Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / mcp-virtual-lab / fa85f8423cfb18c5ccb2306b74810444aa9528a8 / . / classes / cluster_deprecated / virtual-mcp11-ovs-ironic-ssl / openstack / control.yml
blob: 14db25aca5192de7e5633e0d96048e48583ebc3c [file] [log] [blame]
Vasyl Saienkob58c6412018-02-21 14:18:05 +0200[diff] [blame]1classes:
2- system.linux.system.lowmem
3- system.linux.system.repo.glusterfs
4- system.linux.system.repo.mcp.openstack
5- system.linux.system.repo.mcp.extra
Martin Polreich47393e42018-08-07 10:57:41 +0200[diff] [blame]6- system.linux.system.repo.mcp.apt_mirantis.saltstack
Vasyl Saienkob58c6412018-02-21 14:18:05 +0200[diff] [blame]7- system.salt.minion.cert.mysql.server
8- system.salt.minion.cert.rabbitmq_server
9- system.memcached.server.single
10- system.rabbitmq.server.cluster
11- service.rabbitmq.server.ssl
12- system.nginx.server.single
13- system.nginx.server.proxy.openstack_api
14- system.nginx.server.proxy.openstack.ironic
15#- system.nginx.server.proxy.openstack.designate
16- system.nginx.server.proxy.openstack.placement
17- system.rabbitmq.server.vhost.openstack
18- system.keystone.server.wsgi
19- system.keystone.server.cluster
20- system.glusterfs.client.cluster
21- system.glusterfs.client.volume.glance
22- system.glusterfs.client.volume.keystone
23- system.glusterfs.server.volume.glance
24- system.glusterfs.server.volume.keystone
25- system.glusterfs.server.cluster
26- system.glance.control.cluster
27- system.heka.alarm.openstack_control
28- system.nova.control.cluster
29- system.neutron.control.openvswitch.cluster
30- system.cinder.control.cluster
31- system.haproxy.proxy.listen.openstack.ironic
32- system.haproxy.proxy.listen.openstack.nova-placement
33- system.heat.server.cluster
34- system.galera.server.cluster
Vasyl Saienkob58c6412018-02-21 14:18:05 +0200[diff] [blame]35- system.galera.server.database.ceilometer
36- system.galera.server.database.cinder
37- system.galera.server.database.glance
38- system.galera.server.database.grafana
39- system.galera.server.database.heat
40- system.galera.server.database.keystone
41- system.galera.server.database.nova
42- system.galera.server.database.ironic
43- service.ironic.client
44- system.ironic.api.cluster
45- cluster.virtual-mcp11-ovs-ironic-ssl
46parameters:
47 _param:
48 keepalived_vip_interface: ens4
49 cluster_vip_address: ${_param:openstack_control_address}
50 cluster_local_address: ${_param:single_address}
51 salt_minion_ca_host: cfg01.${linux:system:domain}
52 ### nginx ssl sites settings
53 nginx_proxy_ssl:
54 enabled: true
55 engine: salt
56 authority: "${_param:salt_minion_ca_authority}"
57 key_file: "/etc/ssl/private/internal_proxy.key"
58 cert_file: "/etc/ssl/certs/internal_proxy.crt"
59 chain_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
60 nginx_proxy_openstack_api_address: ${_param:cluster_local_address}
61 nginx_proxy_openstack_keystone_host: 127.0.0.1
62 nginx_proxy_openstack_nova_host: 127.0.0.1
63 nginx_proxy_openstack_cinder_host: 127.0.0.1
64 nginx_proxy_openstack_glance_host: 127.0.0.1
65 nginx_proxy_openstack_neutron_host: 127.0.0.1
66 nginx_proxy_openstack_heat_host: 127.0.0.1
67 nginx_proxy_openstack_designate_host: 127.0.0.1
68 nginx_proxy_openstack_placement_host: 127.0.0.1
69 nginx_proxy_openstack_ironic_host: 127.0.0.1
70 apache_keystone_api_host: ${_param:single_address}
71 apache_keystone_ssl: ${_param:nginx_proxy_ssl}
72 # Disable keystone nginx sites as we configure SSL for them in Apache
73 nginx:
74 server:
75 site:
76 nginx_proxy_openstack_api_keystone:
77 enabled: false
78 nginx_proxy_openstack_api_keystone_private:
79 enabled: false
80 linux:
81 system:
82 package:
83 python-msgpack:
84 version: latest
85 network:
86 interface:
87 ens4:
88 enabled: true
89 type: eth
90 proto: static
91 address: ${_param:single_address}
92 netmask: 255.255.255.0
93 keepalived:
94 cluster:
95 instance:
96 VIP:
97 virtual_router_id: 150
98 keystone:
99 server:
100 admin_email: ${_param:admin_email}
101 notification:
102 driver: messagingv2
103 topics: "notifications,${_param:stacklight_notification_topic}"
104 glance:
105 server:
106 storage:
107 engine: file
108 images: []
109 workers: 1
110 notification:
111 driver: messagingv2
112 topics: "notifications,${_param:stacklight_notification_topic}"
113 bind:
114 address: 127.0.0.1
115 identity:
116 protocol: https
117 registry:
118 protocol: https
119 heat:
120 server:
121 notification:
122 driver: messagingv2
123 topics: "notifications,${_param:stacklight_notification_topic}"
124 bind:
125 api:
126 address: 127.0.0.1
127 api_cfn:
128 address: 127.0.0.1
129 api_cloudwatch:
130 address: 127.0.0.1
131 neutron:
132 server:
133 notification:
134 driver: messagingv2
135 topics: "notifications,${_param:stacklight_notification_topic}"
136 bind:
137 address: 127.0.0.1
138 identity:
139 protocol: https
140 nova:
141 controller:
142 networking: dvr
143 cpu_allocation: 54
144 metadata:
145 password: ${_param:metadata_password}
146 bind:
147 address: ${_param:cluster_local_address}
148 bind:
149 private_address: 127.0.0.1
150 identity:
151 protocol: https
152 network:
153 protocol: https
154 glance:
155 protocol: https
156# bind:
157# private_address: ${_param:cluster_local_address}
158# public_address: ${_param:cluster_vip_address}
159# novncproxy_port: 6080
160 vncproxy_url: http://${_param:cluster_vip_address}:6080
161 workers: 1
162 notification:
163 driver: messagingv2
164 topics: "notifications,${_param:stacklight_notification_topic}"
165 cinder:
166 volume:
167 notification:
168 driver: messagingv2
169 topics: "notifications,${_param:stacklight_notification_topic}"
170 controller:
171 notification:
172 driver: messagingv2
173 topics: "notifications,${_param:stacklight_notification_topic}"
174 identity:
175 protocol: https
176 osapi:
177 host: 127.0.0.1
178 glance:
179 protocol: https
180 ironic:
181 api:
Vasyl Saienkoe31ccde2018-02-22 12:47:19 +0200[diff] [blame]182 public_endpoint: https://${_param:cluster_vip_address}:6385
Vasyl Saienkob58c6412018-02-21 14:18:05 +0200[diff] [blame]183 message_queue:
184 port: ${_param:rabbitmq_port}
185 ssl:
186 enabled: ${_param:rabbitmq_ssl_enabled}
187 database:
188 ssl:
189 enabled: ${_param:galera_ssl_enabled}
190 bind:
191 address: 127.0.0.1
192 identity:
193 protocol: https
194 salt:
195 minion:
196 cert:
197 internal_proxy:
198 host: ${_param:salt_minion_ca_host}
199 authority: ${_param:salt_minion_ca_authority}
200 common_name: internal_proxy
201 signing_policy: cert_open
202 alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_public_host},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_local_address},DNS:${_param:cluster_public_host}
203 key_file: "/etc/ssl/private/internal_proxy.key"
204 cert_file: "/etc/ssl/certs/internal_proxy.crt"
205 all_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
206 haproxy:
207 proxy:
208 listen:
209 keystone_public_api:
210 type: ~
211 keystone_admin_api:
212 type: ~
213 nova_api:
214 type: ~
215 nova_metadata_api:
216 type: ~
217 cinder_api:
218 type: ~
219 glance_api:
220 type: ~
221 glance_registry_api:
222 type: ~
223 heat_cloudwatch_api:
224 type: ~
225 heat_api:
226 type: ~
227 heat_cfn_api:
228 type: ~
229 neutron_api:
230 type: ~
231 nova_placement_api:
232 type: ~
233 ironic:
234 type: ~