Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / mcp-virtual-lab / bb37f13899ef886499a492dbf3677edab8144743 / . / classes / cluster / virtual-mcp-pike-dvr-ssl / openstack / control.yml
blob: 9f2c63c3c08281f8bab04ff0c1a899531cb4dd71 [file] [log] [blame]
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]1classes:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]2- system.salt.minion.cert.proxy
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]3- system.salt.minion.cert.mysql.server
4- system.salt.minion.cert.rabbitmq_server
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]5- system.linux.system.lowmem
6- system.linux.system.repo.mcp.apt_mirantis.glusterfs
7- system.linux.system.repo.mcp.apt_mirantis.openstack
8- system.linux.system.repo.mcp.extra
Martin Polreicha0addcc2018-06-25 11:32:52 +0200[diff] [blame]9- system.linux.system.repo.mcp.apt_mirantis.saltstack
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]10- system.memcached.server.single
11- system.rabbitmq.server.cluster
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]12- service.rabbitmq.server.ssl
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]13- system.rabbitmq.server.vhost.openstack
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]14- system.apache.server.site.manila
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame]15- system.apache.server.site.nova-placement
16- system.apache.server.site.cinder
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]17- system.nginx.server.single
18- system.nginx.server.proxy.openstack_api
19- system.nginx.server.proxy.openstack.designate
Mykyta Karpin70f651e2018-08-02 18:34:54 +0300[diff] [blame]20- system.nginx.server.proxy.openstack.glance_registry
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]21- system.keystone.server.wsgi
22- system.keystone.server.cluster
23- system.glusterfs.client.cluster
24- system.glusterfs.client.volume.glance
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]25- system.glusterfs.server.volume.glance
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]26- system.glusterfs.server.cluster
27- system.glance.control.cluster
28- system.nova.control.cluster
29- system.neutron.control.openvswitch.cluster
30- system.cinder.control.cluster
Oleksii Butenkof93170c2018-05-16 16:29:10 +0300[diff] [blame]31- system.cinder.control.backend.lvm
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]32- system.heat.server.cluster
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]33- system.designate.server.cluster
34- system.galera.server.cluster
Mykyta Karpina75691c2018-07-31 09:49:49 +0000[diff] [blame]35- system.apache.server.ssl
36- system.nginx.server.proxy.ssl
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]37- system.galera.server.database.cinder
38- system.galera.server.database.glance
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]39- system.galera.server.database.heat
40- system.galera.server.database.keystone
41- system.galera.server.database.nova
Dennis Dmitrievbb37f132018-10-30 12:16:11 +0200[diff] [blame^]42- system.galera.server.database.neutron
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]43- system.galera.server.database.designate
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]44- system.galera.server.database.manila
Mykyta Karpin912ac972018-03-20 11:29:23 +0200[diff] [blame]45- system.galera.server.database.aodh
46- system.galera.server.database.panko
47- system.galera.server.database.gnocchi
48- system.ceilometer.client
49- system.ceilometer.client.cinder_volume
50- system.ceilometer.client.neutron
Dennis Dmitriev0752ab12018-03-07 13:55:45 +0200[diff] [blame]51- system.haproxy.proxy.listen.openstack.placement
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]52- system.haproxy.proxy.listen.openstack.manila
53- system.manila.control.cluster
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]54- cluster.virtual-mcp-pike-dvr-ssl
55
56parameters:
57 _param:
58 keepalived_vip_interface: ens4
59 salt_minion_ca_authority: salt_master_ca
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]60 nginx_proxy_ssl:
Mykyta Karpina75691c2018-07-31 09:49:49 +0000[diff] [blame]61 authority: "${_param:salt_minion_ca_authority}"
62 key_file: "/etc/ssl/private/internal_proxy.key"
63 cert_file: "/etc/ssl/certs/internal_proxy.crt"
64 chain_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
65 apache_ssl:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]66 authority: "${_param:salt_minion_ca_authority}"
67 key_file: "/etc/ssl/private/internal_proxy.key"
68 cert_file: "/etc/ssl/certs/internal_proxy.crt"
69 chain_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
70 nginx_proxy_openstack_api_address: ${_param:cluster_local_address}
71 nginx_proxy_openstack_keystone_host: 127.0.0.1
72 nginx_proxy_openstack_nova_host: 127.0.0.1
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]73 nginx_proxy_openstack_glance_host: 127.0.0.1
74 nginx_proxy_openstack_neutron_host: 127.0.0.1
75 nginx_proxy_openstack_heat_host: 127.0.0.1
76 nginx_proxy_openstack_designate_host: 127.0.0.1
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]77 apache_manila_api_address: ${_param:single_address}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]78 apache_keystone_api_host: ${_param:single_address}
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame]79 apache_nova_placement_api_address: ${_param:cluster_local_address}
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame]80 apache_cinder_api_address: ${_param:cluster_local_address}
Mykyta Karpina75691c2018-07-31 09:49:49 +0000[diff] [blame]81
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]82 rabbitmq:
83 server:
84 ssl:
85 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]86 nginx:
87 server:
88 site:
89 nginx_proxy_openstack_api_keystone:
90 enabled: false
91 nginx_proxy_openstack_api_keystone_private:
92 enabled: false
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame]93 nginx_proxy_openstack_api_cinder:
94 enabled: false
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]95 linux:
96 system:
97 package:
98 python-msgpack:
99 version: latest
100 network:
101 interface:
102 ens4:
103 enabled: true
104 type: eth
105 proto: static
106 address: ${_param:single_address}
107 netmask: 255.255.255.0
108 keepalived:
109 cluster:
110 instance:
111 VIP:
112 virtual_router_id: 150
113 keystone:
114 server:
115 admin_email: ${_param:admin_email}
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]116 database:
117 ssl:
118 enabled: ${_param:galera_ssl_enabled}
119 message_queue:
120 port: ${_param:rabbitmq_port}
121 ssl:
122 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]123 designate:
124 pool_manager:
125 enabled: ${_param:designate_pool_manager_enabled}
126 periodic_sync_interval: ${_param:designate_pool_manager_periodic_sync_interval}
127 server:
128 identity:
129 protocol: https
130 bind:
131 api:
132 address: 127.0.0.1
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]133 database:
134 ssl:
135 enabled: ${_param:galera_ssl_enabled}
136 message_queue:
137 port: ${_param:rabbitmq_port}
138 ssl:
139 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]140 backend:
141 pdns4:
142 api_token: ${_param:designate_pdns_api_key}
143 api_endpoint: ${_param:designate_pdns_api_endpoint}
144 mdns:
145 address: ${_param:designate_mdns_address}
146 port: ${_param:designate_mdns_port}
147 pools:
148 default:
149 description: 'test pool'
150 targets:
151 default:
152 description: 'test target1'
153 default1:
154 type: ${_param:designate_pool_target_type}
155 description: 'test target2'
156 masters: ${_param:designate_pool_target_masters}
157 options:
158 host: ${_param:openstack_dns_node02_address}
159 port: 53
160 api_endpoint: "http://${_param:openstack_dns_node02_address}:${_param:powerdns_webserver_port}"
161 api_token: ${_param:designate_pdns_api_key}
162 quota:
163 zones: ${_param:designate_quota_zones}
164 glance:
165 server:
166 storage:
167 engine: file
168 images: []
169 workers: 1
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]170 bind:
171 address: 127.0.0.1
172 identity:
173 protocol: https
174 registry:
175 protocol: https
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]176 database:
177 ssl:
178 enabled: ${_param:galera_ssl_enabled}
179 message_queue:
180 port: ${_param:rabbitmq_port}
181 ssl:
182 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]183 heat:
184 server:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]185 bind:
186 api:
187 address: 127.0.0.1
188 api_cfn:
189 address: 127.0.0.1
190 api_cloudwatch:
191 address: 127.0.0.1
192 identity:
193 protocol: https
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]194 database:
195 ssl:
196 enabled: ${_param:galera_ssl_enabled}
197 message_queue:
198 port: ${_param:rabbitmq_port}
199 ssl:
200 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko8a06faa2018-07-16 14:04:54 +0300[diff] [blame]201 # Since we using self signed cert not present in images, we have to
202 # use insecure option when sending signal to wait condition from instance.
203 clients:
204 heat:
205 insecure: true
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]206 neutron:
207 server:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]208 bind:
209 address: 127.0.0.1
210 identity:
211 protocol: https
Michael Polenchukddc7c4c2018-03-14 14:14:05 +0400[diff] [blame]212 l2gw:
213 enabled: true
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]214 database:
215 ssl:
216 enabled: ${_param:galera_ssl_enabled}
217 message_queue:
218 port: ${_param:rabbitmq_port}
219 ssl:
220 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]221 nova:
222 controller:
223 networking: dvr
224 cpu_allocation: 54
225 metadata:
226 password: ${_param:metadata_password}
Oleksii Butenko0c6a75b2018-04-03 20:33:37 +0300[diff] [blame]227 bind:
228 address: ${_param:cluster_local_address}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]229 bind:
230 public_address: ${_param:cluster_vip_address}
231 novncproxy_port: 6080
232 private_address: 127.0.0.1
233 identity:
234 protocol: https
235 network:
236 protocol: https
237 glance:
238 protocol: https
239 vncproxy_url: http://${_param:cluster_vip_address}:6080
240 workers: 1
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]241 database:
242 ssl:
243 enabled: ${_param:galera_ssl_enabled}
244 message_queue:
245 port: ${_param:rabbitmq_port}
246 ssl:
247 enabled: ${_param:rabbitmq_ssl_enabled}
Mykyta Karpin6b2ed052018-04-20 13:42:57 +0300[diff] [blame]248 notification:
249 notify_on:
250 state_change: vm_and_task_state
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]251 cinder:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]252 controller:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]253 identity:
254 protocol: https
255 osapi:
256 host: 127.0.0.1
257 glance:
258 protocol: https
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]259 database:
260 ssl:
261 enabled: ${_param:galera_ssl_enabled}
262 message_queue:
263 port: ${_param:rabbitmq_port}
264 ssl:
265 enabled: ${_param:rabbitmq_ssl_enabled}
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]266 manila:
267 common:
268 identity:
269 protocol: https
Vasyl Saienko827d29d2018-03-29 13:13:27 +0300[diff] [blame]270 default_share_type: default
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]271 database:
272 ssl:
273 enabled: ${_param:galera_ssl_enabled}
274 message_queue:
275 port: ${_param:rabbitmq_port}
276 ssl:
277 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]278 salt:
279 minion:
280 cert:
281 internal_proxy:
282 host: ${_param:salt_minion_ca_host}
283 authority: ${_param:salt_minion_ca_authority}
284 common_name: internal_proxy
285 signing_policy: cert_open
286 alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_public_host},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_local_address},DNS:${_param:cluster_public_host}
287 key_file: "/etc/ssl/private/internal_proxy.key"
288 cert_file: "/etc/ssl/certs/internal_proxy.crt"
289 all_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
290 haproxy:
291 proxy:
292 listen:
293 # barbican-api:
294 # type: ~
295 # barbican-admin-api:
296 # type: ~
297 designate_api:
298 type: ~
299 keystone_public_api:
300 type: ~
301 keystone_admin_api:
302 type: ~
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]303 manila_api:
304 type: ~
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]305 nova_api:
306 type: ~
307 nova_metadata_api:
308 type: ~
309 cinder_api:
310 type: ~
311 glance_api:
312 type: ~
313 glance_registry_api:
314 type: ~
315 heat_cloudwatch_api:
316 type: ~
317 heat_api:
318 type: ~
319 heat_cfn_api:
320 type: ~
321 neutron_api:
322 type: ~
Vasyl Saienkoeadc0552018-03-15 11:00:15 +0200[diff] [blame]323 placement_api:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]324 type: ~