Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / mcp-virtual-lab / 827d29d21fbf5801cb28c93b919fcb32964f28d6 / . / classes / cluster / virtual-mcp-pike-dvr-ssl-barbican / openstack / control.yml
blob: 778f57d2dd007a95126dfacb15ba7da595b9427c [file] [log] [blame]
Vasyl Saienko060481c2018-03-23 14:29:13 +0200[diff] [blame]1classes:
2- system.salt.minion.cert.proxy
3- system.linux.system.lowmem
4- system.linux.system.repo.mcp.apt_mirantis.glusterfs
5- system.linux.system.repo.mcp.apt_mirantis.openstack
6- system.linux.system.repo.mcp.extra
7- system.linux.system.repo.mcp.apt_mirantis.saltstack_2016_3
8- system.memcached.server.single
9- system.rabbitmq.server.cluster
10- system.rabbitmq.server.vhost.openstack
11- system.apache.server.site.manila
12- system.apache.server.site.barbican
13- system.nginx.server.single
14- system.nginx.server.proxy.openstack_api
15- system.nginx.server.proxy.openstack.designate
16- system.nginx.server.proxy.openstack.placement
17- system.keystone.server.wsgi
18- system.keystone.server.cluster
19- system.glusterfs.client.cluster
20- system.glusterfs.client.volume.glance
21- system.glusterfs.client.volume.keystone
22- system.glusterfs.server.volume.glance
23- system.glusterfs.server.volume.keystone
24- system.glusterfs.server.cluster
25- system.glance.control.cluster
26- system.nova.control.cluster
27- system.neutron.control.openvswitch.cluster
28- system.cinder.control.cluster
29- system.heat.server.cluster
30- system.designate.server.cluster
31- system.galera.server.cluster
32- system.galera.server.database.cinder
33- system.galera.server.database.glance
34- system.galera.server.database.heat
35- system.galera.server.database.keystone
36- system.galera.server.database.nova
37- system.galera.server.database.designate
38- system.galera.server.database.manila
39- system.galera.server.database.aodh
40- system.galera.server.database.panko
41- system.galera.server.database.gnocchi
42- system.galera.server.database.barbican
43- system.dogtag.server.cluster
44- system.barbican.server.cluster
45- service.barbican.server.plugin.dogtag
46- system.ceilometer.client
47- system.ceilometer.client.cinder_volume
48- system.ceilometer.client.neutron
49- cluster.virtual-mcp-pike-dvr-ssl-barbican.openstack.dns
50- system.haproxy.proxy.listen.openstack.placement
51- system.haproxy.proxy.listen.openstack.manila
52- system.manila.control.cluster
53- cluster.virtual-mcp-pike-dvr-ssl-barbican
54parameters:
55 _param:
56 keepalived_vip_interface: ens4
57 salt_minion_ca_authority: salt_master_ca
58 ### nginx ssl sites settings
59 nginx_proxy_ssl:
60 enabled: true
61 engine: salt
62 authority: "${_param:salt_minion_ca_authority}"
63 key_file: "/etc/ssl/private/internal_proxy.key"
64 cert_file: "/etc/ssl/certs/internal_proxy.crt"
65 chain_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
66 nginx_proxy_openstack_api_address: ${_param:cluster_local_address}
67 nginx_proxy_openstack_keystone_host: 127.0.0.1
68 nginx_proxy_openstack_nova_host: 127.0.0.1
69 nginx_proxy_openstack_cinder_host: 127.0.0.1
70 nginx_proxy_openstack_glance_host: 127.0.0.1
71 nginx_proxy_openstack_neutron_host: 127.0.0.1
72 nginx_proxy_openstack_heat_host: 127.0.0.1
73 nginx_proxy_openstack_designate_host: 127.0.0.1
74 nginx_proxy_openstack_placement_host: 127.0.0.1
75 apache_manila_api_address: ${_param:single_address}
76 apache_manila_ssl: ${_param:nginx_proxy_ssl}
77 apache_keystone_api_host: ${_param:single_address}
78 apache_keystone_ssl: ${_param:nginx_proxy_ssl}
79 apache_barbican_api_address: ${_param:cluster_local_address}
80 apache_barbican_api_host: ${_param:single_address}
81 apache_barbican_ssl: ${_param:nginx_proxy_ssl}
82 barbican_dogtag_nss_password: workshop
83 barbican_dogtag_host: ${_param:cluster_vip_address}
84 # dogtag listens on 8443 but there is no way to bind it to
85 # Specific IP, as on this setup dogtag installed on ctl nodes
86 # Change port on haproxy side to avoid binding conflict.
87 haproxy_dogtag_bind_port: 8444
88 cluster_dogtag_port: 8443
89 dogtag_master_host: ctl01.${linux:system:domain}
90 dogtag_pki_admin_password: workshop
91 dogtag_pki_client_database_password: workshop
92 dogtag_pki_client_pkcs12_password: workshop
93 dogtag_pki_ds_password: workshop
94 dogtag_pki_token_password: workshop
95 dogtag_pki_security_domain_password: workshop
96 dogtag_pki_clone_pkcs12_password: workshop
97 nginx:
98 server:
99 site:
100 nginx_proxy_openstack_api_keystone:
101 enabled: false
102 nginx_proxy_openstack_api_keystone_private:
103 enabled: false
104 linux:
105 system:
106 package:
107 python-msgpack:
108 version: latest
109 network:
110 interface:
111 ens4:
112 enabled: true
113 type: eth
114 proto: static
115 address: ${_param:single_address}
116 netmask: 255.255.255.0
117 keepalived:
118 cluster:
119 instance:
120 VIP:
121 virtual_router_id: 150
122 dogtag:
123 server:
124 ldap_hostname: ${linux:network:fqdn}
125 ldap_dn_password: workshop
126 ldap_admin_password: workshop
127 export_pem_file_path: /etc/dogtag/kra_admin_cert.pem
128 # TODO drop this once reclass bumped, missing part in current version
129 apache:
130 server:
131 site:
132 barbican_admin:
133 host:
134 address: ${_param:apache_barbican_api_address}
135 name: ${_param:apache_barbican_api_host}
136 port: 9312
137 log:
138 custom:
139 format: 'combined'
140 file: '/var/log/barbican/barbican-api.log'
141 error:
142 enabled: true
143 file: '/var/log/barbican/barbican-api.log'
144 barbican:
145 server:
146 enabled: true
147 dogtag_admin_cert:
148 engine: mine
149 minion: ${_param:dogtag_master_host}
150 ks_notifications_enable: True
151 store:
152 software:
153 store_plugin: dogtag_crypto
154 global_default: True
155 plugin:
156 dogtag:
157 port: ${_param:haproxy_dogtag_bind_port}
158 keystone:
159 server:
160 admin_email: ${_param:admin_email}
161 designate:
162 pool_manager:
163 enabled: ${_param:designate_pool_manager_enabled}
164 periodic_sync_interval: ${_param:designate_pool_manager_periodic_sync_interval}
165 server:
166 identity:
167 protocol: https
168 bind:
169 api:
170 address: 127.0.0.1
171 backend:
172 pdns4:
173 api_token: ${_param:designate_pdns_api_key}
174 api_endpoint: ${_param:designate_pdns_api_endpoint}
175 mdns:
176 address: ${_param:designate_mdns_address}
177 port: ${_param:designate_mdns_port}
178 pools:
179 default:
180 description: 'test pool'
181 targets:
182 default:
183 description: 'test target1'
184 default1:
185 type: ${_param:designate_pool_target_type}
186 description: 'test target2'
187 masters: ${_param:designate_pool_target_masters}
188 options:
189 host: ${_param:openstack_dns_node02_address}
190 port: 53
191 api_endpoint: "http://${_param:openstack_dns_node02_address}:${_param:powerdns_webserver_port}"
192 api_token: ${_param:designate_pdns_api_key}
193 quota:
194 zones: ${_param:designate_quota_zones}
195 glance:
196 server:
197 barbican:
198 enabled: ${_param:barbican_integration_enabled}
199 storage:
200 engine: file
201 images: []
202 workers: 1
203 bind:
204 address: 127.0.0.1
205 identity:
206 protocol: https
207 registry:
208 protocol: https
209 heat:
210 server:
211 bind:
212 api:
213 address: 127.0.0.1
214 api_cfn:
215 address: 127.0.0.1
216 api_cloudwatch:
217 address: 127.0.0.1
218 identity:
219 protocol: https
220 neutron:
221 server:
222 bind:
223 address: 127.0.0.1
224 identity:
225 protocol: https
226 nova:
227 controller:
228 networking: dvr
229 cpu_allocation: 54
230 barbican:
231 enabled: ${_param:barbican_integration_enabled}
232 metadata:
233 password: ${_param:metadata_password}
234 bind:
235 public_address: ${_param:cluster_vip_address}
236 novncproxy_port: 6080
237 private_address: 127.0.0.1
238 identity:
239 protocol: https
240 network:
241 protocol: https
242 glance:
243 protocol: https
244 vncproxy_url: http://${_param:cluster_vip_address}:6080
245 workers: 1
246 cinder:
247 controller:
248 controller:
249 barbican:
250 enabled: ${_param:barbican_integration_enabled}
251 identity:
252 protocol: https
253 osapi:
254 host: 127.0.0.1
255 glance:
256 protocol: https
257 manila:
258 common:
259 identity:
260 protocol: https
Vasyl Saienko827d29d2018-03-29 13:13:27 +0300[diff] [blame^]261 default_share_type: default
Vasyl Saienko060481c2018-03-23 14:29:13 +0200[diff] [blame]262 salt:
263 minion:
264 cert:
265 internal_proxy:
266 host: ${_param:salt_minion_ca_host}
267 authority: ${_param:salt_minion_ca_authority}
268 common_name: internal_proxy
269 signing_policy: cert_open
270 alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_public_host},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_local_address},DNS:${_param:cluster_public_host}
271 key_file: "/etc/ssl/private/internal_proxy.key"
272 cert_file: "/etc/ssl/certs/internal_proxy.crt"
273 all_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
274 haproxy:
275 proxy:
276 listen:
277 barbican-api:
278 type: ~
279 barbican-admin-api:
280 type: ~
281 designate_api:
282 type: ~
283 keystone_public_api:
284 type: ~
285 keystone_admin_api:
286 type: ~
287 manila_api:
288 type: ~
289 nova_api:
290 type: ~
291 nova_metadata_api:
292 type: ~
293 cinder_api:
294 type: ~
295 glance_api:
296 type: ~
297 glance_registry_api:
298 type: ~
299 heat_cloudwatch_api:
300 type: ~
301 heat_api:
302 type: ~
303 heat_cfn_api:
304 type: ~
305 neutron_api:
306 type: ~
307 placement_api:
308 type: ~