977319e 100755
--- a/classes/cluster/virtual-mcp11-aio-manila/openstack/init.yml
+++ b/classes/cluster/virtual-mcp11-aio-manila/openstack/init.yml
@@ -1,295 +1,32 @@
classes:
-- system.salt.minion.cert.mysql.server
-- system.salt.minion.cert.rabbitmq_server
-- system.linux.system.lowmem
-- system.linux.system.repo.mcp.openstack
-- system.linux.system.repo.mcp.extra
-- system.linux.storage.loopback
- system.linux.storage.loopback_manila
-- service.rabbitmq.server.ssl
-- system.rabbitmq.server.vhost.openstack
-- system.horizon.server.plugin.manila
-- system.keystone.server.wsgi
-- system.keystone.server.single
-- service.galera.ssl
-- service.galera.master.cluster
-- system.galera.server.database.cinder
-- system.galera.server.database.designate
-- system.galera.server.database.glance
-- system.galera.server.database.heat
-- system.galera.server.database.keystone
-- system.galera.server.database.nova
-- system.galera.server.database.barbican
- system.galera.server.database.manila
- system.apache.server.site.manila
-- system.keystone.client.single
-- system.keystone.client.service.barbican
-- system.keystone.client.service.cinder3
-- system.keystone.client.service.nova21
-- system.keystone.client.service.nova-placement
-- system.keystone.client.service.designate
- system.keystone.client.service.manila
- system.keystone.client.service.manila2
-- system.glance.control.single
-- system.nova.control.single
-- system.neutron.control.openvswitch.single
-- system.neutron.client.service.public
-- system.neutron.client.service.manila
-- system.heat.server.single
-- system.nova.compute.single
-- service.neutron.gateway.single
-- system.cinder.control.single
-- system.cinder.control.backend.lvm
-- service.cinder.volume.single
-- system.cinder.volume.backend.lvm
-- system.horizon.server.single
-- system.horizon.server.plugin.theme
-- system.bind.server.single
-- system.barbican.server.single
-- service.barbican.server.plugin.simple_crypto
-- system.designate.server.single
-- system.designate.server.backend.bind
- system.manila.common.single
- system.manila.share.backend.lvm
+- system.manila.client
+- cluster.virtual-mcp11-aio.openstack
parameters:
_param:
- openstack_version: pike
- cluster_public_host: ${_param:single_address}
- cluster_public_protocol: http
- openstack_region: RegionOne
- admin_email: root@localhost
- rabbitmq_openstack_password: workshop
- galera_server_cluster_name: openstack_cluster
- galera_server_maintenance_password: workshop
- galera_server_admin_password: workshop
- keystone_version: ${_param:openstack_version}
- barbican_version: ${_param:openstack_version}
- glance_version: ${_param:openstack_version}
- nova_version: ${_param:openstack_version}
- neutron_version: ${_param:openstack_version}
- cinder_version: ${_param:openstack_version}
- heat_version: ${_param:openstack_version}
- horizon_version: ${_param:openstack_version}
- designate_version: ${_param:openstack_version}
- keystone_service_token: workshop
- keystone_admin_password: workshop
- keystone_barbican_password: workshop
- keystone_ceilometer_password: workshop
- keystone_cinder_password: workshop
- keystone_glance_password: workshop
- keystone_heat_password: workshop
- keystone_neutron_password: workshop
- keystone_nova_password: workshop
- keystone_designate_password: workshop
keystone_manila_password: workshop
- keystone_service_host: ${_param:single_address}
manila_service_host: ${_param:single_address}
- mysql_keystone_password: workshop
- mysql_barbican_password: workshop
- mysql_glance_password: workshop
- mysql_nova_password: workshop
- mysql_neutron_password: workshop
- mysql_cinder_password: workshop
- mysql_heat_password: workshop
- mysql_designate_password: workshop
mysql_manila_password: workshop
- barbican_service_host: ${_param:single_address}
- heat_service_host: ${_param:single_address}
- neutron_service_host: ${_param:single_address}
- glance_service_host: ${_param:single_address}
- cinder_service_host: ${_param:single_address}
- designate_service_host: ${_param:single_address}
- nova_service_host: ${_param:single_address}
- control_address: ${_param:single_address}
- metadata_password: workshop
- cluster_vip_address: ${_param:single_address}
- cluster_local_address: ${_param:single_address}
- openstack_database_address: ${_param:single_address}
- tenant_address: ${_param:single_address}
- heat_domain_admin_password: workshop
- horizon_secret_key: workshop
- horizon_identity_encryption: none
- horizon_identity_version: 2
- horizon_identity_host: ${_param:single_address}
- designate_admin_api_enabled: true
- designate_bind9_rndc_key: 4pc+X4PDqb2q+5o72dISm72LM1Ds9X2EYZjqg+nmsS7FhdTwzFFY8l/iEDmHxnyjkA33EQC8H+z0fLLBunoitw==
- designate_pool_target_type: bind9
- designate_domain_id: 5186883b-91fb-4891-bd49-e6769234a8fc
- designate_pool_ns_records:
- - hostname: 'ns1.example.org.'
- priority: 10
- designate_pool_nameservers:
- - host: ${_param:single_address}
- port: 53
- designate_pool_target_masters:
- - host: ${_param:single_address}
- port: 5354
- designate_pool_target_options:
- host: ${_param:single_address}
- port: 53
- rndc_host: 127.0.0.1
- rndc_port: 953
- rndc_key_file: /etc/designate/rndc.key
- designate_quota_zones: 40
- designate_worker_enabled: true
- linux_system_repo: deb [arch=amd64] http://mirror.fuel-infra.org/mcp-repos/${_param:openstack_version}/xenial ${_param:openstack_version} main
- linux_system_repo_pin: release a=${_param:openstack_version}
- linux_system_repo_priority: 1200
- openstack_public_neutron_subnet_gateway: 192.168.130.1
- openstack_public_neutron_subnet_cidr: 192.168.130.0/24
- openstack_public_neutron_subnet_allocation_start: 192.168.130.10
- openstack_public_neutron_subnet_allocation_end: 192.168.130.254
- barbican_simple_crypto_kek: YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=
- barbican_integration_enabled: False
- galera_ssl_enabled: true
- rabbitmq_ssl_enabled: true
- rabbitmq_port: 5671 # for non-ssl use 5672/for ssl 5671
- runtest_tempest_cfg_dir: /root/rally_reports/
- runtest_tempest_cfg_name: tempest_generated.conf
- openstack_manila_share_neutron_subnet_cidr: 172.16.10.0/24
- openstack_manila_share_neutron_subnet_allocation_start: 172.16.10.150
- openstack_manila_share_neutron_subnet_allocation_end: 172.16.10.200
+ # loop0 is used by cinder lvm
manila_lvm_devices:
- /dev/loop1
- galera:
- master:
- members: ~
- innodb_buffer_pool_size: 1024M
- max_connections: 1000
- slave:
- enabled: false
- barbican:
- server:
- ks_notifications_enable: True
- store:
- software:
- crypto_plugin: simple_crypto
- store_plugin: store_crypto
- global_default: True
- database:
- ssl:
- enabled: ${_param:galera_ssl_enabled}
- message_queue:
- port: ${_param:rabbitmq_port}
- ssl:
- enabled: ${_param:rabbitmq_ssl_enabled}
- neutron:
- server:
- api_workers: 2
- rpc_state_report_workers: 2
- rpc_workers: 2
- message_queue:
- members: ~
- port: ${_param:rabbitmq_port}
- ssl:
- enabled: ${_param:rabbitmq_ssl_enabled}
- database:
- ssl:
- enabled: ${_param:galera_ssl_enabled}
- gateway:
- metadata:
- workers: 2
- agent_mode: dvr_snat
- dvr: True
- message_queue:
- port: ${_param:rabbitmq_port}
- ssl:
- enabled: ${_param:rabbitmq_ssl_enabled}
- nova:
- compute:
- barbican:
- enabled: ${_param:barbican_integration_enabled}
- vncproxy_url: http://${_param:single_address}:6080
- network:
- user: neutron
- password: ${_param:keystone_neutron_password}
- tenant: service
- cache:
- members: ~
- message_queue:
- port: ${_param:rabbitmq_port}
- ssl:
- enabled: ${_param:rabbitmq_ssl_enabled}
- controller:
- barbican:
- enabled: ${_param:barbican_integration_enabled}
- vncproxy_url: http://${_param:single_address}:6080
- database:
- ssl:
- enabled: ${_param:galera_ssl_enabled}
- message_queue:
- port: ${_param:rabbitmq_port}
- ssl:
- enabled: ${_param:rabbitmq_ssl_enabled}
- cinder:
- controller:
- barbican:
- enabled: ${_param:barbican_integration_enabled}
- database:
- ssl:
- enabled: ${_param:galera_ssl_enabled}
- message_queue:
- port: ${_param:rabbitmq_port}
- ssl:
- enabled: ${_param:rabbitmq_ssl_enabled}
- volume:
- cache:
- members: ~
- database:
- ssl:
- enabled: ${_param:galera_ssl_enabled}
- message_queue:
- port: ${_param:rabbitmq_port}
- ssl:
- enabled: ${_param:rabbitmq_ssl_enabled}
- horizon:
- server:
- secure: False
- designate:
- server:
- quota:
- zones: ${_param:designate_quota_zones}
- database:
- ssl:
- enabled: ${_param:galera_ssl_enabled}
- message_queue:
- port: ${_param:rabbitmq_port}
- ssl:
- enabled: ${_param:rabbitmq_ssl_enabled}
- worker:
- enabled: ${_param:designate_worker_enabled}
- glance:
- server:
- barbican:
- enabled: ${_param:barbican_integration_enabled}
- database:
- ssl:
- enabled: ${_param:galera_ssl_enabled}
- message_queue:
- port: ${_param:rabbitmq_port}
- ssl:
- enabled: ${_param:rabbitmq_ssl_enabled}
- keystone:
- server:
- database:
- ssl:
- enabled: ${_param:galera_ssl_enabled}
- message_queue:
- port: ${_param:rabbitmq_port}
- ssl:
- enabled: ${_param:rabbitmq_ssl_enabled}
- heat:
- server:
- database:
- ssl:
- enabled: ${_param:galera_ssl_enabled}
- message_queue:
- port: ${_param:rabbitmq_port}
- ssl:
- enabled: ${_param:rabbitmq_ssl_enabled}
+ loopback_device1_size: 20
+ manila_share_type_default_extra_specs:
+ driver_handles_share_servers: False
+ snapshot_support: True
+ create_share_from_snapshot_support : True
+ mount_snapshot_support : True
+ revert_to_snapshot_support : True
manila:
common:
dhss: false
+ default_share_type: default
api:
version: ${_param:openstack_version}
enabled: true
@@ -309,43 +46,3 @@
enabled: true
dhss: false
share_driver: manila.share.drivers.lvm.LVMShareDriver
- shares:
- Share2:
- share_type:
- share_type_name: lvm-type1
- dhss: false
- extra_specs:
- snapshot_support: true
- share_size: 5
- share_proto: NFS
- share_access:
- rw:
- - 172.16.10.90
- ro:
- - 172.16.12.90
- runtest:
- enabled: True
- tempest:
- enabled: True
- cfg_dir: ${_param:runtest_tempest_cfg_dir}
- cfg_name: ${_param:runtest_tempest_cfg_name}
- DEFAULT:
- log_file: /home/rally/rally_reports/tempest.log
- compute:
- build_timeout: 600
- min_microversion: 2.1
- max_microversion: 2.53
- orchestration:
- max_template_size: 5440000
- max_resources_per_stack: 20000
- dns_feature_enabled:
- # Switch this to designate_admin_api_enabled once [1] is promoted to stable packages
- # [1] https://gerrit.mcp.mirantis.net/gitweb?p=salt-formulas/designate.git;a=commit;h=96a3f43f6cf1149559e54a00b5548bdf46333749
- api_admin: false
- api_v1: false
- api_v2: true
- api_v2_quotas: true
- api_v2_root_recordsets: true
- bug_1573141_fixed: true
- volume-feature-enabled:
- backup: false
diff --git a/classes/cluster/virtual-mcp11-aio-ssl/.env b/classes/cluster/virtual-mcp11-aio-ssl/.env
new file mode 100644
index 0000000..c4dd293
--- /dev/null
+++ b/classes/cluster/virtual-mcp11-aio-ssl/.env
@@ -0,0 +1 @@
+FORMULAS_SALT_MASTER+=(java openssh ntp nginx collectd sensu heka sphinx mysql galera grafana libvirt rsyslog glusterfs postfix xtrabackup freeipa prometheus telegraf elasticsearch kibana rundeck devops-portal libvirt rsyslog memcached rabbitmq apache keystone glance nova neutron cinder heat horizon ironic tftpd-hpa bind powerdns designate iptables runtest artifactory logrotate)
\ No newline at end of file
diff --git a/classes/cluster/virtual-mcp11-aio-ssl/infra/config.yml b/classes/cluster/virtual-mcp11-aio-ssl/infra/config.yml
new file mode 100644
index 0000000..0927924
--- /dev/null
+++ b/classes/cluster/virtual-mcp11-aio-ssl/infra/config.yml
@@ -0,0 +1,3 @@
+classes:
+ - cluster.virtual-mcp11-aio-ssl
+ - cluster.virtual-mcp11-aio.infra.config
diff --git a/classes/cluster/virtual-mcp11-aio-ssl/infra/init.yml b/classes/cluster/virtual-mcp11-aio-ssl/infra/init.yml
new file mode 100644
index 0000000..325f046
--- /dev/null
+++ b/classes/cluster/virtual-mcp11-aio-ssl/infra/init.yml
@@ -0,0 +1,17 @@
+classes:
+ - cluster.virtual-mcp11-aio.infra
+parameters:
+ _param:
+ salt_minion_ca_host: cfg01.${linux:system:domain}
+ salt:
+ minion:
+ cert:
+ internal_proxy:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: internal_proxy
+ signing_policy: cert_open
+ alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_public_host},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_local_address},DNS:${_param:cluster_public_host}
+ key_file: "/etc/ssl/private/internal_proxy.key"
+ cert_file: "/etc/ssl/certs/internal_proxy.crt"
+ all_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
diff --git a/classes/cluster/virtual-mcp11-aio-ssl/init.yml b/classes/cluster/virtual-mcp11-aio-ssl/init.yml
new file mode 100755
index 0000000..4000410
--- /dev/null
+++ b/classes/cluster/virtual-mcp11-aio-ssl/init.yml
@@ -0,0 +1,5 @@
+classes:
+- cluster.virtual-mcp11-aio-ssl.infra
+- cluster.virtual-mcp11-aio-ssl.openstack
+- cluster.virtual-mcp11-aio
+- cluster.overrides
diff --git a/classes/cluster/virtual-mcp11-aio-ssl/openstack/init.yml b/classes/cluster/virtual-mcp11-aio-ssl/openstack/init.yml
new file mode 100755
index 0000000..fd7df8d
--- /dev/null
+++ b/classes/cluster/virtual-mcp11-aio-ssl/openstack/init.yml
@@ -0,0 +1,97 @@
+classes:
+- system.apache.server.site.cinder
+# Enable proxy for services that are not under apache and
+# do not use apache wsgi template
+- system.apache.server.proxy.openstack.designate
+- system.apache.server.proxy.openstack.glance
+- system.apache.server.proxy.openstack.heat
+- system.apache.server.proxy.openstack.neutron
+- system.apache.server.proxy.openstack.nova
+- system.apache.server.proxy.openstack.placement
+- cluster.virtual-mcp11-aio.openstack
+parameters:
+ _param:
+ cluster_public_protocol: https
+ cluster_internal_protocol: https
+ keystone_service_protocol: ${_param:cluster_internal_protocol}
+ glance_service_protocol: ${_param:cluster_internal_protocol}
+ nova_service_protocol: ${_param:cluster_internal_protocol}
+ neutron_service_protocol: ${_param:cluster_internal_protocol}
+ heat_service_protocol: ${_param:cluster_internal_protocol}
+ cinder_service_protocol: ${_param:cluster_internal_protocol}
+ designate_service_protocol: ${_param:cluster_internal_protocol}
+ apache_proxy_ssl:
+ enabled: true
+ engine: salt
+ authority: "${_param:salt_minion_ca_authority}"
+ key_file: "/etc/ssl/private/internal_proxy.key"
+ cert_file: "/etc/ssl/certs/internal_proxy.crt"
+ chain_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
+ apache_cinder_ssl: ${_param:apache_proxy_ssl}
+ apache_keystone_ssl: ${_param:apache_proxy_ssl}
+ apache_proxy_openstack_api_address: ${_param:cluster_public_host}
+ apache_proxy_openstack_keystone_host: 127.0.0.1
+ apache_proxy_openstack_nova_host: 127.0.0.1
+ apache_proxy_openstack_glance_host: 127.0.0.1
+ apache_proxy_openstack_neutron_host: 127.0.0.1
+ apache_proxy_openstack_heat_host: 127.0.0.1
+ apache_proxy_openstack_designate_host: 127.0.0.1
+ apache_proxy_openstack_placement_host: 127.0.0.1
+ apache_keystone_api_host: ${_param:single_address}
+ neutron:
+ server:
+ bind:
+ address: 127.0.0.1
+ identity:
+ protocol: https
+ nova:
+ controller:
+ bind:
+ private_address: 127.0.0.1
+ identity:
+ protocol: https
+ network:
+ protocol: https
+ glance:
+ protocol: https
+ metadata:
+ bind:
+ address: ${_param:nova_service_host}
+
+ cinder:
+ controller:
+ identity:
+ protocol: https
+ glance:
+ protocol: https
+ horizon:
+ server:
+ secure: False
+ identity:
+ encryption: ssl
+ designate:
+ server:
+ identity:
+ protocol: https
+ bind:
+ api:
+ address: 127.0.0.1
+ glance:
+ server:
+ bind:
+ address: 127.0.0.1
+ identity:
+ protocol: https
+ registry:
+ protocol: https
+ heat:
+ server:
+ bind:
+ api:
+ address: 127.0.0.1
+ api_cfn:
+ address: 127.0.0.1
+ api_cloudwatch:
+ address: 127.0.0.1
+ identity:
+ protocol: https
diff --git a/classes/cluster/virtual-mcp11-aio-telemetry/.env b/classes/cluster/virtual-mcp11-aio-telemetry/.env
index 5bed4fc..f9b0920 100644
--- a/classes/cluster/virtual-mcp11-aio-telemetry/.env
+++ b/classes/cluster/virtual-mcp11-aio-telemetry/.env
@@ -1 +1 @@
-FORMULAS_SALT_MASTER+=(java openssh ntp nginx collectd sensu heka sphinx mysql galera grafana libvirt rsyslog glusterfs postfix xtrabackup freeipa prometheus telegraf elasticsearch kibana rundeck devops-portal libvirt rsyslog memcached rabbitmq redis apache keystone gnocchi glance nova neutron cinder ceilometer aodh panko heat horizon ironic tftpd-hpa bind powerdns designate barbican iptables runtest artifactory)
+FORMULAS_SALT_MASTER+=(java openssh ntp nginx collectd sensu heka sphinx mysql galera grafana libvirt rsyslog glusterfs postfix xtrabackup freeipa prometheus telegraf elasticsearch kibana rundeck devops-portal libvirt rsyslog memcached rabbitmq redis apache keystone gnocchi glance nova neutron cinder ceilometer aodh panko heat horizon ironic tftpd-hpa bind powerdns designate iptables runtest artifactory logrotate)
\ No newline at end of file
diff --git a/classes/cluster/virtual-mcp11-aio-telemetry/openstack/init.yml b/classes/cluster/virtual-mcp11-aio-telemetry/openstack/init.yml
index 0bd7c8d..f4c7060 100755
--- a/classes/cluster/virtual-mcp11-aio-telemetry/openstack/init.yml
+++ b/classes/cluster/virtual-mcp11-aio-telemetry/openstack/init.yml
@@ -1,10 +1,6 @@
classes:
- system.apache.server.site.gnocchi
- system.apache.server.site.panko
-- system.nginx.server.proxy.openstack.aodh
-- system.nginx.server.proxy.openstack.ceilometer
-- system.nginx.server.proxy.openstack.panko
-- system.nginx.server.proxy.openstack.gnocchi
- system.galera.server.database.gnocchi
- system.galera.server.database.aodh
- system.galera.server.database.panko
@@ -26,20 +22,20 @@
- service.panko.server.single
- service.ceilometer.server.single
- service.ceilometer.agent.single
+- service.ceilometer.server.publisher.gnocchi
+- service.ceilometer.server.publisher.panko
parameters:
_param:
- nginx_proxy_openstack_api_address: ${_param:cluster_public_host}
- apache_gnocchi_api_address: 127.0.0.1
- apache_panko_api_address: 127.0.0.1
- panko_service_protocol: ${_param:cluster_internal_protocol}
- aodh_service_protocol: ${_param:cluster_internal_protocol}
- gnocchi_service_protocol: ${_param:cluster_internal_protocol}
- ceilometer_service_protocol: ${_param:cluster_internal_protocol}
+ cluster_public_protocol: http
panko_version: ${_param:openstack_version}
ceilometer_version: ${_param:openstack_version}
aodh_version: ${_param:openstack_version}
gnocchi_version: 4.0
gnocchi_statsd_resource_id: 07f26121-5777-48ba-8a0b-d70468133dd9
+ ceilometer_create_gnocchi_resources: true
+ ceilometer_agent_default_polling_interval: 15
+ ceilometer_agent_default_polling_meters:
+ - "*"
ceilometer_secret_key: workshop
keystone_aodh_password: workshop
keystone_panko_password: workshop
@@ -53,10 +49,14 @@
ceilometer_service_host: ${_param:single_address}
panko_service_host: ${_param:single_address}
gnocchi_service_host: ${_param:single_address}
- nginx_proxy_openstack_gnocchi_host: 127.0.0.1
- nginx_proxy_openstack_ceilometer_host: 127.0.0.1
- nginx_proxy_openstack_aodh_host: 127.0.0.1
- nginx_proxy_openstack_panko_host: 127.0.0.1
+
+ nova:
+ controller:
+ instance_usage_audit: true
+ instance_usage_audit_period: hour
+ notification:
+ notify_on:
+ state_change: vm_and_task_state
gnocchi:
common:
# Remove 'enabled' when https://mirantis.jira.com/browse/PROD-18667
@@ -66,8 +66,6 @@
ssl:
enabled: ${_param:galera_ssl_enabled}
server:
- identity:
- protocol: https
cache:
engine: memcached
members:
@@ -75,10 +73,6 @@
port: 11211
aodh:
server:
- bind:
- host: 127.0.0.1
- identity:
- protocol: https
database:
ssl:
enabled: ${_param:galera_ssl_enabled}
@@ -87,20 +81,23 @@
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
ceilometer:
- server:
- database: ~
- bind:
- host: 127.0.0.1
- message_queue:
- port: ${_param:rabbitmq_port}
- ssl:
- enabled: ${_param:rabbitmq_ssl_enabled}
- identity:
- protocol: https
+ server:
+ database: ~
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
+ publisher:
+ default:
+ enabled: false
+ agent:
+ polling:
+ sources:
+ default_pollsters:
+ meters: ${_param:ceilometer_agent_default_polling_meters}
+ interval: ${_param:ceilometer_agent_default_polling_interval}
panko:
server:
- identity:
- protocol: https
database:
ssl:
enabled: ${_param:galera_ssl_enabled}
diff --git a/classes/cluster/virtual-mcp11-aio/.env b/classes/cluster/virtual-mcp11-aio/.env
index 3e71038..c4dd293 100644
--- a/classes/cluster/virtual-mcp11-aio/.env
+++ b/classes/cluster/virtual-mcp11-aio/.env
@@ -1 +1 @@
-FORMULAS_SALT_MASTER+=(java openssh ntp nginx collectd sensu heka sphinx mysql galera grafana libvirt rsyslog glusterfs postfix xtrabackup freeipa prometheus telegraf elasticsearch kibana rundeck devops-portal libvirt rsyslog memcached rabbitmq apache keystone glance nova neutron cinder heat horizon ironic tftpd-hpa bind powerdns designate barbican iptables runtest artifactory)
+FORMULAS_SALT_MASTER+=(java openssh ntp nginx collectd sensu heka sphinx mysql galera grafana libvirt rsyslog glusterfs postfix xtrabackup freeipa prometheus telegraf elasticsearch kibana rundeck devops-portal libvirt rsyslog memcached rabbitmq apache keystone glance nova neutron cinder heat horizon ironic tftpd-hpa bind powerdns designate iptables runtest artifactory logrotate)
\ No newline at end of file
diff --git a/classes/cluster/virtual-mcp11-aio/openstack/init.yml b/classes/cluster/virtual-mcp11-aio/openstack/init.yml
index 59e0a2d..54be975 100755
--- a/classes/cluster/virtual-mcp11-aio/openstack/init.yml
+++ b/classes/cluster/virtual-mcp11-aio/openstack/init.yml
@@ -7,11 +7,6 @@
- system.linux.storage.loopback
- service.rabbitmq.server.ssl
- system.rabbitmq.server.vhost.openstack
-- system.nginx.server.single
-- system.nginx.server.proxy.openstack_api
-- system.nginx.server.proxy.openstack.barbican
-- system.nginx.server.proxy.openstack.designate
-- system.nginx.server.proxy.openstack.placement
- system.keystone.server.wsgi
- system.keystone.server.single
- service.galera.ssl
@@ -22,9 +17,7 @@
- system.galera.server.database.heat
- system.galera.server.database.keystone
- system.galera.server.database.nova
-- system.galera.server.database.barbican
- system.keystone.client.single
-- system.keystone.client.service.barbican
- system.keystone.client.service.cinder3
- system.keystone.client.service.nova21
- system.keystone.client.service.nova-placement
@@ -41,35 +34,25 @@
- service.cinder.volume.single
- system.cinder.volume.backend.lvm
- system.horizon.server.single
-- system.horizon.server.plugin.theme
- system.bind.server.single
-- system.barbican.server.single
-- service.barbican.server.plugin.simple_crypto
- system.designate.server.single
- system.designate.server.backend.bind
- service.runtest.tempest
parameters:
_param:
- openstack_version: pike
+ openstack_version: queens
cluster_public_host: ${_param:single_address}
- cluster_public_protocol: https
- cluster_internal_protocol: https
- keystone_service_protocol: ${_param:cluster_internal_protocol}
- glance_service_protocol: ${_param:cluster_internal_protocol}
- nova_service_protocol: ${_param:cluster_internal_protocol}
- neutron_service_protocol: ${_param:cluster_internal_protocol}
- heat_service_protocol: ${_param:cluster_internal_protocol}
- cinder_service_protocol: ${_param:cluster_internal_protocol}
- barbican_service_protocol: ${_param:cluster_internal_protocol}
- designate_service_protocol: ${_param:cluster_internal_protocol}
+ cluster_public_protocol: http
openstack_region: RegionOne
admin_email: root@localhost
rabbitmq_openstack_password: workshop
galera_server_cluster_name: openstack_cluster
galera_server_maintenance_password: workshop
galera_server_admin_password: workshop
+ keystone_public_path: '/'
+ keystone_internal_path: '/'
+ keystone_admin_path: '/'
keystone_version: ${_param:openstack_version}
- barbican_version: ${_param:openstack_version}
glance_version: ${_param:openstack_version}
nova_version: ${_param:openstack_version}
neutron_version: ${_param:openstack_version}
@@ -79,7 +62,6 @@
designate_version: ${_param:openstack_version}
keystone_service_token: workshop
keystone_admin_password: workshop
- keystone_barbican_password: workshop
keystone_ceilometer_password: workshop
keystone_cinder_password: workshop
keystone_glance_password: workshop
@@ -89,14 +71,12 @@
keystone_designate_password: workshop
keystone_service_host: ${_param:single_address}
mysql_keystone_password: workshop
- mysql_barbican_password: workshop
mysql_glance_password: workshop
mysql_nova_password: workshop
mysql_neutron_password: workshop
mysql_cinder_password: workshop
mysql_heat_password: workshop
mysql_designate_password: workshop
- barbican_service_host: ${_param:single_address}
heat_service_host: ${_param:single_address}
neutron_service_host: ${_param:single_address}
glance_service_host: ${_param:single_address}
@@ -142,46 +122,15 @@
openstack_public_neutron_subnet_cidr: 192.168.130.0/24
openstack_public_neutron_subnet_allocation_start: 192.168.130.10
openstack_public_neutron_subnet_allocation_end: 192.168.130.254
- barbican_simple_crypto_kek: YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=
- barbican_integration_enabled: False
galera_ssl_enabled: true
- rabbitmq_ssl_enabled: true
- rabbitmq_port: 5671 # for non-ssl use 5672
- ### nginx ssl sites settings
- nginx_proxy_ssl:
- enabled: true
- engine: salt
- authority: "${_param:salt_minion_ca_authority}"
- key_file: "/etc/ssl/private/${_param:cluster_vip_address}.key"
- cert_file: "/etc/ssl/certs/${_param:cluster_vip_address}.crt"
- chain_file: "/etc/ssl/certs/${_param:cluster_vip_address}-with-chain.crt"
- nginx_proxy_openstack_api_address: ${_param:cluster_public_host}
- nginx_proxy_openstack_keystone_host: 127.0.0.1
- nginx_proxy_openstack_nova_host: 127.0.0.1
- nginx_proxy_openstack_cinder_host: 127.0.0.1
- nginx_proxy_openstack_glance_host: 127.0.0.1
- nginx_proxy_openstack_neutron_host: 127.0.0.1
- nginx_proxy_openstack_heat_host: 127.0.0.1
- nginx_proxy_openstack_designate_host: 127.0.0.1
- nginx_proxy_openstack_placement_host: 127.0.0.1
- apache_keystone_api_host: ${_param:single_address}
- apache_keystone_ssl: ${_param:nginx_proxy_ssl}
+ rabbitmq_ssl_enabled: false # untill rabbitmq formula with https://gerrit.mcp.mirantis.net/#/c/15198/ promoted to stable
+ rabbitmq_port: 5672 # for non-ssl use 5672/for ssl 5671
runtest_tempest_cfg_dir: /root/rally_reports/
runtest_tempest_cfg_name: tempest_generated.conf
+ runtest_tempest_log_file: /home/rally/rally_reports/tempest.log
+ runtest_tempest_public_net: public
artifactory_user: artifactory_user
artifactory_password: artifactory_password
- # Disable keystone nginx sites as we configure SSL for them in Apache
- nginx:
- server:
- site:
- nginx_proxy_openstack_api_keystone:
- enabled: false
- nginx_proxy_openstack_api_keystone_private:
- enabled: false
- rabbitmq:
- server:
- ssl:
- enabled: ${_param:rabbitmq_ssl_enabled}
galera:
master:
members: ~
@@ -189,25 +138,10 @@
max_connections: 1000
slave:
enabled: false
- barbican:
+ rabbitmq:
server:
- ks_notifications_enable: True
- store:
- software:
- crypto_plugin: simple_crypto
- store_plugin: store_crypto
- global_default: True
- database:
- ssl:
- enabled: ${_param:galera_ssl_enabled}
- message_queue:
- port: ${_param:rabbitmq_port}
- ssl:
- enabled: ${_param:rabbitmq_ssl_enabled}
- bind:
- address: 127.0.0.1
- identity:
- protocol: https
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
neutron:
server:
# Temporary install neutron-plugin-ml2 untill https://gerrit.mcp.mirantis.net/#/c/16262/ promoted
@@ -221,10 +155,6 @@
api_workers: 2
rpc_state_report_workers: 2
rpc_workers: 2
- bind:
- address: 127.0.0.1
- identity:
- protocol: https
message_queue:
members: ~
port: ${_param:rabbitmq_port}
@@ -244,8 +174,6 @@
enabled: ${_param:rabbitmq_ssl_enabled}
nova:
compute:
- barbican:
- enabled: ${_param:barbican_integration_enabled}
vncproxy_url: http://${_param:single_address}:6080
network:
user: neutron
@@ -258,8 +186,6 @@
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
controller:
- barbican:
- enabled: ${_param:barbican_integration_enabled}
vncproxy_url: http://${_param:single_address}:6080
database:
ssl:
@@ -268,22 +194,8 @@
port: ${_param:rabbitmq_port}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
- bind:
- private_address: 127.0.0.1
- identity:
- protocol: https
- network:
- protocol: https
- glance:
- protocol: https
- metadata:
- bind:
- address: ${_param:nova_service_host}
-
cinder:
controller:
- barbican:
- enabled: ${_param:barbican_integration_enabled}
database:
ssl:
enabled: ${_param:galera_ssl_enabled}
@@ -291,12 +203,6 @@
port: ${_param:rabbitmq_port}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
- identity:
- protocol: https
- osapi:
- host: 127.0.0.1
- glance:
- protocol: https
volume:
cache:
members: ~
@@ -311,7 +217,7 @@
server:
secure: False
identity:
- encryption: ssl
+ encryption: ${_param:horizon_identity_encryption}
api_versions:
identity: 3
designate:
@@ -325,17 +231,12 @@
port: ${_param:rabbitmq_port}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
- identity:
- protocol: https
- bind:
- api:
- address: 127.0.0.1
worker:
enabled: ${_param:designate_worker_enabled}
glance:
+ client:
+ enabled: True
server:
- barbican:
- enabled: ${_param:barbican_integration_enabled}
database:
ssl:
enabled: ${_param:galera_ssl_enabled}
@@ -343,12 +244,6 @@
port: ${_param:rabbitmq_port}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
- bind:
- address: 127.0.0.1
- identity:
- protocol: https
- registry:
- protocol: https
keystone:
server:
database:
@@ -358,6 +253,12 @@
port: ${_param:rabbitmq_port}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
+ client:
+ enabled: true
+ server:
+ identity:
+ admin:
+ api_version: 3
heat:
server:
database:
@@ -367,27 +268,21 @@
port: ${_param:rabbitmq_port}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
- bind:
- api:
- address: 127.0.0.1
- api_cfn:
- address: 127.0.0.1
- api_cloudwatch:
- address: 127.0.0.1
- identity:
- protocol: https
runtest:
enabled: True
+ salttest:
+ enabled: True
tempest:
enabled: True
cfg_dir: ${_param:runtest_tempest_cfg_dir}
cfg_name: ${_param:runtest_tempest_cfg_name}
- DEFAULT:
- log_file: /home/rally/rally_reports/tempest.log
+ convert_to_uuid:
+ network:
+ public_network_id: ${_param:runtest_tempest_public_net}
compute:
build_timeout: 600
min_microversion: 2.1
- max_microversion: 2.42
+ max_microversion: 2.53
orchestration:
max_template_size: 5440000
max_resources_per_stack: 20000
@@ -402,6 +297,8 @@
bug_1573141_fixed: true
volume-feature-enabled:
backup: false
+ network:
+ floating_network_name: ${_param:runtest_tempest_public_net}
artifact_collector:
enabled: true
artifactory:
@@ -419,5 +316,5 @@
path: /etc
cmds:
service_status:
- cmd: '(. /root/keystonercv3; openstack compute service list; openstack volume service list)'
+ cmd: '(. /root/keystonercv3; openstack compute service list; openstack volume service list; openstack catalog list)'
dst: /tmp/openstack_service_report.txt