Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / mcp-virtual-lab / 6b2ed05c15c80faf5203e7fdaf0ee949bd0a61c5 / . / classes / cluster / virtual-mcp-pike-dvr-ssl / openstack / control.yml
blob: 41cc920714f14821cc149becab50e93f768fd22d [file] [log] [blame]
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]1classes:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]2- system.salt.minion.cert.proxy
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]3- system.salt.minion.cert.mysql.server
4- system.salt.minion.cert.rabbitmq_server
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]5- system.linux.system.lowmem
6- system.linux.system.repo.mcp.apt_mirantis.glusterfs
7- system.linux.system.repo.mcp.apt_mirantis.openstack
8- system.linux.system.repo.mcp.extra
9- system.linux.system.repo.mcp.apt_mirantis.saltstack_2016_3
10- system.memcached.server.single
11- system.rabbitmq.server.cluster
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]12- service.rabbitmq.server.ssl
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]13- system.rabbitmq.server.vhost.openstack
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]14- system.apache.server.site.manila
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame]15- system.apache.server.site.nova-placement
16- system.apache.server.site.cinder
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]17- system.nginx.server.single
18- system.nginx.server.proxy.openstack_api
19- system.nginx.server.proxy.openstack.designate
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]20- system.keystone.server.wsgi
21- system.keystone.server.cluster
22- system.glusterfs.client.cluster
23- system.glusterfs.client.volume.glance
24- system.glusterfs.client.volume.keystone
25- system.glusterfs.server.volume.glance
26- system.glusterfs.server.volume.keystone
27- system.glusterfs.server.cluster
28- system.glance.control.cluster
29- system.nova.control.cluster
30- system.neutron.control.openvswitch.cluster
31- system.cinder.control.cluster
32- system.heat.server.cluster
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]33- system.designate.server.cluster
34- system.galera.server.cluster
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]35- service.galera.ssl
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]36- system.galera.server.database.cinder
37- system.galera.server.database.glance
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]38- system.galera.server.database.heat
39- system.galera.server.database.keystone
40- system.galera.server.database.nova
41- system.galera.server.database.designate
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]42- system.galera.server.database.manila
Mykyta Karpin912ac972018-03-20 11:29:23 +0200[diff] [blame]43- system.galera.server.database.aodh
44- system.galera.server.database.panko
45- system.galera.server.database.gnocchi
46- system.ceilometer.client
47- system.ceilometer.client.cinder_volume
48- system.ceilometer.client.neutron
Dennis Dmitriev0752ab12018-03-07 13:55:45 +0200[diff] [blame]49- system.haproxy.proxy.listen.openstack.placement
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]50- system.haproxy.proxy.listen.openstack.manila
51- system.manila.control.cluster
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]52- cluster.virtual-mcp-pike-dvr-ssl
53
54parameters:
55 _param:
56 keepalived_vip_interface: ens4
57 salt_minion_ca_authority: salt_master_ca
58 ### nginx ssl sites settings
59 nginx_proxy_ssl:
60 enabled: true
61 engine: salt
62 authority: "${_param:salt_minion_ca_authority}"
63 key_file: "/etc/ssl/private/internal_proxy.key"
64 cert_file: "/etc/ssl/certs/internal_proxy.crt"
65 chain_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
66 nginx_proxy_openstack_api_address: ${_param:cluster_local_address}
67 nginx_proxy_openstack_keystone_host: 127.0.0.1
68 nginx_proxy_openstack_nova_host: 127.0.0.1
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]69 nginx_proxy_openstack_glance_host: 127.0.0.1
70 nginx_proxy_openstack_neutron_host: 127.0.0.1
71 nginx_proxy_openstack_heat_host: 127.0.0.1
72 nginx_proxy_openstack_designate_host: 127.0.0.1
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]73 apache_manila_api_address: ${_param:single_address}
74 apache_manila_ssl: ${_param:nginx_proxy_ssl}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]75 apache_keystone_api_host: ${_param:single_address}
76 apache_keystone_ssl: ${_param:nginx_proxy_ssl}
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame]77 apache_nova_placement_api_address: ${_param:cluster_local_address}
78 apache_nova_placement_ssl: ${_param:nginx_proxy_ssl}
79 apache_cinder_api_address: ${_param:cluster_local_address}
80 apache_cinder_ssl: ${_param:nginx_proxy_ssl}
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]81 rabbitmq:
82 server:
83 ssl:
84 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]85 nginx:
86 server:
87 site:
88 nginx_proxy_openstack_api_keystone:
89 enabled: false
90 nginx_proxy_openstack_api_keystone_private:
91 enabled: false
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame]92 nginx_proxy_openstack_api_cinder:
93 enabled: false
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]94 linux:
95 system:
96 package:
97 python-msgpack:
98 version: latest
99 network:
100 interface:
101 ens4:
102 enabled: true
103 type: eth
104 proto: static
105 address: ${_param:single_address}
106 netmask: 255.255.255.0
107 keepalived:
108 cluster:
109 instance:
110 VIP:
111 virtual_router_id: 150
112 keystone:
113 server:
114 admin_email: ${_param:admin_email}
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]115 database:
116 ssl:
117 enabled: ${_param:galera_ssl_enabled}
118 message_queue:
119 port: ${_param:rabbitmq_port}
120 ssl:
121 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]122 designate:
123 pool_manager:
124 enabled: ${_param:designate_pool_manager_enabled}
125 periodic_sync_interval: ${_param:designate_pool_manager_periodic_sync_interval}
126 server:
127 identity:
128 protocol: https
129 bind:
130 api:
131 address: 127.0.0.1
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]132 database:
133 ssl:
134 enabled: ${_param:galera_ssl_enabled}
135 message_queue:
136 port: ${_param:rabbitmq_port}
137 ssl:
138 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]139 backend:
140 pdns4:
141 api_token: ${_param:designate_pdns_api_key}
142 api_endpoint: ${_param:designate_pdns_api_endpoint}
143 mdns:
144 address: ${_param:designate_mdns_address}
145 port: ${_param:designate_mdns_port}
146 pools:
147 default:
148 description: 'test pool'
149 targets:
150 default:
151 description: 'test target1'
152 default1:
153 type: ${_param:designate_pool_target_type}
154 description: 'test target2'
155 masters: ${_param:designate_pool_target_masters}
156 options:
157 host: ${_param:openstack_dns_node02_address}
158 port: 53
159 api_endpoint: "http://${_param:openstack_dns_node02_address}:${_param:powerdns_webserver_port}"
160 api_token: ${_param:designate_pdns_api_key}
161 quota:
162 zones: ${_param:designate_quota_zones}
163 glance:
164 server:
165 storage:
166 engine: file
167 images: []
168 workers: 1
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]169 bind:
170 address: 127.0.0.1
171 identity:
172 protocol: https
173 registry:
174 protocol: https
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]175 database:
176 ssl:
177 enabled: ${_param:galera_ssl_enabled}
178 message_queue:
179 port: ${_param:rabbitmq_port}
180 ssl:
181 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]182 heat:
183 server:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]184 bind:
185 api:
186 address: 127.0.0.1
187 api_cfn:
188 address: 127.0.0.1
189 api_cloudwatch:
190 address: 127.0.0.1
191 identity:
192 protocol: https
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]193 database:
194 ssl:
195 enabled: ${_param:galera_ssl_enabled}
196 message_queue:
197 port: ${_param:rabbitmq_port}
198 ssl:
199 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]200 neutron:
201 server:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]202 bind:
203 address: 127.0.0.1
204 identity:
205 protocol: https
Michael Polenchukddc7c4c2018-03-14 14:14:05 +0400[diff] [blame]206 l2gw:
207 enabled: true
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]208 database:
209 ssl:
210 enabled: ${_param:galera_ssl_enabled}
211 message_queue:
212 port: ${_param:rabbitmq_port}
213 ssl:
214 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]215 nova:
216 controller:
217 networking: dvr
218 cpu_allocation: 54
219 metadata:
220 password: ${_param:metadata_password}
Oleksii Butenko0c6a75b2018-04-03 20:33:37 +0300[diff] [blame]221 bind:
222 address: ${_param:cluster_local_address}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]223 bind:
224 public_address: ${_param:cluster_vip_address}
225 novncproxy_port: 6080
226 private_address: 127.0.0.1
227 identity:
228 protocol: https
229 network:
230 protocol: https
231 glance:
232 protocol: https
233 vncproxy_url: http://${_param:cluster_vip_address}:6080
234 workers: 1
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]235 database:
236 ssl:
237 enabled: ${_param:galera_ssl_enabled}
238 message_queue:
239 port: ${_param:rabbitmq_port}
240 ssl:
241 enabled: ${_param:rabbitmq_ssl_enabled}
Mykyta Karpin6b2ed052018-04-20 13:42:57 +0300[diff] [blame^]242 notification:
243 notify_on:
244 state_change: vm_and_task_state
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]245 cinder:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]246 controller:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]247 identity:
248 protocol: https
249 osapi:
250 host: 127.0.0.1
251 glance:
252 protocol: https
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]253 database:
254 ssl:
255 enabled: ${_param:galera_ssl_enabled}
256 message_queue:
257 port: ${_param:rabbitmq_port}
258 ssl:
259 enabled: ${_param:rabbitmq_ssl_enabled}
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]260 manila:
261 common:
262 identity:
263 protocol: https
Vasyl Saienko827d29d2018-03-29 13:13:27 +0300[diff] [blame]264 default_share_type: default
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]265 database:
266 ssl:
267 enabled: ${_param:galera_ssl_enabled}
268 message_queue:
269 port: ${_param:rabbitmq_port}
270 ssl:
271 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]272 salt:
273 minion:
274 cert:
275 internal_proxy:
276 host: ${_param:salt_minion_ca_host}
277 authority: ${_param:salt_minion_ca_authority}
278 common_name: internal_proxy
279 signing_policy: cert_open
280 alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_public_host},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_local_address},DNS:${_param:cluster_public_host}
281 key_file: "/etc/ssl/private/internal_proxy.key"
282 cert_file: "/etc/ssl/certs/internal_proxy.crt"
283 all_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
284 haproxy:
285 proxy:
286 listen:
287 # barbican-api:
288 # type: ~
289 # barbican-admin-api:
290 # type: ~
291 designate_api:
292 type: ~
293 keystone_public_api:
294 type: ~
295 keystone_admin_api:
296 type: ~
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]297 manila_api:
298 type: ~
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]299 nova_api:
300 type: ~
301 nova_metadata_api:
302 type: ~
303 cinder_api:
304 type: ~
305 glance_api:
306 type: ~
307 glance_registry_api:
308 type: ~
309 heat_cloudwatch_api:
310 type: ~
311 heat_api:
312 type: ~
313 heat_cfn_api:
314 type: ~
315 neutron_api:
316 type: ~
Vasyl Saienkoeadc0552018-03-15 11:00:15 +0200[diff] [blame]317 placement_api:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]318 type: ~