Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / mcp-virtual-lab / 100a5ff0801ea6c2dc4c609af424630779e9f5b5 / . / classes / cluster / virtual-mcp-pike-dvr-ssl / openstack / control.yml
blob: 7b750a07c4daf690588988d546434857bd42f4ae [file] [log] [blame]
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]1classes:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]2- system.salt.minion.cert.proxy
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]3- system.salt.minion.cert.mysql.server
4- system.salt.minion.cert.rabbitmq_server
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]5- system.linux.system.lowmem
6- system.linux.system.repo.mcp.apt_mirantis.glusterfs
7- system.linux.system.repo.mcp.apt_mirantis.openstack
8- system.linux.system.repo.mcp.extra
Martin Polreicha0addcc2018-06-25 11:32:52 +0200[diff] [blame]9- system.linux.system.repo.mcp.apt_mirantis.saltstack
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]10- system.memcached.server.single
11- system.rabbitmq.server.cluster
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]12- service.rabbitmq.server.ssl
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]13- system.rabbitmq.server.vhost.openstack
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]14- system.apache.server.site.manila
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame]15- system.apache.server.site.nova-placement
16- system.apache.server.site.cinder
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]17- system.nginx.server.single
18- system.nginx.server.proxy.openstack_api
19- system.nginx.server.proxy.openstack.designate
Mykyta Karpin70f651e2018-08-02 18:34:54 +0300[diff] [blame]20- system.nginx.server.proxy.openstack.glance_registry
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]21- system.keystone.server.wsgi
22- system.keystone.server.cluster
23- system.glusterfs.client.cluster
24- system.glusterfs.client.volume.glance
25- system.glusterfs.client.volume.keystone
26- system.glusterfs.server.volume.glance
27- system.glusterfs.server.volume.keystone
28- system.glusterfs.server.cluster
29- system.glance.control.cluster
30- system.nova.control.cluster
31- system.neutron.control.openvswitch.cluster
32- system.cinder.control.cluster
Oleksii Butenkof93170c2018-05-16 16:29:10 +0300[diff] [blame]33- system.cinder.control.backend.lvm
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]34- system.heat.server.cluster
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]35- system.designate.server.cluster
36- system.galera.server.cluster
Mykyta Karpina75691c2018-07-31 09:49:49 +0000[diff] [blame]37- system.apache.server.ssl
38- system.nginx.server.proxy.ssl
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]39- system.galera.server.database.cinder
40- system.galera.server.database.glance
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]41- system.galera.server.database.heat
42- system.galera.server.database.keystone
43- system.galera.server.database.nova
44- system.galera.server.database.designate
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]45- system.galera.server.database.manila
Mykyta Karpin912ac972018-03-20 11:29:23 +0200[diff] [blame]46- system.galera.server.database.aodh
47- system.galera.server.database.panko
48- system.galera.server.database.gnocchi
49- system.ceilometer.client
50- system.ceilometer.client.cinder_volume
51- system.ceilometer.client.neutron
Dennis Dmitriev0752ab12018-03-07 13:55:45 +0200[diff] [blame]52- system.haproxy.proxy.listen.openstack.placement
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]53- system.haproxy.proxy.listen.openstack.manila
54- system.manila.control.cluster
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]55- cluster.virtual-mcp-pike-dvr-ssl
56
57parameters:
58 _param:
59 keepalived_vip_interface: ens4
60 salt_minion_ca_authority: salt_master_ca
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]61 nginx_proxy_ssl:
Mykyta Karpina75691c2018-07-31 09:49:49 +0000[diff] [blame]62 authority: "${_param:salt_minion_ca_authority}"
63 key_file: "/etc/ssl/private/internal_proxy.key"
64 cert_file: "/etc/ssl/certs/internal_proxy.crt"
65 chain_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
66 apache_ssl:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]67 authority: "${_param:salt_minion_ca_authority}"
68 key_file: "/etc/ssl/private/internal_proxy.key"
69 cert_file: "/etc/ssl/certs/internal_proxy.crt"
70 chain_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
71 nginx_proxy_openstack_api_address: ${_param:cluster_local_address}
72 nginx_proxy_openstack_keystone_host: 127.0.0.1
73 nginx_proxy_openstack_nova_host: 127.0.0.1
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]74 nginx_proxy_openstack_glance_host: 127.0.0.1
75 nginx_proxy_openstack_neutron_host: 127.0.0.1
76 nginx_proxy_openstack_heat_host: 127.0.0.1
77 nginx_proxy_openstack_designate_host: 127.0.0.1
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]78 apache_manila_api_address: ${_param:single_address}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]79 apache_keystone_api_host: ${_param:single_address}
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame]80 apache_nova_placement_api_address: ${_param:cluster_local_address}
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame]81 apache_cinder_api_address: ${_param:cluster_local_address}
Mykyta Karpina75691c2018-07-31 09:49:49 +0000[diff] [blame]82
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]83 rabbitmq:
84 server:
85 ssl:
86 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]87 nginx:
88 server:
89 site:
90 nginx_proxy_openstack_api_keystone:
91 enabled: false
92 nginx_proxy_openstack_api_keystone_private:
93 enabled: false
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame]94 nginx_proxy_openstack_api_cinder:
95 enabled: false
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]96 linux:
97 system:
98 package:
99 python-msgpack:
100 version: latest
101 network:
102 interface:
103 ens4:
104 enabled: true
105 type: eth
106 proto: static
107 address: ${_param:single_address}
108 netmask: 255.255.255.0
109 keepalived:
110 cluster:
111 instance:
112 VIP:
113 virtual_router_id: 150
114 keystone:
115 server:
116 admin_email: ${_param:admin_email}
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]117 database:
118 ssl:
119 enabled: ${_param:galera_ssl_enabled}
120 message_queue:
121 port: ${_param:rabbitmq_port}
122 ssl:
123 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]124 designate:
125 pool_manager:
126 enabled: ${_param:designate_pool_manager_enabled}
127 periodic_sync_interval: ${_param:designate_pool_manager_periodic_sync_interval}
128 server:
129 identity:
130 protocol: https
131 bind:
132 api:
133 address: 127.0.0.1
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]134 database:
135 ssl:
136 enabled: ${_param:galera_ssl_enabled}
137 message_queue:
138 port: ${_param:rabbitmq_port}
139 ssl:
140 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]141 backend:
142 pdns4:
143 api_token: ${_param:designate_pdns_api_key}
144 api_endpoint: ${_param:designate_pdns_api_endpoint}
145 mdns:
146 address: ${_param:designate_mdns_address}
147 port: ${_param:designate_mdns_port}
148 pools:
149 default:
150 description: 'test pool'
151 targets:
152 default:
153 description: 'test target1'
154 default1:
155 type: ${_param:designate_pool_target_type}
156 description: 'test target2'
157 masters: ${_param:designate_pool_target_masters}
158 options:
159 host: ${_param:openstack_dns_node02_address}
160 port: 53
161 api_endpoint: "http://${_param:openstack_dns_node02_address}:${_param:powerdns_webserver_port}"
162 api_token: ${_param:designate_pdns_api_key}
163 quota:
164 zones: ${_param:designate_quota_zones}
165 glance:
166 server:
167 storage:
168 engine: file
169 images: []
170 workers: 1
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]171 bind:
172 address: 127.0.0.1
173 identity:
174 protocol: https
175 registry:
176 protocol: https
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]177 database:
178 ssl:
179 enabled: ${_param:galera_ssl_enabled}
180 message_queue:
181 port: ${_param:rabbitmq_port}
182 ssl:
183 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]184 heat:
185 server:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]186 bind:
187 api:
188 address: 127.0.0.1
189 api_cfn:
190 address: 127.0.0.1
191 api_cloudwatch:
192 address: 127.0.0.1
193 identity:
194 protocol: https
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]195 database:
196 ssl:
197 enabled: ${_param:galera_ssl_enabled}
198 message_queue:
199 port: ${_param:rabbitmq_port}
200 ssl:
201 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko8a06faa2018-07-16 14:04:54 +0300[diff] [blame]202 # Since we using self signed cert not present in images, we have to
203 # use insecure option when sending signal to wait condition from instance.
204 clients:
205 heat:
206 insecure: true
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]207 neutron:
208 server:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]209 bind:
210 address: 127.0.0.1
211 identity:
212 protocol: https
Michael Polenchukddc7c4c2018-03-14 14:14:05 +0400[diff] [blame]213 l2gw:
214 enabled: true
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]215 database:
216 ssl:
217 enabled: ${_param:galera_ssl_enabled}
218 message_queue:
219 port: ${_param:rabbitmq_port}
220 ssl:
221 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]222 nova:
223 controller:
224 networking: dvr
225 cpu_allocation: 54
226 metadata:
227 password: ${_param:metadata_password}
Oleksii Butenko0c6a75b2018-04-03 20:33:37 +0300[diff] [blame]228 bind:
229 address: ${_param:cluster_local_address}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]230 bind:
231 public_address: ${_param:cluster_vip_address}
232 novncproxy_port: 6080
233 private_address: 127.0.0.1
234 identity:
235 protocol: https
236 network:
237 protocol: https
238 glance:
239 protocol: https
240 vncproxy_url: http://${_param:cluster_vip_address}:6080
241 workers: 1
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]242 database:
243 ssl:
244 enabled: ${_param:galera_ssl_enabled}
245 message_queue:
246 port: ${_param:rabbitmq_port}
247 ssl:
248 enabled: ${_param:rabbitmq_ssl_enabled}
Mykyta Karpin6b2ed052018-04-20 13:42:57 +0300[diff] [blame]249 notification:
250 notify_on:
251 state_change: vm_and_task_state
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]252 cinder:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]253 controller:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]254 identity:
255 protocol: https
256 osapi:
257 host: 127.0.0.1
258 glance:
259 protocol: https
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]260 database:
261 ssl:
262 enabled: ${_param:galera_ssl_enabled}
263 message_queue:
264 port: ${_param:rabbitmq_port}
265 ssl:
266 enabled: ${_param:rabbitmq_ssl_enabled}
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]267 manila:
268 common:
269 identity:
270 protocol: https
Vasyl Saienko827d29d2018-03-29 13:13:27 +0300[diff] [blame]271 default_share_type: default
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]272 database:
273 ssl:
274 enabled: ${_param:galera_ssl_enabled}
275 message_queue:
276 port: ${_param:rabbitmq_port}
277 ssl:
278 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]279 salt:
280 minion:
281 cert:
282 internal_proxy:
283 host: ${_param:salt_minion_ca_host}
284 authority: ${_param:salt_minion_ca_authority}
285 common_name: internal_proxy
286 signing_policy: cert_open
287 alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_public_host},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_local_address},DNS:${_param:cluster_public_host}
288 key_file: "/etc/ssl/private/internal_proxy.key"
289 cert_file: "/etc/ssl/certs/internal_proxy.crt"
290 all_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
291 haproxy:
292 proxy:
293 listen:
294 # barbican-api:
295 # type: ~
296 # barbican-admin-api:
297 # type: ~
298 designate_api:
299 type: ~
300 keystone_public_api:
301 type: ~
302 keystone_admin_api:
303 type: ~
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]304 manila_api:
305 type: ~
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]306 nova_api:
307 type: ~
308 nova_metadata_api:
309 type: ~
310 cinder_api:
311 type: ~
312 glance_api:
313 type: ~
314 glance_registry_api:
315 type: ~
316 heat_cloudwatch_api:
317 type: ~
318 heat_api:
319 type: ~
320 heat_cfn_api:
321 type: ~
322 neutron_api:
323 type: ~
Vasyl Saienkoeadc0552018-03-15 11:00:15 +0200[diff] [blame]324 placement_api:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]325 type: ~