Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / mcp-virtual-lab / ea6e786824e8c45827444ae5dca5973d49ebd11a / . / classes / cluster / virtual-mcp-pike-dvr-ssl / openstack / control.yml
blob: dd0e06037b1eb6607e8c06bc8a5e40a687b82fd4 [file] [log] [blame]
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]1classes:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]2- system.salt.minion.cert.proxy
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]3- system.salt.minion.cert.mysql.server
4- system.salt.minion.cert.rabbitmq_server
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]5- system.linux.system.lowmem
6- system.linux.system.repo.mcp.apt_mirantis.glusterfs
7- system.linux.system.repo.mcp.apt_mirantis.openstack
8- system.linux.system.repo.mcp.extra
Martin Polreicha0addcc2018-06-25 11:32:52 +0200[diff] [blame]9- system.linux.system.repo.mcp.apt_mirantis.saltstack
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]10- system.memcached.server.single
11- system.rabbitmq.server.cluster
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]12- service.rabbitmq.server.ssl
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]13- system.rabbitmq.server.vhost.openstack
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]14- system.apache.server.site.manila
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame]15- system.apache.server.site.nova-placement
16- system.apache.server.site.cinder
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]17- system.nginx.server.single
18- system.nginx.server.proxy.openstack_api
19- system.nginx.server.proxy.openstack.designate
Mykyta Karpin70f651e2018-08-02 18:34:54 +0300[diff] [blame]20- system.nginx.server.proxy.openstack.glance_registry
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]21- system.keystone.server.wsgi
22- system.keystone.server.cluster
23- system.glusterfs.client.cluster
24- system.glusterfs.client.volume.glance
25- system.glusterfs.client.volume.keystone
26- system.glusterfs.server.volume.glance
27- system.glusterfs.server.volume.keystone
28- system.glusterfs.server.cluster
29- system.glance.control.cluster
30- system.nova.control.cluster
31- system.neutron.control.openvswitch.cluster
32- system.cinder.control.cluster
Oleksii Butenkof93170c2018-05-16 16:29:10 +0300[diff] [blame]33- system.cinder.control.backend.lvm
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]34- system.heat.server.cluster
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]35- system.designate.server.cluster
36- system.galera.server.cluster
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]37- service.galera.ssl
Mykyta Karpina75691c2018-07-31 09:49:49 +0000[diff] [blame]38- system.apache.server.ssl
39- system.nginx.server.proxy.ssl
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]40- system.galera.server.database.cinder
41- system.galera.server.database.glance
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]42- system.galera.server.database.heat
43- system.galera.server.database.keystone
44- system.galera.server.database.nova
45- system.galera.server.database.designate
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]46- system.galera.server.database.manila
Mykyta Karpin912ac972018-03-20 11:29:23 +0200[diff] [blame]47- system.galera.server.database.aodh
48- system.galera.server.database.panko
49- system.galera.server.database.gnocchi
50- system.ceilometer.client
51- system.ceilometer.client.cinder_volume
52- system.ceilometer.client.neutron
Dennis Dmitriev0752ab12018-03-07 13:55:45 +0200[diff] [blame]53- system.haproxy.proxy.listen.openstack.placement
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]54- system.haproxy.proxy.listen.openstack.manila
55- system.manila.control.cluster
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]56- cluster.virtual-mcp-pike-dvr-ssl
57
58parameters:
59 _param:
60 keepalived_vip_interface: ens4
61 salt_minion_ca_authority: salt_master_ca
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]62 nginx_proxy_ssl:
Mykyta Karpina75691c2018-07-31 09:49:49 +0000[diff] [blame]63 authority: "${_param:salt_minion_ca_authority}"
64 key_file: "/etc/ssl/private/internal_proxy.key"
65 cert_file: "/etc/ssl/certs/internal_proxy.crt"
66 chain_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
67 apache_ssl:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]68 authority: "${_param:salt_minion_ca_authority}"
69 key_file: "/etc/ssl/private/internal_proxy.key"
70 cert_file: "/etc/ssl/certs/internal_proxy.crt"
71 chain_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
72 nginx_proxy_openstack_api_address: ${_param:cluster_local_address}
73 nginx_proxy_openstack_keystone_host: 127.0.0.1
74 nginx_proxy_openstack_nova_host: 127.0.0.1
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]75 nginx_proxy_openstack_glance_host: 127.0.0.1
76 nginx_proxy_openstack_neutron_host: 127.0.0.1
77 nginx_proxy_openstack_heat_host: 127.0.0.1
78 nginx_proxy_openstack_designate_host: 127.0.0.1
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]79 apache_manila_api_address: ${_param:single_address}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]80 apache_keystone_api_host: ${_param:single_address}
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame]81 apache_nova_placement_api_address: ${_param:cluster_local_address}
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame]82 apache_cinder_api_address: ${_param:cluster_local_address}
Mykyta Karpina75691c2018-07-31 09:49:49 +0000[diff] [blame]83
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]84 rabbitmq:
85 server:
86 ssl:
87 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]88 nginx:
89 server:
90 site:
91 nginx_proxy_openstack_api_keystone:
92 enabled: false
93 nginx_proxy_openstack_api_keystone_private:
94 enabled: false
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame]95 nginx_proxy_openstack_api_cinder:
96 enabled: false
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]97 linux:
98 system:
99 package:
100 python-msgpack:
101 version: latest
102 network:
103 interface:
104 ens4:
105 enabled: true
106 type: eth
107 proto: static
108 address: ${_param:single_address}
109 netmask: 255.255.255.0
110 keepalived:
111 cluster:
112 instance:
113 VIP:
114 virtual_router_id: 150
115 keystone:
116 server:
117 admin_email: ${_param:admin_email}
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]118 database:
119 ssl:
120 enabled: ${_param:galera_ssl_enabled}
121 message_queue:
122 port: ${_param:rabbitmq_port}
123 ssl:
124 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]125 designate:
126 pool_manager:
127 enabled: ${_param:designate_pool_manager_enabled}
128 periodic_sync_interval: ${_param:designate_pool_manager_periodic_sync_interval}
129 server:
130 identity:
131 protocol: https
132 bind:
133 api:
134 address: 127.0.0.1
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]135 database:
136 ssl:
137 enabled: ${_param:galera_ssl_enabled}
138 message_queue:
139 port: ${_param:rabbitmq_port}
140 ssl:
141 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]142 backend:
143 pdns4:
144 api_token: ${_param:designate_pdns_api_key}
145 api_endpoint: ${_param:designate_pdns_api_endpoint}
146 mdns:
147 address: ${_param:designate_mdns_address}
148 port: ${_param:designate_mdns_port}
149 pools:
150 default:
151 description: 'test pool'
152 targets:
153 default:
154 description: 'test target1'
155 default1:
156 type: ${_param:designate_pool_target_type}
157 description: 'test target2'
158 masters: ${_param:designate_pool_target_masters}
159 options:
160 host: ${_param:openstack_dns_node02_address}
161 port: 53
162 api_endpoint: "http://${_param:openstack_dns_node02_address}:${_param:powerdns_webserver_port}"
163 api_token: ${_param:designate_pdns_api_key}
164 quota:
165 zones: ${_param:designate_quota_zones}
166 glance:
167 server:
168 storage:
169 engine: file
170 images: []
171 workers: 1
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]172 bind:
173 address: 127.0.0.1
174 identity:
175 protocol: https
176 registry:
177 protocol: https
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]178 database:
179 ssl:
180 enabled: ${_param:galera_ssl_enabled}
181 message_queue:
182 port: ${_param:rabbitmq_port}
183 ssl:
184 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]185 heat:
186 server:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]187 bind:
188 api:
189 address: 127.0.0.1
190 api_cfn:
191 address: 127.0.0.1
192 api_cloudwatch:
193 address: 127.0.0.1
194 identity:
195 protocol: https
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]196 database:
197 ssl:
198 enabled: ${_param:galera_ssl_enabled}
199 message_queue:
200 port: ${_param:rabbitmq_port}
201 ssl:
202 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko8a06faa2018-07-16 14:04:54 +0300[diff] [blame]203 # Since we using self signed cert not present in images, we have to
204 # use insecure option when sending signal to wait condition from instance.
205 clients:
206 heat:
207 insecure: true
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]208 neutron:
209 server:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]210 bind:
211 address: 127.0.0.1
212 identity:
213 protocol: https
Michael Polenchukddc7c4c2018-03-14 14:14:05 +0400[diff] [blame]214 l2gw:
215 enabled: true
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]216 database:
217 ssl:
218 enabled: ${_param:galera_ssl_enabled}
219 message_queue:
220 port: ${_param:rabbitmq_port}
221 ssl:
222 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]223 nova:
224 controller:
225 networking: dvr
226 cpu_allocation: 54
227 metadata:
228 password: ${_param:metadata_password}
Oleksii Butenko0c6a75b2018-04-03 20:33:37 +0300[diff] [blame]229 bind:
230 address: ${_param:cluster_local_address}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]231 bind:
232 public_address: ${_param:cluster_vip_address}
233 novncproxy_port: 6080
234 private_address: 127.0.0.1
235 identity:
236 protocol: https
237 network:
238 protocol: https
239 glance:
240 protocol: https
241 vncproxy_url: http://${_param:cluster_vip_address}:6080
242 workers: 1
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]243 database:
244 ssl:
245 enabled: ${_param:galera_ssl_enabled}
246 message_queue:
247 port: ${_param:rabbitmq_port}
248 ssl:
249 enabled: ${_param:rabbitmq_ssl_enabled}
Mykyta Karpin6b2ed052018-04-20 13:42:57 +0300[diff] [blame]250 notification:
251 notify_on:
252 state_change: vm_and_task_state
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]253 cinder:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]254 controller:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]255 identity:
256 protocol: https
257 osapi:
258 host: 127.0.0.1
259 glance:
260 protocol: https
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]261 database:
262 ssl:
263 enabled: ${_param:galera_ssl_enabled}
264 message_queue:
265 port: ${_param:rabbitmq_port}
266 ssl:
267 enabled: ${_param:rabbitmq_ssl_enabled}
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]268 manila:
269 common:
270 identity:
271 protocol: https
Vasyl Saienko827d29d2018-03-29 13:13:27 +0300[diff] [blame]272 default_share_type: default
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]273 database:
274 ssl:
275 enabled: ${_param:galera_ssl_enabled}
276 message_queue:
277 port: ${_param:rabbitmq_port}
278 ssl:
279 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]280 salt:
281 minion:
282 cert:
283 internal_proxy:
284 host: ${_param:salt_minion_ca_host}
285 authority: ${_param:salt_minion_ca_authority}
286 common_name: internal_proxy
287 signing_policy: cert_open
288 alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_public_host},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_local_address},DNS:${_param:cluster_public_host}
289 key_file: "/etc/ssl/private/internal_proxy.key"
290 cert_file: "/etc/ssl/certs/internal_proxy.crt"
291 all_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
292 haproxy:
293 proxy:
294 listen:
295 # barbican-api:
296 # type: ~
297 # barbican-admin-api:
298 # type: ~
299 designate_api:
300 type: ~
301 keystone_public_api:
302 type: ~
303 keystone_admin_api:
304 type: ~
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]305 manila_api:
306 type: ~
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]307 nova_api:
308 type: ~
309 nova_metadata_api:
310 type: ~
311 cinder_api:
312 type: ~
313 glance_api:
314 type: ~
315 glance_registry_api:
316 type: ~
317 heat_cloudwatch_api:
318 type: ~
319 heat_api:
320 type: ~
321 heat_cfn_api:
322 type: ~
323 neutron_api:
324 type: ~
Vasyl Saienkoeadc0552018-03-15 11:00:15 +0200[diff] [blame]325 placement_api:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]326 type: ~