Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / mcp-virtual-lab / 5883a7c62e635cec634fbb0d88c5f684831c03b3 / . / classes / cluster / virtual-mcp-pike-dvr-ssl-barbican / openstack / control.yml
blob: 581ade2fc137e5bea0aa09b5336c8118cda97c0b [file] [log] [blame]
Vasyl Saienko060481c2018-03-23 14:29:13 +0200[diff] [blame]1classes:
2- system.salt.minion.cert.proxy
3- system.linux.system.lowmem
4- system.linux.system.repo.mcp.apt_mirantis.glusterfs
5- system.linux.system.repo.mcp.apt_mirantis.openstack
6- system.linux.system.repo.mcp.extra
7- system.linux.system.repo.mcp.apt_mirantis.saltstack_2016_3
8- system.memcached.server.single
9- system.rabbitmq.server.cluster
10- system.rabbitmq.server.vhost.openstack
11- system.apache.server.site.manila
12- system.apache.server.site.barbican
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame^]13- system.apache.server.site.nova-placement
14- system.apache.server.site.cinder
Vasyl Saienko060481c2018-03-23 14:29:13 +0200[diff] [blame]15- system.nginx.server.single
16- system.nginx.server.proxy.openstack_api
17- system.nginx.server.proxy.openstack.designate
Vasyl Saienko060481c2018-03-23 14:29:13 +0200[diff] [blame]18- system.keystone.server.wsgi
19- system.keystone.server.cluster
20- system.glusterfs.client.cluster
21- system.glusterfs.client.volume.glance
22- system.glusterfs.client.volume.keystone
23- system.glusterfs.server.volume.glance
24- system.glusterfs.server.volume.keystone
25- system.glusterfs.server.cluster
26- system.glance.control.cluster
27- system.nova.control.cluster
28- system.neutron.control.openvswitch.cluster
29- system.cinder.control.cluster
30- system.heat.server.cluster
31- system.designate.server.cluster
32- system.galera.server.cluster
33- system.galera.server.database.cinder
34- system.galera.server.database.glance
35- system.galera.server.database.heat
36- system.galera.server.database.keystone
37- system.galera.server.database.nova
38- system.galera.server.database.designate
39- system.galera.server.database.manila
40- system.galera.server.database.aodh
41- system.galera.server.database.panko
42- system.galera.server.database.gnocchi
43- system.galera.server.database.barbican
44- system.dogtag.server.cluster
45- system.barbican.server.cluster
46- service.barbican.server.plugin.dogtag
47- system.ceilometer.client
48- system.ceilometer.client.cinder_volume
49- system.ceilometer.client.neutron
50- cluster.virtual-mcp-pike-dvr-ssl-barbican.openstack.dns
51- system.haproxy.proxy.listen.openstack.placement
52- system.haproxy.proxy.listen.openstack.manila
53- system.manila.control.cluster
54- cluster.virtual-mcp-pike-dvr-ssl-barbican
55parameters:
56 _param:
57 keepalived_vip_interface: ens4
58 salt_minion_ca_authority: salt_master_ca
59 ### nginx ssl sites settings
60 nginx_proxy_ssl:
61 enabled: true
62 engine: salt
63 authority: "${_param:salt_minion_ca_authority}"
64 key_file: "/etc/ssl/private/internal_proxy.key"
65 cert_file: "/etc/ssl/certs/internal_proxy.crt"
66 chain_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
67 nginx_proxy_openstack_api_address: ${_param:cluster_local_address}
68 nginx_proxy_openstack_keystone_host: 127.0.0.1
69 nginx_proxy_openstack_nova_host: 127.0.0.1
Vasyl Saienko060481c2018-03-23 14:29:13 +0200[diff] [blame]70 nginx_proxy_openstack_glance_host: 127.0.0.1
71 nginx_proxy_openstack_neutron_host: 127.0.0.1
72 nginx_proxy_openstack_heat_host: 127.0.0.1
73 nginx_proxy_openstack_designate_host: 127.0.0.1
Vasyl Saienko060481c2018-03-23 14:29:13 +0200[diff] [blame]74 apache_manila_api_address: ${_param:single_address}
75 apache_manila_ssl: ${_param:nginx_proxy_ssl}
76 apache_keystone_api_host: ${_param:single_address}
77 apache_keystone_ssl: ${_param:nginx_proxy_ssl}
78 apache_barbican_api_address: ${_param:cluster_local_address}
79 apache_barbican_api_host: ${_param:single_address}
80 apache_barbican_ssl: ${_param:nginx_proxy_ssl}
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame^]81 apache_nova_placement_api_address: ${_param:cluster_local_address}
82 apache_nova_placement_ssl: ${_param:nginx_proxy_ssl}
Vasyl Saienko060481c2018-03-23 14:29:13 +0200[diff] [blame]83 barbican_dogtag_nss_password: workshop
84 barbican_dogtag_host: ${_param:cluster_vip_address}
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame^]85 apache_cinder_api_address: ${_param:cluster_local_address}
86 apache_cinder_ssl: ${_param:nginx_proxy_ssl}
Vasyl Saienko060481c2018-03-23 14:29:13 +0200[diff] [blame]87 # dogtag listens on 8443 but there is no way to bind it to
88 # Specific IP, as on this setup dogtag installed on ctl nodes
89 # Change port on haproxy side to avoid binding conflict.
90 haproxy_dogtag_bind_port: 8444
91 cluster_dogtag_port: 8443
92 dogtag_master_host: ctl01.${linux:system:domain}
93 dogtag_pki_admin_password: workshop
94 dogtag_pki_client_database_password: workshop
95 dogtag_pki_client_pkcs12_password: workshop
96 dogtag_pki_ds_password: workshop
97 dogtag_pki_token_password: workshop
98 dogtag_pki_security_domain_password: workshop
99 dogtag_pki_clone_pkcs12_password: workshop
100 nginx:
101 server:
102 site:
103 nginx_proxy_openstack_api_keystone:
104 enabled: false
105 nginx_proxy_openstack_api_keystone_private:
106 enabled: false
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame^]107 nginx_proxy_openstack_api_cinder:
108 enabled: false
Vasyl Saienko060481c2018-03-23 14:29:13 +0200[diff] [blame]109 linux:
110 system:
111 package:
112 python-msgpack:
113 version: latest
114 network:
115 interface:
116 ens4:
117 enabled: true
118 type: eth
119 proto: static
120 address: ${_param:single_address}
121 netmask: 255.255.255.0
122 keepalived:
123 cluster:
124 instance:
125 VIP:
126 virtual_router_id: 150
127 dogtag:
128 server:
129 ldap_hostname: ${linux:network:fqdn}
130 ldap_dn_password: workshop
131 ldap_admin_password: workshop
132 export_pem_file_path: /etc/dogtag/kra_admin_cert.pem
133 # TODO drop this once reclass bumped, missing part in current version
134 apache:
135 server:
136 site:
137 barbican_admin:
138 host:
139 address: ${_param:apache_barbican_api_address}
140 name: ${_param:apache_barbican_api_host}
141 port: 9312
142 log:
143 custom:
144 format: 'combined'
145 file: '/var/log/barbican/barbican-api.log'
146 error:
147 enabled: true
148 file: '/var/log/barbican/barbican-api.log'
149 barbican:
150 server:
151 enabled: true
152 dogtag_admin_cert:
153 engine: mine
154 minion: ${_param:dogtag_master_host}
155 ks_notifications_enable: True
156 store:
157 software:
158 store_plugin: dogtag_crypto
159 global_default: True
160 plugin:
161 dogtag:
162 port: ${_param:haproxy_dogtag_bind_port}
163 keystone:
164 server:
165 admin_email: ${_param:admin_email}
166 designate:
167 pool_manager:
168 enabled: ${_param:designate_pool_manager_enabled}
169 periodic_sync_interval: ${_param:designate_pool_manager_periodic_sync_interval}
170 server:
171 identity:
172 protocol: https
173 bind:
174 api:
175 address: 127.0.0.1
176 backend:
177 pdns4:
178 api_token: ${_param:designate_pdns_api_key}
179 api_endpoint: ${_param:designate_pdns_api_endpoint}
180 mdns:
181 address: ${_param:designate_mdns_address}
182 port: ${_param:designate_mdns_port}
183 pools:
184 default:
185 description: 'test pool'
186 targets:
187 default:
188 description: 'test target1'
189 default1:
190 type: ${_param:designate_pool_target_type}
191 description: 'test target2'
192 masters: ${_param:designate_pool_target_masters}
193 options:
194 host: ${_param:openstack_dns_node02_address}
195 port: 53
196 api_endpoint: "http://${_param:openstack_dns_node02_address}:${_param:powerdns_webserver_port}"
197 api_token: ${_param:designate_pdns_api_key}
198 quota:
199 zones: ${_param:designate_quota_zones}
200 glance:
201 server:
202 barbican:
203 enabled: ${_param:barbican_integration_enabled}
204 storage:
205 engine: file
206 images: []
207 workers: 1
208 bind:
209 address: 127.0.0.1
210 identity:
211 protocol: https
212 registry:
213 protocol: https
214 heat:
215 server:
216 bind:
217 api:
218 address: 127.0.0.1
219 api_cfn:
220 address: 127.0.0.1
221 api_cloudwatch:
222 address: 127.0.0.1
223 identity:
224 protocol: https
225 neutron:
226 server:
227 bind:
228 address: 127.0.0.1
229 identity:
230 protocol: https
231 nova:
232 controller:
233 networking: dvr
234 cpu_allocation: 54
235 barbican:
236 enabled: ${_param:barbican_integration_enabled}
237 metadata:
238 password: ${_param:metadata_password}
239 bind:
240 public_address: ${_param:cluster_vip_address}
241 novncproxy_port: 6080
242 private_address: 127.0.0.1
243 identity:
244 protocol: https
245 network:
246 protocol: https
247 glance:
248 protocol: https
249 vncproxy_url: http://${_param:cluster_vip_address}:6080
250 workers: 1
251 cinder:
252 controller:
253 controller:
254 barbican:
255 enabled: ${_param:barbican_integration_enabled}
256 identity:
257 protocol: https
258 osapi:
259 host: 127.0.0.1
260 glance:
261 protocol: https
262 manila:
263 common:
264 identity:
265 protocol: https
Vasyl Saienko827d29d2018-03-29 13:13:27 +0300[diff] [blame]266 default_share_type: default
Vasyl Saienko060481c2018-03-23 14:29:13 +0200[diff] [blame]267 salt:
268 minion:
269 cert:
270 internal_proxy:
271 host: ${_param:salt_minion_ca_host}
272 authority: ${_param:salt_minion_ca_authority}
273 common_name: internal_proxy
274 signing_policy: cert_open
275 alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_public_host},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_local_address},DNS:${_param:cluster_public_host}
276 key_file: "/etc/ssl/private/internal_proxy.key"
277 cert_file: "/etc/ssl/certs/internal_proxy.crt"
278 all_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
279 haproxy:
280 proxy:
281 listen:
282 barbican-api:
283 type: ~
284 barbican-admin-api:
285 type: ~
286 designate_api:
287 type: ~
288 keystone_public_api:
289 type: ~
290 keystone_admin_api:
291 type: ~
292 manila_api:
293 type: ~
294 nova_api:
295 type: ~
296 nova_metadata_api:
297 type: ~
298 cinder_api:
299 type: ~
300 glance_api:
301 type: ~
302 glance_registry_api:
303 type: ~
304 heat_cloudwatch_api:
305 type: ~
306 heat_api:
307 type: ~
308 heat_cfn_api:
309 type: ~
310 neutron_api:
311 type: ~
312 placement_api:
313 type: ~