Add virtual-mcp11-ovs-ironic-ssl
The model uses SSL on private/public endpoints.
Change-Id: Ie49c666ba5218ac25daec85b54b17e1dceab2571
Related-Prod: PROD-17998
diff --git a/classes/cluster/virtual-mcp11-ovs-ironic-ssl/openstack/baremetal.yml b/classes/cluster/virtual-mcp11-ovs-ironic-ssl/openstack/baremetal.yml
new file mode 100644
index 0000000..00855f7
--- /dev/null
+++ b/classes/cluster/virtual-mcp11-ovs-ironic-ssl/openstack/baremetal.yml
@@ -0,0 +1,125 @@
+classes:
+- system.linux.system.repo.mcp.openstack
+- system.linux.system.repo.mcp.extra
+- system.linux.system.repo.saltstack.xenial
+- system.ironic.api.cluster # deploy only api (heartbeat and lookup endpoints are open)
+- system.ironic.conductor.cluster
+- system.ironic.tftpd_hpa
+- system.nova.compute_ironic.cluster
+- system.apache.server.single
+- system.apache.server.site.ironic
+- system.keystone.client.core
+- system.neutron.gateway.cluster
+- system.neutron.gateway.ironic
+- system.neutron.client.service.ironic
+- service.baremetal_simulator.simulator
+- service.baremetal_simulator.nodes_flat
+- service.baremetal_simulator.network.ovs
+- cluster.virtual-mcp11-ovs-ironic-ssl
+parameters:
+ _param:
+ primary_interface: ens4
+ tenant_interface: ens5
+ external_interface: ens6
+ baremetal_interface: ens7
+ linux_system_codename: xenial
+ interface_mtu: 1450
+ cluster_vip_address: ${_param:openstack_control_address}
+ cluster_baremetal_vip_address: ${_param:single_baremetal_address}
+ cluster_baremetal_local_address: ${_param:single_baremetal_address}
+ linux_system_codename: xenial
+ linux:
+ network:
+ concat_iface_files:
+ - src: '/etc/network/interfaces.d/50-cloud-init.cfg'
+ dst: '/etc/network/interfaces'
+ bridge: openvswitch
+ interface:
+ dhcp_int:
+ enabled: true
+ name: ens3
+ proto: dhcp
+ type: eth
+ mtu: ${_param:interface_mtu}
+ primary_interface:
+ enabled: true
+ name: ${_param:primary_interface}
+ proto: static
+ address: ${_param:single_address}
+ netmask: 255.255.255.0
+ mtu: ${_param:interface_mtu}
+ type: eth
+ tenant_interface:
+ enabled: true
+ name: ${_param:tenant_interface}
+ mtu: ${_param:interface_mtu}
+ proto: manual
+ type: eth
+ external_interface:
+ enabled: true
+ name: ${_param:external_interface}
+ mtu: ${_param:interface_mtu}
+ proto: manual
+ type: eth
+ baremetal_interface:
+ enabled: true
+ name: ${_param:baremetal_interface}
+ mtu: ${_param:interface_mtu}
+ proto: manual
+ type: eth
+ br-baremetal:
+ enabled: true
+ type: ovs_bridge
+ mtu: ${_param:interface_mtu}
+ phy-baremetal:
+ enabled: true
+ type: ovs_port
+ bridge: br-baremetal
+ proto: static
+ address: ${_param:cluster_baremetal_local_address}
+ netmask: 255.255.255.0
+ br-floating:
+ enabled: true
+ type: ovs_bridge
+ mtu: ${_param:interface_mtu}
+ br-mesh:
+ enabled: true
+ type: bridge
+ mtu: ${_param:interface_mtu}
+ proto: static
+ address: ${_param:tenant_address}
+ netmask: 255.255.255.0
+ use_interfaces:
+ - ${_param:tenant_interface}
+ float-to-ex:
+ enabled: true
+ type: ovs_port
+ mtu: ${_param:interface_mtu}
+ bridge: br-floating
+ br-ex:
+ enabled: true
+ type: bridge
+ mtu: ${_param:interface_mtu}
+ address: ${_param:external_address}
+ netmask: 255.255.255.0
+ use_interfaces:
+ - ${_param:external_interface}
+ use_ovs_ports:
+ - float-to-ex
+ ironic:
+ api:
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
+ conductor:
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}