Merge "Update virtual-mcp11-k8s-contrail"
diff --git a/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/infra/config.yml b/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/infra/config.yml
index 67942b4..10fd41e 100644
--- a/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/infra/config.yml
+++ b/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/infra/config.yml
@@ -141,7 +141,7 @@
external_address:
value_template: <<node_external_ip>>
cluster_param:
- openstack_gateway_node01_address:
+ openstack_gateway_address:
value_template: <<node_control_ip>>
openstack_dashboard:
expression: <<node_hostname>>__startswith__prx
diff --git a/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/compute.yml b/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/compute.yml
index 65bcbeb..a82008f 100644
--- a/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/compute.yml
+++ b/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/compute.yml
@@ -21,6 +21,12 @@
interface_mtu: 1500
linux_system_codename: xenial
loopback_device_size: 20
+ ceilometer:
+ agent:
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
nova:
compute:
vncproxy_url: http://${_param:cluster_vip_address}:6080
@@ -34,15 +40,36 @@
protocol: https
image:
protocol: https
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
neutron:
compute:
notification:
driver: messagingv2
topics: "notifications"
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
cinder:
volume:
barbican:
enabled: ${_param:barbican_integration_enabled}
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
linux:
network:
interface:
diff --git a/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/control.yml b/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/control.yml
index acea137..88f6f53 100644
--- a/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/control.yml
+++ b/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/control.yml
@@ -1,5 +1,7 @@
classes:
- system.salt.minion.cert.proxy
+- system.salt.minion.cert.mysql.server
+- system.salt.minion.cert.rabbitmq_server
- system.linux.system.lowmem
- system.linux.system.repo.mcp.apt_mirantis.glusterfs
- system.linux.system.repo.mcp.apt_mirantis.openstack
@@ -7,6 +9,7 @@
- system.linux.system.repo.mcp.apt_mirantis.saltstack_2016_3
- system.memcached.server.single
- system.rabbitmq.server.cluster
+- service.rabbitmq.server.ssl
- system.rabbitmq.server.vhost.openstack
- system.apache.server.site.manila
- system.apache.server.site.barbican
@@ -30,6 +33,7 @@
- system.heat.server.cluster
- system.designate.server.cluster
- system.galera.server.cluster
+- service.galera.ssl
- system.galera.server.database.cinder
- system.galera.server.database.glance
- system.galera.server.database.heat
@@ -96,6 +100,10 @@
dogtag_pki_token_password: workshop
dogtag_pki_security_domain_password: workshop
dogtag_pki_clone_pkcs12_password: workshop
+ rabbitmq:
+ server:
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
nginx:
server:
site:
@@ -159,9 +167,23 @@
plugin:
dogtag:
port: ${_param:haproxy_dogtag_bind_port}
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
keystone:
server:
admin_email: ${_param:admin_email}
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
designate:
pool_manager:
enabled: ${_param:designate_pool_manager_enabled}
@@ -172,6 +194,13 @@
bind:
api:
address: 127.0.0.1
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
backend:
pdns4:
api_token: ${_param:designate_pdns_api_key}
@@ -210,6 +239,13 @@
protocol: https
registry:
protocol: https
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
heat:
server:
bind:
@@ -221,12 +257,26 @@
address: 127.0.0.1
identity:
protocol: https
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
neutron:
server:
bind:
address: 127.0.0.1
identity:
protocol: https
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
nova:
controller:
networking: dvr
@@ -249,6 +299,13 @@
protocol: https
vncproxy_url: http://${_param:cluster_vip_address}:6080
workers: 1
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
cinder:
controller:
controller:
@@ -260,11 +317,25 @@
host: 127.0.0.1
glance:
protocol: https
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
manila:
common:
identity:
protocol: https
default_share_type: default
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
salt:
minion:
cert:
diff --git a/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/gateway.yml b/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/gateway.yml
index 81e8754..303ff44 100644
--- a/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/gateway.yml
+++ b/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/gateway.yml
@@ -19,6 +19,13 @@
notification:
driver: messagingv2
topics: "notifications"
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
linux:
network:
interface:
diff --git a/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/init.yml b/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/init.yml
index 77c4add..c68096f 100644
--- a/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/init.yml
+++ b/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/init.yml
@@ -216,6 +216,9 @@
ceilometer_agent_default_polling_meters:
- "*"
barbican_integration_enabled: true
+ galera_ssl_enabled: true
+ rabbitmq_ssl_enabled: true
+ rabbitmq_port: 5671 # for non-ssl use 5672 / for ssl 5671
linux:
network:
purge_hosts: true
diff --git a/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/share.yml b/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/share.yml
index 4443276..13b4194 100644
--- a/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/share.yml
+++ b/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/share.yml
@@ -15,3 +15,10 @@
identity:
protocol: https
default_share_type: default
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
diff --git a/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/telemetry.yml b/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/telemetry.yml
index c8fb232..b9ad851 100644
--- a/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/telemetry.yml
+++ b/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/telemetry.yml
@@ -115,6 +115,8 @@
common:
database:
host: ${_param:openstack_database_address}
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
server:
identity:
protocol: https
@@ -127,6 +129,9 @@
server:
identity:
protocol: https
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
aodh:
server:
bind:
@@ -136,6 +141,13 @@
identity:
protocol: https
host: ${_param:openstack_control_address}
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
ceilometer:
server:
bind:
@@ -145,6 +157,10 @@
identity:
protocol: https
host: ${_param:openstack_control_address}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
haproxy:
proxy:
listen:
diff --git a/classes/cluster/virtual-mcp-pike-dvr-ssl/infra/config.yml b/classes/cluster/virtual-mcp-pike-dvr-ssl/infra/config.yml
index cf24ffd..0ea8783 100644
--- a/classes/cluster/virtual-mcp-pike-dvr-ssl/infra/config.yml
+++ b/classes/cluster/virtual-mcp-pike-dvr-ssl/infra/config.yml
@@ -124,7 +124,7 @@
external_address:
value_template: <<node_external_ip>>
cluster_param:
- openstack_gateway_node01_address:
+ openstack_gateway_address:
value_template: <<node_control_ip>>
openstack_dashboard:
expression: <<node_hostname>>__startswith__prx
diff --git a/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/compute.yml b/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/compute.yml
index 1c34ae7..0ad9af0 100644
--- a/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/compute.yml
+++ b/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/compute.yml
@@ -26,6 +26,12 @@
ipflush_onchange: true
external_interface:
ipflush_onchange: true
+ ceilometer:
+ agent:
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
nova:
compute:
vncproxy_url: http://${_param:cluster_vip_address}:6080
@@ -37,6 +43,13 @@
protocol: https
image:
protocol: https
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
neutron:
compute:
notification:
@@ -53,4 +66,11 @@
backend:
extension:
bagpipe_bgpvpn:
- enabled: True
\ No newline at end of file
+ enabled: True
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
diff --git a/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/control.yml b/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/control.yml
index dedfea9..320923c 100644
--- a/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/control.yml
+++ b/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/control.yml
@@ -1,5 +1,7 @@
classes:
- system.salt.minion.cert.proxy
+- system.salt.minion.cert.mysql.server
+- system.salt.minion.cert.rabbitmq_server
- system.linux.system.lowmem
- system.linux.system.repo.mcp.apt_mirantis.glusterfs
- system.linux.system.repo.mcp.apt_mirantis.openstack
@@ -7,6 +9,7 @@
- system.linux.system.repo.mcp.apt_mirantis.saltstack_2016_3
- system.memcached.server.single
- system.rabbitmq.server.cluster
+- service.rabbitmq.server.ssl
- system.rabbitmq.server.vhost.openstack
- system.apache.server.site.manila
- system.apache.server.site.nova-placement
@@ -29,6 +32,7 @@
- system.heat.server.cluster
- system.designate.server.cluster
- system.galera.server.cluster
+- service.galera.ssl
- system.galera.server.database.cinder
- system.galera.server.database.glance
- system.galera.server.database.heat
@@ -74,6 +78,10 @@
apache_nova_placement_ssl: ${_param:nginx_proxy_ssl}
apache_cinder_api_address: ${_param:cluster_local_address}
apache_cinder_ssl: ${_param:nginx_proxy_ssl}
+ rabbitmq:
+ server:
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
nginx:
server:
site:
@@ -104,6 +112,13 @@
keystone:
server:
admin_email: ${_param:admin_email}
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
designate:
pool_manager:
enabled: ${_param:designate_pool_manager_enabled}
@@ -114,6 +129,13 @@
bind:
api:
address: 127.0.0.1
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
backend:
pdns4:
api_token: ${_param:designate_pdns_api_key}
@@ -150,6 +172,13 @@
protocol: https
registry:
protocol: https
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
heat:
server:
bind:
@@ -161,6 +190,13 @@
address: 127.0.0.1
identity:
protocol: https
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
neutron:
server:
bind:
@@ -169,6 +205,13 @@
protocol: https
l2gw:
enabled: true
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
nova:
controller:
networking: dvr
@@ -189,6 +232,13 @@
protocol: https
vncproxy_url: http://${_param:cluster_vip_address}:6080
workers: 1
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
cinder:
controller:
identity:
@@ -197,11 +247,25 @@
host: 127.0.0.1
glance:
protocol: https
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
manila:
common:
identity:
protocol: https
default_share_type: default
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
salt:
minion:
cert:
diff --git a/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/gateway.yml b/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/gateway.yml
index a61319c..373433c 100644
--- a/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/gateway.yml
+++ b/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/gateway.yml
@@ -23,6 +23,13 @@
enabled: false
ovsdb_hosts:
ovsdbx: 127.0.0.1:6632
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
linux:
network:
interface:
diff --git a/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/init.yml b/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/init.yml
index e866362..e243ec5 100644
--- a/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/init.yml
+++ b/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/init.yml
@@ -212,6 +212,9 @@
ceilometer_agent_default_polling_interval: 15
ceilometer_agent_default_polling_meters:
- "*"
+ galera_ssl_enabled: true
+ rabbitmq_ssl_enabled: true
+ rabbitmq_port: 5671 # for non-ssl use 5672 / for ssl 5671
linux:
network:
purge_hosts: true
diff --git a/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/share.yml b/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/share.yml
index e144677..26a0a51 100644
--- a/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/share.yml
+++ b/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/share.yml
@@ -24,3 +24,10 @@
identity:
protocol: https
default_share_type: default
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
diff --git a/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/telemetry.yml b/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/telemetry.yml
index 79cfaf0..0b6277f 100644
--- a/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/telemetry.yml
+++ b/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/telemetry.yml
@@ -115,6 +115,8 @@
common:
database:
host: ${_param:openstack_database_address}
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
server:
identity:
protocol: https
@@ -127,6 +129,9 @@
server:
identity:
protocol: https
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
aodh:
server:
bind:
@@ -136,6 +141,13 @@
identity:
protocol: https
host: ${_param:openstack_control_address}
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
ceilometer:
server:
bind:
@@ -145,6 +157,10 @@
identity:
protocol: https
host: ${_param:openstack_control_address}
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
haproxy:
proxy:
listen:
diff --git a/classes/cluster/virtual-mcp-pike-dvr/infra/config.yml b/classes/cluster/virtual-mcp-pike-dvr/infra/config.yml
index e854194..4756fab 100644
--- a/classes/cluster/virtual-mcp-pike-dvr/infra/config.yml
+++ b/classes/cluster/virtual-mcp-pike-dvr/infra/config.yml
@@ -130,7 +130,7 @@
external_address:
value_template: <<node_external_ip>>
cluster_param:
- openstack_gateway_node01_address:
+ openstack_gateway_address:
value_template: <<node_control_ip>>
openstack_dashboard:
expression: <<node_hostname>>__startswith__prx
diff --git a/classes/cluster/virtual-mcp-pike-ovs/infra/config.yml b/classes/cluster/virtual-mcp-pike-ovs/infra/config.yml
index d1b2b88..cd6fec1 100644
--- a/classes/cluster/virtual-mcp-pike-ovs/infra/config.yml
+++ b/classes/cluster/virtual-mcp-pike-ovs/infra/config.yml
@@ -119,7 +119,7 @@
external_address:
value_template: <<node_external_ip>>
cluster_param:
- openstack_gateway_node01_address:
+ openstack_gateway_address:
value_template: <<node_control_ip>>
openstack_dashboard:
expression: <<node_hostname>>__startswith__prx