diff --git a/Gemfile b/Gemfile deleted file mode 100644 index 31c90b5..0000000 --- a/Gemfile +++ /dev/null @@ -1,14 +0,0 @@ -## THIS GEMFILE IS DEPRECATED AND WILL BE REMOVED AFTER THE NEXT RELEASE -## THERE WON'T BE ANY UPDATES TO THIS FILE DURING THIS RELEASE CYCLE -## WE SWITCHED TO CHEFDK AS THE BUNDLE FOR THE NEEDED GEMS - -source 'https://rubygems.org' - -gem 'chef', '~> 11.18.6' -gem 'json', '<= 1.7.7' # chef 11 dependency -gem 'berkshelf', '~> 3.2.1' -gem 'hashie', '~> 2.0' -gem 'chefspec', '~> 4.0.0' -gem 'rspec', '~> 3.0.0' -gem 'foodcritic', '~> 4.0' -gem 'rubocop', '~> 0.29.1' diff --git a/README.md b/README.md index 7c69352..965f36e 100644 --- a/README.md +++ b/README.md @@ -54,150 +54,46 @@ Attributes Attributes for the Heat service are in the ['openstack']['orchestration'] namespace. -* `openstack['orchestration']['verbose']` - Enables/disables verbose output for heat services. -* `openstack['orchestration']['debug']` - Enables/disables debug output for heat services. * `openstack['orchestration']['identity_service_chef_role']` - The name of the Chef role that installs the Keystone Service API * `openstack['orchestration']['rabbit_server_chef_role']` - The name of the Chef role that knows about the message queue server * `openstack['orchestration']['user']` - User heat runs as * `openstack['orchestration']['group']` - Group heat runs as -* `openstack['orchestration']['num_engine_workers']` - Number of heat-engine processes to fork and run. -* `openstack['orchestration']['api']['workers']` - Number of workers for Heat api service. -* `openstack['orchestration']['api_cfn']['workers']` - Number of workers for Heat api cfn service. -* `openstack['orchestration']['api_cloudwatch']['workers']` - Number of workers for Heat api cloudwatch service. -* `openstack['orchestration']['db']['username']` - Username for heat database access -* `openstack['orchestration']['api']['adminURL']` - Used when registering heat endpoint with keystone -* `openstack['orchestration']['api']['internalURL']` - Used when registering heat endpoint with keystone -* `openstack['orchestration']['api']['publicURL']` - Used when registering heat endpoint with keystone -* `openstack['orchestration']['service_tenant_name']` - Tenant name used by heat when interacting with keystone - used in the API and registry paste.ini files -* `openstack['orchestration']['service_user']` - User name used by heat when interacting with keystone - used in the API and registry paste.ini files -* `openstack['orchestration']['service_role']` - User role used by heat when interacting with keystone - used in the API and registry paste.ini files -* `openstack['orchestration']['api']['auth']['cache_dir']` - Defaults to `/var/cache/heat`. Directory where `auth_token` middleware writes certificates for heat +* `openstack['db']['orchestration']['username']` - Username for heat database access +* `openstack['orchestration']['service_role']` - User role used by heat when interacting with keystone, defaults to 'service'. Used in the API and registry paste.ini files * `openstack['orchestration']['syslog']['use']` - Should heat log to syslog? -* `openstack['orchestration']['syslog']['facility']` - Which facility heat should use when logging in python style (for example, `LOG_LOCAL1`) -* `openstack['orchestration']['syslog']['config_facility']` - Which facility heat should use when logging in rsyslog style (for example, local1) -* `openstack['orchestration']['rpc_thread_pool_size']` - size of RPC thread pool -* `openstack['orchestration']['rpc_conn_pool_size']` - size of RPC connection pool -* `openstack['orchestration']['rpc_response_timeout']` - seconds to wait for a response from call or multicall * `openstack['orchestration']['platform']` - hash of platform specific package/service names and options -* `openstack['orchestration']['api']['auth']['version']` - Select v2.0 or v3.0. Default v2.0. The auth API version used to interact with identity service. -* `openstack['orchestration']['api']['auth']['memcached_servers']` - A list of memcached server(s) for caching -* `openstack['orchestration']['api']['auth']['memcache_security_strategy']` - Whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. -* `openstack['orchestration']['api']['auth']['memcache_secret_key']` - This string is used for key derivation. -* `openstack['orchestration']['api']['auth']['hash_algorithms']` - Hash algorithms to use for hashing PKI tokens. -* `openstack['orchestration']['api']['auth']['cafile']` - A PEM encoded Certificate Authority to use when verifying HTTPs connections. -* `openstack['orchestration']['api']['auth']['insecure']` - Whether to allow the client to perform insecure SSL (https) requests. +* `openstack['orchestration']['api']['auth']['version']` - Select v2.0 or v3.0. Default v2.0. The auth API version used to interact with the identity service. -Clients configurations ----------------------- -* `openstack['orchestration']['clients']['ca_file']` - A PEM encoded Certificate Authority to use for clients when verifying HTTPs connections. -* `openstack['orchestration']['clients']['cert_file']` - Cert file to use for clients when verifying HTTPs connections. -* `openstack['orchestration']['clients']['key_file']` - Private key file to use for clients when verifying HTTPs connections. -* `openstack['orchestration']['clients']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients. - -clients_ceilometer configurations ---------------------------------- -* `openstack['orchestration']['clients_ceilometer']['ca_file']` - A PEM encoded Certificate Authority to use for clients_ceilometer when verifying HTTPs connections. -* `openstack['orchestration']['clients_ceilometer']['cert_file']` - Cert file to use for clients_ceilometer when verifying HTTPs connections. -* `openstack['orchestration']['clients_ceilometer']['key_file']` - Private key file to use for clients_ceilometer when verifying HTTPs connections. -* `openstack['orchestration']['clients_ceilometer']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients_ceilometer. - -clients_cinder configurations ------------------------------ -* `openstack['orchestration']['clients_cinder']['ca_file']` - A PEM encoded Certificate Authority to use for clients_cinder when verifying HTTPs connections. -* `openstack['orchestration']['clients_cinder']['cert_file']` - Cert file to use for clients_cinder when verifying HTTPs connections. -* `openstack['orchestration']['clients_cinder']['key_file']` - Private key file to use for clients_cinder when verifying HTTPs connections. -* `openstack['orchestration']['clients_cinder']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients_cinder. - -clients_glance configurations ------------------------------ -* `openstack['orchestration']['clients_glance']['ca_file']` - A PEM encoded Certificate Authority to use for clients_glance when verifying HTTPs connections. -* `openstack['orchestration']['clients_glance']['cert_file']` - Cert file to use for clients_glance when verifying HTTPs connections. -* `openstack['orchestration']['clients_glance']['key_file']` - Private key file to use for clients_glance when verifying HTTPs connections. -* `openstack['orchestration']['clients_glance']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients_glance. - -clients_heat configurations ---------------------------- -* `openstack['orchestration']['clients_heat']['ca_file']` - A PEM encoded Certificate Authority to use for clients_heat when verifying HTTPs connections. -* `openstack['orchestration']['clients_heat']['cert_file']` - Cert file to use for clients_heat when verifying HTTPs connections. -* `openstack['orchestration']['clients_heat']['key_file']` - Private key file to use for clients_heat when verifying HTTPs connections. -* `openstack['orchestration']['clients_heat']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients_heat. - -clients_keystone configurations -------------------------------- -* `openstack['orchestration']['clients_keystone']['ca_file']` - A PEM encoded Certificate Authority to use for clients_keystone when verifying HTTPs connections. -* `openstack['orchestration']['clients_keystone']['cert_file']` - Cert file to use for clients_keystone when verifying HTTPs connections. -* `openstack['orchestration']['clients_keystone']['key_file']` - Private key file to use for clients_keystone when verifying HTTPs connections. -* `openstack['orchestration']['clients_keystone']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients_keystone. - -clients_neutron configurations ------------------------------- -* `openstack['orchestration']['clients_neutron']['ca_file']` - A PEM encoded Certificate Authority to use for clients_neutron when verifying HTTPs connections. -* `openstack['orchestration']['clients_neutron']['cert_file']` - Cert file to use for clients_neutron when verifying HTTPs connections. -* `openstack['orchestration']['clients_neutron']['key_file']` - Private key file to use for clients_neutron when verifying HTTPs connections. -* `openstack['orchestration']['clients_neutron']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients_neutron. - -clients_nova configurations ---------------------------------- -* `openstack['orchestration']['clients_nova']['ca_file']` - A PEM encoded Certificate Authority to use for clients_nova when verifying HTTPs connections. -* `openstack['orchestration']['clients_nova']['cert_file']` - Cert file to use for clients_nova when verifying HTTPs connections. -* `openstack['orchestration']['clients_nova']['key_file']` - Private key file to use for clients_nova when verifying HTTPs connections. -* `openstack['orchestration']['clients_nova']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients_nova. - -Notification definitions ------------------------- -* `openstack['orchestration']['notification_driver']` - driver -* `openstack['orchestration']['default_notification_level']` - level -* `openstack['orchestration']['default_publisher_id']` - publisher id -* `openstack['orchestration']['list_notifier_drivers']` - list of drivers -* `openstack['orchestration']['notification_topics']` - notifications topics +TODO: update this section adding new attributes MQ attributes ------------- -* `openstack["orchestration"]["mq"]["service_type"]` - Select qpid or rabbitmq. default rabbitmq -TODO: move rabbit parameters under openstack["orchestration"]["mq"] -* `openstack["orchestration"]["rabbit"]["username"]` - Username for nova rabbit access -* `openstack["orchestration"]["rabbit"]["vhost"]` - The rabbit vhost to use -* `openstack["orchestration"]["rabbit"]["port"]` - The rabbit port to use -* `openstack["orchestration"]["rabbit"]["host"]` - The rabbit host to use (must set when `openstack["orchestration"]["rabbit"]["ha"]` false). -* `openstack["orchestration"]["rabbit"]["ha"]` - Whether or not to use rabbit ha -* `openstack["orchestration"]["mq"]["qpid"]["host"]` - The qpid host to use -* `openstack["orchestration"]["mq"]["qpid"]["port"]` - The qpid port to use -* `openstack["orchestration"]["mq"]["qpid"]["qpid_hosts"]` - Qpid hosts. TODO. use only when ha is specified. -* `openstack["orchestration"]["mq"]["qpid"]["username"]` - Username for qpid connection -* `openstack["orchestration"]["mq"]["qpid"]["password"]` - Password for qpid connection -* `openstack["orchestration"]["mq"]["qpid"]["sasl_mechanisms"]` - Space separated list of SASL mechanisms to use for auth -* `openstack["orchestration"]["mq"]["qpid"]["reconnect_timeout"]` - The number of seconds to wait before deciding that a reconnect attempt has failed. -* `openstack["orchestration"]["mq"]["qpid"]["reconnect_limit"]` - The limit for the number of times to reconnect before considering the connection to be failed. -* `openstack["orchestration"]["mq"]["qpid"]["reconnect_interval_min"]` - Minimum number of seconds between connection attempts. -* `openstack["orchestration"]["mq"]["qpid"]["reconnect_interval_max"]` - Maximum number of seconds between connection attempts. -* `openstack["orchestration"]["mq"]["qpid"]["reconnect_interval"]` - Equivalent to setting qpid_reconnect_interval_min and qpid_reconnect_interval_max to the same value. -* `openstack["orchestration"]["mq"]["qpid"]["heartbeat"]` - Seconds between heartbeat messages sent to ensure that the connection is still alive. -* `openstack["orchestration"]["mq"]["qpid"]["protocol"]` - Protocol to use. Default tcp. -* `openstack["orchestration"]["mq"]["qpid"]["tcp_nodelay"]` - Disable the Nagle algorithm. default disabled. +TODO: update this section with the new attributes -The following attributes are defined in attributes/default.rb of the common cookbook, but are documented here due to their relevance: +Service bindings +---------------- -* `openstack['endpoints']['orchestration-api-bind']['host']` - The IP address to bind the service to -* `openstack['endpoints']['orchestration-api-bind']['port']` - The port to bind the service to -* `openstack['endpoints']['orchestration-api-bind']['bind_interface']` - The interface name to bind the service to +* `openstack['bind_service']['all']['orchestration-api']['host']` - The IP address to bind the service to +* `openstack['bind_service']['all']['orchestration-api']['port']` - The port to bind the service to +* `openstack['bind_service']['all']['orchestration-api']['interface']` - The interface to bind the service to -* `openstack['endpoints']['orchestration-api-cfn-bind']['host']` - The IP address to bind the service to -* `openstack['endpoints']['orchestration-api-cfn-bind']['port']` - The port to bind the service to -* `openstack['endpoints']['orchestration-api-cfn-bind']['bind_interface']` - The interface name to bind the-cfn service to +* `openstack['bind_service']['all']['orchestration-api-cfn']['host']` - The IP address to bind the service to +* `openstack['bind_service']['all']['orchestration-api-cfn']['port']` - The port to bind the service to +* `openstack['bind_service']['all']['orchestration-api-cfn']['interface']` - The interface to bind the service to -* `openstack['endpoints']['orchestration-api-cloudwatch-bind']['host']` - The IP address to bind the service to -* `openstack['endpoints']['orchestration-api-cloudwatch-bind']['port']` - The port to bind the service to -* `openstack['endpoints']['orchestration-api-cloudwatch-bind']['bind_interface']` - The interface name to bind the-cloudwatch service to +* `openstack['bind_service']['all']['orchestration-api-cloudwatch']['host']` - The IP address to bind the service to +* `openstack['bind_service']['all']['orchestration-api-cloudwatch']['port']` - The port to bind the service to +* `openstack['bind_service']['all']['orchestration-api-cloudwatch']['interface']` - The interface to bind the service to -If the value of the 'bind_interface' attribute is non-nil, then the service will be bound to the first IP address on that interface. If the value of the 'bind_interface' attribute is nil, then the service will be bound to the IP address specifie> +If the value of the 'interface' attribute is non-nil, then the service will be bound to the first IP address on that interface and +the 'host' attribute will be ignored. +If the value of the 'interface' attribute is nil (which is the default), then the service will be bound to the IP address specified +in the 'host' attribute. Miscellaneous Options --------------------- -Arrays whose elements will be copied exactly into the respective config files (contents e.g. ['option1=value1', 'option2=value2']). - -* `openstack["orchestration"]["misc_heat"]` - Array of bare options for `heat.conf`. * `orchestration_auth_encryption_key` - Key used to encrypt authentication info in the database. Length of this key must be 16, 24 or 32 characters. Comes from secrets databag. Testing @@ -215,9 +111,11 @@ License and Author | **Author** | Ionut Artarisi () | | **Author** | Mark Vanderwiel () | | **Author** | Jan Klare () | +| **Author** | Dr. Jens Rosenboom () | | | | | **Copyright** | Copyright (c) 2013-2014, IBM Corp. | | **Copyright** | Copyright (c) 2014, SUSE Linux, GmbH. | +| **Copyright** | Copyright (c) 2016, x-ion GmbH. | Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/attributes/default.rb b/attributes/default.rb index d3b2ee0..2e07004 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -17,192 +17,54 @@ # limitations under the License. # +%w(public internal admin).each do |ep_type| + # openstack orchestration-api service endpoints (used by users and services) + default['openstack']['endpoints'][ep_type]['orchestration-api']['host'] = '127.0.0.1' + default['openstack']['endpoints'][ep_type]['orchestration-api']['scheme'] = 'http' + default['openstack']['endpoints'][ep_type]['orchestration-api']['path'] = '/v1/%(tenant_id)s' + default['openstack']['endpoints'][ep_type]['orchestration-api']['port'] = 8004 + # openstack orchestration-api-cfn service endpoints (used by users and services) + default['openstack']['endpoints'][ep_type]['orchestration-api-cfn']['host'] = '127.0.0.1' + default['openstack']['endpoints'][ep_type]['orchestration-api-cfn']['scheme'] = 'http' + default['openstack']['endpoints'][ep_type]['orchestration-api-cfn']['path'] = '/v1' + default['openstack']['endpoints'][ep_type]['orchestration-api-cfn']['port'] = 8000 + # openstack orchestration-api-cloudwatch service endpoints (used by users and services) + default['openstack']['endpoints'][ep_type]['orchestration-api-cloudwatch']['host'] = '127.0.0.1' + default['openstack']['endpoints'][ep_type]['orchestration-api-cloudwatch']['scheme'] = 'http' + default['openstack']['endpoints'][ep_type]['orchestration-api-cloudwatch']['path'] = '/v1' + default['openstack']['endpoints'][ep_type]['orchestration-api-cloudwatch']['port'] = 8003 +end +default['openstack']['bind_service']['all']['orchestration-api']['host'] = '127.0.0.1' +default['openstack']['bind_service']['all']['orchestration-api']['port'] = 8004 +default['openstack']['bind_service']['all']['orchestration-api-cfn']['host'] = '127.0.0.1' +default['openstack']['bind_service']['all']['orchestration-api-cfn']['port'] = 8000 +default['openstack']['bind_service']['all']['orchestration-api-cloudwatch']['host'] = '127.0.0.1' +default['openstack']['bind_service']['all']['orchestration-api-cloudwatch']['port'] = 8003 + # Set to some text value if you want templated config files # to contain a custom banner at the top of the written file default['openstack']['orchestration']['custom_template_banner'] = ' -# This file autogenerated by Chef +# This file was autogenerated by Chef # Do not edit, changes will be overwritten ' -default['openstack']['orchestration']['verbose'] = 'False' -default['openstack']['orchestration']['debug'] = 'False' -default['openstack']['orchestration']['log_dir'] = '/var/log/heat' +default['openstack']['orchestration']['syslog']['use'] + # This is the name of the Chef role that will install the Keystone Service API default['openstack']['orchestration']['identity_service_chef_role'] = 'os-identity' -# Number of heat-engine processes to fork and run. -default['openstack']['orchestration']['num_engine_workers'] = nil -# Number of workers for Heat api service. -default['openstack']['orchestration']['api']['workers'] = 0 -# Number of workers for Heat api cfn service. -default['openstack']['orchestration']['api_cfn']['workers'] = 0 -# Number of workers for Heat api cloudwatch service. -default['openstack']['orchestration']['api_cloudwatch']['workers'] = 0 - -# Gets set in the Heat Endpoint when registering with Keystone -default['openstack']['orchestration']['region'] = node['openstack']['region'] - # The name of the Chef role that knows about the message queue server # that Heat uses default['openstack']['orchestration']['rabbit_server_chef_role'] = 'os-ops-messaging' -default['openstack']['orchestration']['service_tenant_name'] = 'service' -default['openstack']['orchestration']['service_user'] = 'heat' default['openstack']['orchestration']['service_role'] = 'service' default['openstack']['orchestration']['ec2authtoken']['auth']['version'] = 'v2.0' default['openstack']['orchestration']['api']['auth']['version'] = node['openstack']['api']['auth']['version'] -# A PEM encoded Certificate Authority to use for clients when verifying HTTPs connections. -default['openstack']['orchestration']['clients']['ca_file'] = nil -# Cert file to use for clients when verifying HTTPs connections. -default['openstack']['orchestration']['clients']['cert_file'] = nil -# Private key file to use for clients when verifying HTTPs connections. -default['openstack']['orchestration']['clients']['key_file'] = nil -# Whether to allow insecure SSL (https) requests when calling clients. -default['openstack']['orchestration']['clients']['insecure'] = false - -# A PEM encoded Certificate Authority to use for clients_ceilometer when verifying HTTPs connections. -default['openstack']['orchestration']['clients_ceilometer']['ca_file'] = node['openstack']['orchestration']['clients']['ca_file'] -# Cert file to use for clients_ceilometer when verifying HTTPs connections. -default['openstack']['orchestration']['clients_ceilometer']['cert_file'] = node['openstack']['orchestration']['clients']['cert_file'] -# Private key file to use for clients_ceilometer when verifying HTTPs connections. -default['openstack']['orchestration']['clients_ceilometer']['key_file'] = node['openstack']['orchestration']['clients']['key_file'] -# Whether to allow insecure SSL (https) requests when calling clients_ceilometer. -default['openstack']['orchestration']['clients_ceilometer']['insecure'] = node['openstack']['orchestration']['clients']['insecure'] - -# A PEM encoded Certificate Authority to use for clients_cinder when verifying HTTPs connections. -default['openstack']['orchestration']['clients_cinder']['ca_file'] = node['openstack']['orchestration']['clients']['ca_file'] -# Cert file to use for clients_cinder when verifying HTTPs connections. -default['openstack']['orchestration']['clients_cinder']['cert_file'] = node['openstack']['orchestration']['clients']['cert_file'] -# Private key file to use for clients_cinder when verifying HTTPs connections. -default['openstack']['orchestration']['clients_cinder']['key_file'] = node['openstack']['orchestration']['clients']['key_file'] -# Whether to allow insecure SSL (https) requests when calling clients_cinder. -default['openstack']['orchestration']['clients_cinder']['insecure'] = node['openstack']['orchestration']['clients']['insecure'] - -# A PEM encoded Certificate Authority to use for clients_glance when verifying HTTPs connections. -default['openstack']['orchestration']['clients_glance']['ca_file'] = node['openstack']['orchestration']['clients']['ca_file'] -# Cert file to use for clients_glance when verifying HTTPs connections. -default['openstack']['orchestration']['clients_glance']['cert_file'] = node['openstack']['orchestration']['clients']['cert_file'] -# Private key file to use for clients_glance when verifying HTTPs connections. -default['openstack']['orchestration']['clients_glance']['key_file'] = node['openstack']['orchestration']['clients']['key_file'] -# Whether to allow insecure SSL (https) requests when calling clients_glance. -default['openstack']['orchestration']['clients_glance']['insecure'] = node['openstack']['orchestration']['clients']['insecure'] - -# A PEM encoded Certificate Authority to use for clients_heat when verifying HTTPs connections. -default['openstack']['orchestration']['clients_heat']['ca_file'] = node['openstack']['orchestration']['clients']['ca_file'] -# Cert file to use for clients_heat when verifying HTTPs connections. -default['openstack']['orchestration']['clients_heat']['cert_file'] = node['openstack']['orchestration']['clients']['cert_file'] -# Private key file to use for clients_heat when verifying HTTPs connections. -default['openstack']['orchestration']['clients_heat']['key_file'] = node['openstack']['orchestration']['clients']['key_file'] -# Whether to allow insecure SSL (https) requests when calling clients_heat. -default['openstack']['orchestration']['clients_heat']['insecure'] = node['openstack']['orchestration']['clients']['insecure'] - -# A PEM encoded Certificate Authority to use for clients_keystone when verifying HTTPs connections. -default['openstack']['orchestration']['clients_keystone']['ca_file'] = node['openstack']['orchestration']['clients']['ca_file'] -# Cert file to use for clients_keystone when verifying HTTPs connections. -default['openstack']['orchestration']['clients_keystone']['cert_file'] = node['openstack']['orchestration']['clients']['cert_file'] -# Private key file to use for clients_keystone when verifying HTTPs connections. -default['openstack']['orchestration']['clients_keystone']['key_file'] = node['openstack']['orchestration']['clients']['key_file'] -# Whether to allow insecure SSL (https) requests when calling clients_keystone. -default['openstack']['orchestration']['clients_keystone']['insecure'] = node['openstack']['orchestration']['clients']['insecure'] - -# A PEM encoded Certificate Authority to use for clients_neutron when verifying HTTPs connections. -default['openstack']['orchestration']['clients_neutron']['ca_file'] = node['openstack']['orchestration']['clients']['ca_file'] -# Cert file to use for clients_neutron when verifying HTTPs connections. -default['openstack']['orchestration']['clients_neutron']['cert_file'] = node['openstack']['orchestration']['clients']['cert_file'] -# Private key file to use for clients_neutron when verifying HTTPs connections. -default['openstack']['orchestration']['clients_neutron']['key_file'] = node['openstack']['orchestration']['clients']['key_file'] -# Whether to allow insecure SSL (https) requests when calling clients_neutron. -default['openstack']['orchestration']['clients_neutron']['insecure'] = node['openstack']['orchestration']['clients']['insecure'] - -# A PEM encoded Certificate Authority to use for clients_nova when verifying HTTPs connections. -default['openstack']['orchestration']['clients_nova']['ca_file'] = node['openstack']['orchestration']['clients']['ca_file'] -# Cert file to use for clients_nova when verifying HTTPs connections. -default['openstack']['orchestration']['clients_nova']['cert_file'] = node['openstack']['orchestration']['clients']['cert_file'] -# Private key file to use for clients_nova when verifying HTTPs connections. -default['openstack']['orchestration']['clients_nova']['key_file'] = node['openstack']['orchestration']['clients']['key_file'] -# Whether to allow insecure SSL (https) requests when calling clients_nova. -default['openstack']['orchestration']['clients_nova']['insecure'] = node['openstack']['orchestration']['clients']['insecure'] - -# A list of memcached server(s) for caching -default['openstack']['orchestration']['api']['auth']['memcached_servers'] = nil - -# Whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT -default['openstack']['orchestration']['api']['auth']['memcache_security_strategy'] = nil - -# This string is used for key derivation -default['openstack']['orchestration']['api']['auth']['memcache_secret_key'] = nil - -# Hash algorithms to use for hashing PKI tokens -default['openstack']['orchestration']['api']['auth']['hash_algorithms'] = 'md5' - -# A PEM encoded Certificate Authority to use when verifying HTTPs connections -default['openstack']['orchestration']['api']['auth']['cafile'] = nil - -# Whether to allow the client to perform insecure SSL (https) requests -default['openstack']['orchestration']['api']['auth']['insecure'] = false - -# Keystone role for heat template-defined users. (string value) -default['openstack']['orchestration']['heat_stack_user_role'] = nil - -# Keystone domain id which contains heat template-defined users. -# If this option is set, stack_user_domain_name option -# will be ignored. (string value) -default['openstack']['orchestration']['stack_user_domain_id'] = nil - -# Keystone domain name which contains heat template-defined users. (string value) -default['openstack']['orchestration']['stack_user_domain_name'] = nil - -# Keystone username, a user with roles sufficient to manage -# users and projects in the stack_user_domain. (string value) -default['openstack']['orchestration']['stack_domain_admin'] = nil - -# Select deferred auth method, stored password or trusts. -default['openstack']['orchestration']['deferred_auth_method'] = 'trusts' - -# If true, will passing stack information to scheduler hints when creating instances. -default['openstack']['orchestration']['stack_scheduler_hints'] = false - -# If set, heat API service will bind to the address on this interface, -# otherwise it will bind to the API endpoint's host. -default['openstack']['orchestration']['api']['bind_interface'] = nil - -# If set, heat api-cfn service will bind to the address on this interface, -# otherwise it will bind to the API endpoint's host. -default['openstack']['orchestration']['api-cfn']['bind_interface'] = nil - -# If set, heat api-cloudwatch service will bind to the address on this interface, -# otherwise it will bind to the API endpoint's host. -default['openstack']['orchestration']['api-cloudwatch']['bind_interface'] = nil - -# Keystone PKI signing directory. Only written to the filter:authtoken section -# of the api-paste.ini when node['openstack']['auth']['strategy'] == 'pki' -default['openstack']['orchestration']['api']['auth']['cache_dir'] = '/var/cache/heat' - -# logging attribute -default['openstack']['orchestration']['syslog']['use'] = false -default['openstack']['orchestration']['syslog']['facility'] = 'LOG_LOCAL2' -default['openstack']['orchestration']['syslog']['config_facility'] = 'local2' - -# Common rpc definitions -default['openstack']['orchestration']['rpc_thread_pool_size'] = 64 -default['openstack']['orchestration']['rpc_conn_pool_size'] = 30 -default['openstack']['orchestration']['rpc_response_timeout'] = 60 - -# Notification definitions -default['openstack']['orchestration']['notification_driver'] = 'heat.openstack.common.notifier.rpc_notifier' -default['openstack']['orchestration']['default_notification_level'] = 'INFO' -default['openstack']['orchestration']['default_publisher_id'] = '' -default['openstack']['orchestration']['list_notifier_drivers'] = 'heat.openstack.common.notifier.no_op_notifier' -default['openstack']['orchestration']['notification_topics'] = 'notifications' - -# Array of options for `heat.conf` (e.g. ['option1=value1', 'option2=value2']) -default['openstack']['orchestration']['misc_heat'] = nil - # platform-specific settings case platform_family -when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this +when 'rhel' default['openstack']['orchestration']['user'] = 'heat' default['openstack']['orchestration']['group'] = 'heat' default['openstack']['orchestration']['platform'] = { diff --git a/attributes/heat_conf.rb b/attributes/heat_conf.rb new file mode 100644 index 0000000..f895b36 --- /dev/null +++ b/attributes/heat_conf.rb @@ -0,0 +1,26 @@ +# encoding: UTF-8 +# +# Cookbook Name:: openstack-orchestration +# Attributes:: default +# +# Copyright 2013, IBM Corp. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default['openstack']['orchestration']['conf']['DEFAULT']['log_dir'] = '/var/log/heat' +default['openstack']['orchestration']['conf']['DEFAULT']['notification_driver'] = 'heat.openstack.common.notifier.rpc_notifier' +default['openstack']['orchestration']['conf']['keystone_authtoken']['auth_plugin'] = 'v2password' +default['openstack']['orchestration']['conf']['keystone_authtoken']['username'] = 'heat' +default['openstack']['orchestration']['conf']['keystone_authtoken']['tenant_name'] = 'service' +default['openstack']['orchestration']['conf']['trustee']['auth_plugin'] = 'v2password' +default['openstack']['orchestration']['conf']['trustee']['username'] = 'heat' diff --git a/metadata.rb b/metadata.rb index 57c82c6..1fd115c 100644 --- a/metadata.rb +++ b/metadata.rb @@ -5,7 +5,7 @@ maintainer_email 'openstack-dev@lists.openstack.org' license 'Apache 2.0' description 'Installs and configures the Heat Service' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version '12.0.0' +version '13.0.0' recipe 'openstack-orchestration::api', 'Start and configure the Heat API service' recipe 'openstack-orchestration::api-cfn', 'Start and configure the Heat API CloudFormation service' recipe 'openstack-orchestration::api-cloudwatch', 'Start and configure the Heat API CloudWatch service' @@ -14,9 +14,9 @@ recipe 'openstack-orchestration::common', 'Installs packages and configures a He recipe 'openstack-orchestration::engine', 'Sets up Heat database and starts Heat Engine service' recipe 'openstack-orchestration::identity_registration', 'Registers Heat service, user and endpoints with Keystone' -%w(ubuntu fedora redhat centos).each do |os| +%w(ubuntu redhat centos).each do |os| supports os end -depends 'openstack-common', '>= 12.0.0' -depends 'openstack-identity', '>= 12.0.0' +depends 'openstack-common', '>= 13.0.0' +depends 'openstack-identity', '>= 13.0.0' diff --git a/recipes/common.rb b/recipes/common.rb index 64188f9..23b0da8 100644 --- a/recipes/common.rb +++ b/recipes/common.rb @@ -49,91 +49,98 @@ node['openstack']['db']['python_packages'][db_type].each do |pkg| end end +unless node['openstack']['orchestration']['conf']['DEFAULT']['rpc_backend'].nil? && + node['openstack']['orchestration']['conf']['DEFAULT']['rpc_backend'] == 'rabbit' + user = node['openstack']['mq']['orchestration']['rabbit']['userid'] + node.default['openstack']['orchestration']['conf'] + .[]('oslo_messaging_rabbit')['rabbit_userid'] = user + node.default['openstack']['orchestration']['conf_secrets'] + .[]('oslo_messaging_rabbit')['rabbit_password'] = + get_password 'user', user +end + db_user = node['openstack']['db']['orchestration']['username'] db_pass = get_password 'db', 'heat' -sql_connection = db_uri('orchestration', db_user, db_pass) -identity_endpoint = internal_endpoint 'identity-internal' -identity_admin_endpoint = admin_endpoint 'identity-admin' -heat_api_bind = internal_endpoint 'orchestration-api-bind' -heat_api_endpoint = internal_endpoint 'orchestration-api' -heat_api_cfn_bind = internal_endpoint 'orchestration-api-cfn-bind' -heat_api_cfn_endpoint = internal_endpoint 'orchestration-api-cfn' -heat_api_cloudwatch_bind = internal_endpoint 'orchestration-api-cloudwatch-bind' -heat_api_cloudwatch_endpoint = internal_endpoint 'orchestration-api-cloudwatch' +identity_endpoint = internal_endpoint 'identity' +identity_admin_endpoint = admin_endpoint 'identity' -service_pass = get_password 'service', 'openstack-orchestration' -auth_encryption_key = get_password 'token', 'orchestration_auth_encryption_key' - -stack_domain_admin_password = nil -if node['openstack']['orchestration']['stack_domain_admin'] - stack_domain_admin_password = get_password 'user', node['openstack']['orchestration']['stack_domain_admin'] -end +bind_services = node['openstack']['bind_service']['all'] +api_bind = bind_services['orchestration-api'] +api_cfn_bind = bind_services['orchestration-api-cfn'] +api_cfn_endpoint = internal_endpoint 'orchestration-api-cfn' +api_cw_bind = bind_services['orchestration-api-cloudwatch'] +api_cw_endpoint = internal_endpoint 'orchestration-api-cloudwatch' ec2_auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['orchestration']['ec2authtoken']['auth']['version'] auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['orchestration']['api']['auth']['version'] -identity_uri = identity_uri_transform(identity_admin_endpoint) -mq_service_type = node['openstack']['mq']['orchestration']['service_type'] +# We need these URIs without their default path +metadata_uri = "#{api_cfn_endpoint.scheme}://#{api_cfn_endpoint.host}:#{api_cfn_endpoint.port}" +watch_uri = "#{api_cw_endpoint.scheme}://#{api_cw_endpoint.host}:#{api_cw_endpoint.port}" -if mq_service_type == 'rabbitmq' - if node['openstack']['mq']['orchestration']['rabbit']['ha'] - rabbit_hosts = rabbit_servers - end - mq_password = get_password 'user', node['openstack']['mq']['orchestration']['rabbit']['userid'] -elsif mq_service_type == 'qpid' - mq_password = get_password 'user', node['openstack']['mq']['orchestration']['qpid']['username'] +# define attributes that are needed in the heat.conf +node.default['openstack']['orchestration']['conf'].tap do |conf| + conf['DEFAULT']['heat_metadata_server_url'] = metadata_uri + conf['DEFAULT']['heat_waitcondition_server_url'] = "#{api_cfn_endpoint}/waitcondition" + conf['DEFAULT']['heat_watch_server_url'] = watch_uri + conf['DEFAULT']['region_name_for_services'] = node['openstack']['region'] + conf['clients_keystone']['auth_uri'] = auth_uri + conf['ec2authtoken']['auth_uri'] = ec2_auth_uri + conf['heat_api']['bind_host'] = bind_address api_bind + conf['heat_api']['bind_port'] = api_bind.port + conf['heat_api_cfn']['bind_host'] = bind_address api_cfn_bind + conf['heat_api_cfn']['bind_port'] = api_cfn_bind.port + conf['heat_api_cloudwatch']['bind_host'] = bind_address api_cw_bind + conf['heat_api_cloudwatch']['bind_port'] = api_cw_bind.port + conf['keystone_authtoken']['auth_url'] = auth_uri + conf['trustee']['auth_url'] = identity_admin_endpoint end +# define secrets that are needed in the heat.conf +node.default['openstack']['orchestration']['conf_secrets'].tap do |conf_secrets| + conf_secrets['DEFAULT']['auth_encryption_key'] = + get_password 'token', 'orchestration_auth_encryption_key' + conf_secrets['database']['connection'] = + db_uri('orchestration', db_user, db_pass) + conf_secrets['keystone_authtoken']['password'] = + get_password 'service', 'openstack-orchestration' + conf_secrets['trustee']['password'] = + get_password 'service', 'openstack-orchestration' +end + +# merge all config options and secrets to be used in the heat.conf +heat_conf_options = merge_config_options 'orchestration' + directory '/etc/heat' do - group node['openstack']['orchestration']['group'] owner node['openstack']['orchestration']['user'] - mode 00700 + group node['openstack']['orchestration']['group'] + mode 00750 action :create end directory '/etc/heat/environment.d' do - group node['openstack']['orchestration']['group'] owner node['openstack']['orchestration']['user'] - mode 00700 + group node['openstack']['orchestration']['group'] + mode 00750 action :create end -directory node['openstack']['orchestration']['api']['auth']['cache_dir'] do - owner node['openstack']['orchestration']['user'] - group node['openstack']['orchestration']['group'] - mode 00700 -end - template '/etc/heat/heat.conf' do - source 'heat.conf.erb' - group node['openstack']['orchestration']['group'] + source 'openstack-service.conf.erb' + cookbook 'openstack-common' owner node['openstack']['orchestration']['user'] + group node['openstack']['orchestration']['group'] mode 00640 variables( - stack_domain_admin_password: stack_domain_admin_password, - mq_service_type: mq_service_type, - mq_password: mq_password, - rabbit_hosts: rabbit_hosts, - ec2_auth_uri: ec2_auth_uri, - auth_uri: auth_uri, - identity_uri: identity_uri, - service_pass: service_pass, - auth_encryption_key: auth_encryption_key, - sql_connection: sql_connection, - heat_api_bind: heat_api_bind, - heat_api_endpoint: heat_api_endpoint, - heat_api_cfn_bind: heat_api_cfn_bind, - heat_api_cfn_endpoint: heat_api_cfn_endpoint, - heat_api_cloudwatch_bind: heat_api_cloudwatch_bind, - heat_api_cloudwatch_endpoint: heat_api_cloudwatch_endpoint + service_config: heat_conf_options ) end template '/etc/heat/environment.d/default.yaml' do source 'default.yaml.erb' - group node['openstack']['orchestration']['group'] owner node['openstack']['orchestration']['user'] + group node['openstack']['orchestration']['group'] mode 00644 end diff --git a/recipes/identity_registration.rb b/recipes/identity_registration.rb index c2d3055..a46dc98 100644 --- a/recipes/identity_registration.rb +++ b/recipes/identity_registration.rb @@ -24,7 +24,7 @@ class ::Chef::Recipe # rubocop:disable Documentation include ::Openstack end -identity_admin_endpoint = admin_endpoint 'identity-admin' +identity_admin_endpoint = admin_endpoint 'identity' token = get_password 'token', 'openstack_identity_bootstrap_token' auth_url = ::URI.decode identity_admin_endpoint.to_s @@ -37,11 +37,10 @@ internal_heat_cfn_endpoint = internal_endpoint 'orchestration-api-cfn' public_heat_cfn_endpoint = public_endpoint 'orchestration-api-cfn' service_pass = get_password 'service', 'openstack-orchestration' -service_tenant_name = node['openstack']['orchestration']['service_tenant_name'] -service_user = node['openstack']['orchestration']['service_user'] +service_tenant_name = node['openstack']['orchestration']['conf']['keystone_authtoken']['tenant_name'] +service_user = node['openstack']['orchestration']['conf']['keystone_authtoken']['username'] service_role = node['openstack']['orchestration']['service_role'] -region = node['openstack']['orchestration']['region'] -stack_user_role = node['openstack']['orchestration']['heat_stack_user_role'] +region = node['openstack']['orchestration']['conf']['DEFAULT']['region_name_for_services'] # Do not configure a service/endpoint in keystone for heat-api-cloudwatch(Bug #1167927), # See discussions on https://bugs.launchpad.net/heat/+bug/1167927 @@ -133,39 +132,3 @@ openstack_identity_register "Grant '#{service_role}' Role to #{service_user} Use action :grant_role end - -## Create role for heat template defined users ## -openstack_identity_register "Create '#{stack_user_role}' Role for template defined users" do - auth_uri auth_url - bootstrap_token token - role_name stack_user_role - - action :create_role - not_if { stack_user_role.nil? } -end - -stack_user_domain_name = node['openstack']['orchestration']['stack_user_domain_name'] -stack_domain_admin = node['openstack']['orchestration']['stack_domain_admin'] - -if !stack_user_role.nil? && !stack_user_domain_name.nil? && !stack_domain_admin.nil? - stack_domain_admin_password = get_password 'user', stack_domain_admin - admin_user = node['openstack']['identity']['admin_user'] - admin_pass = get_password 'user', admin_user - ca_cert = node['openstack']['orchestration']['clients']['ca_file'] - cert_file = node['openstack']['orchestration']['clients']['cert_file'] - key_file = node['openstack']['orchestration']['clients']['key_file'] - insecure = node['openstack']['orchestration']['clients']['insecure'] && '--insecure' || '' - - execute 'heat-keystone-setup-domain' do - environment 'OS_USERNAME' => admin_user, - 'OS_PASSWORD' => admin_pass, - 'OS_AUTH_URL' => auth_url, - 'OS_CACERT' => ca_cert, - 'OS_CERT' => cert_file, - 'OS_KEY' => key_file, - 'HEAT_DOMAIN' => stack_user_domain_name, - 'HEAT_DOMAIN_ADMIN' => stack_domain_admin, - 'HEAT_DOMAIN_PASSWORD' => stack_domain_admin_password - command "heat-keystone-setup-domain #{insecure}" - end -end diff --git a/spec/common_spec.rb b/spec/common_spec.rb index accb2a0..928c27d 100644 --- a/spec/common_spec.rb +++ b/spec/common_spec.rb @@ -31,14 +31,5 @@ describe 'openstack-orchestration::common' do expect(chef_run).not_to upgrade_package 'python-ibm-db' expect(chef_run).not_to upgrade_package 'python-ibm-db-sa' end - - describe 'heat.conf' do - let(:file) { chef_run.template('/etc/heat/heat.conf') } - - it 'adds misc_heat array correctly' do - node.set['openstack']['orchestration']['misc_heat'] = ['MISC_OPTION=FOO'] - expect(chef_run).to render_file(file.name).with_content('MISC_OPTION=FOO') - end - end end end diff --git a/spec/identity_registration_spec.rb b/spec/identity_registration_spec.rb index 89524aa..ca8c737 100644 --- a/spec/identity_registration_spec.rb +++ b/spec/identity_registration_spec.rb @@ -68,83 +68,14 @@ describe 'openstack-orchestration::identity_registration' do ) end - it 'register heat-api endpoint with different admin url' do + it 'registers heat-api endpoint with different urls' do admin_url = 'https://admin.host:123/admin_path' - general_url = 'http://general.host:456/general_path' - - # Set the general endpoint - node.set['openstack']['endpoints']['orchestration-api']['uri'] = general_url - # Set the admin endpoint override - node.set['openstack']['endpoints']['admin']['orchestration-api']['uri'] = admin_url - - expect(chef_run).to create_endpoint_openstack_identity_register( - 'Register Heat Orchestration Endpoint' - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_type: 'orchestration', - endpoint_region: 'RegionOne', - endpoint_adminurl: admin_url, - endpoint_internalurl: general_url, - endpoint_publicurl: general_url, - action: [:create_endpoint] - ) - end - - it 'register heat-api endpoint with different public url' do - public_url = 'https://public.host:789/public_path' - general_url = 'http://general.host:456/general_path' - - # Set the general endpoint - node.set['openstack']['endpoints']['orchestration-api']['uri'] = general_url - # Set the public endpoint override - node.set['openstack']['endpoints']['public']['orchestration-api']['uri'] = public_url - - expect(chef_run).to create_endpoint_openstack_identity_register( - 'Register Heat Orchestration Endpoint' - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_type: 'orchestration', - endpoint_region: 'RegionOne', - endpoint_adminurl: general_url, - endpoint_internalurl: general_url, - endpoint_publicurl: public_url, - action: [:create_endpoint] - ) - end - - it 'register heat-api endpoint with different internal url' do + public_url = 'http://public.host:456/public_path' internal_url = 'http://internal.host:456/internal_path' - general_url = 'http://general.host:456/general_path' - - # Set general endpoint - node.set['openstack']['endpoints']['orchestration-api']['uri'] = general_url - # Set the internal endpoint override - node.set['openstack']['endpoints']['internal']['orchestration-api']['uri'] = internal_url - - expect(chef_run).to create_endpoint_openstack_identity_register( - 'Register Heat Orchestration Endpoint' - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_type: 'orchestration', - endpoint_region: 'RegionOne', - endpoint_adminurl: general_url, - endpoint_internalurl: internal_url, - endpoint_publicurl: general_url, - action: [:create_endpoint] - ) - end - - it 'register heat-api endpoint with all different urls' do - admin_url = 'https://admin.host:123/admin_path' - internal_url = 'http://internal.host:456/internal_path' - public_url = 'https://public.host:789/public_path' node.set['openstack']['endpoints']['admin']['orchestration-api']['uri'] = admin_url - node.set['openstack']['endpoints']['internal']['orchestration-api']['uri'] = internal_url node.set['openstack']['endpoints']['public']['orchestration-api']['uri'] = public_url + node.set['openstack']['endpoints']['internal']['orchestration-api']['uri'] = internal_url expect(chef_run).to create_endpoint_openstack_identity_register( 'Register Heat Orchestration Endpoint' @@ -175,69 +106,6 @@ describe 'openstack-orchestration::identity_registration' do ) end - it 'register heat-cfn endpoint with different admin url' do - admin_url = 'https://admin.host:123/admin_path' - general_url = 'http://general.host:456/general_path' - # Set the general endpoint - node.set['openstack']['endpoints']['orchestration-api-cfn']['uri'] = general_url - # Set the admin endpoint override - node.set['openstack']['endpoints']['admin']['orchestration-api-cfn']['uri'] = admin_url - expect(chef_run).to create_endpoint_openstack_identity_register( - 'Register Heat Cloudformation Endpoint' - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_type: 'cloudformation', - endpoint_region: 'RegionOne', - endpoint_adminurl: admin_url, - endpoint_internalurl: general_url, - endpoint_publicurl: general_url, - action: [:create_endpoint] - ) - end - - it 'register heat-cfn endpoint with different public url' do - public_url = 'https://public.host:789/public_path' - general_url = 'http://general.host:456/general_path' - # Set the general endpoint - node.set['openstack']['endpoints']['orchestration-api-cfn']['uri'] = general_url - # Set the public endpoint override - node.set['openstack']['endpoints']['public']['orchestration-api-cfn']['uri'] = public_url - expect(chef_run).to create_endpoint_openstack_identity_register( - 'Register Heat Cloudformation Endpoint' - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_type: 'cloudformation', - endpoint_region: 'RegionOne', - endpoint_adminurl: general_url, - endpoint_internalurl: general_url, - endpoint_publicurl: public_url, - action: [:create_endpoint] - ) - end - - it 'register heat-cfn endpoint with different internal url' do - internal_url = 'http://internal.host:456/internal_path' - general_url = 'http://general.host:456/general_path' - # Set the general endpoint - node.set['openstack']['endpoints']['orchestration-api-cfn']['uri'] = general_url - # Set the internal endpoint override - node.set['openstack']['endpoints']['internal']['orchestration-api-cfn']['uri'] = internal_url - expect(chef_run).to create_endpoint_openstack_identity_register( - 'Register Heat Cloudformation Endpoint' - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_type: 'cloudformation', - endpoint_region: 'RegionOne', - endpoint_adminurl: general_url, - endpoint_internalurl: internal_url, - endpoint_publicurl: general_url, - action: [:create_endpoint] - ) - end - it 'register heat-cfn endpoint with all different urls' do admin_url = 'https://admin.host:123/admin_path' internal_url = 'http://internal.host:456/internal_path' @@ -308,68 +176,5 @@ describe 'openstack-orchestration::identity_registration' do action: [:create_role] ) end - - it 'creates role for template defined users' do - node.set['openstack']['orchestration']['heat_stack_user_role'] = 'heat_stack_user' - expect(chef_run).to create_role_openstack_identity_register( - "Create 'heat_stack_user' Role for template defined users" - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - role_name: 'heat_stack_user', - action: [:create_role] - ) - end - - it 'does not call domain setup script by default' do - expect(chef_run).not_to run_execute('heat-keystone-setup-domain') - end - - it 'calls domain setup script with insecure mode' do - node.set['openstack']['orchestration']['heat_stack_user_role'] = 'heat_stack_user' - node.set['openstack']['orchestration']['stack_user_domain_name'] = 'stack_user_domain_name' - node.set['openstack']['orchestration']['stack_domain_admin'] = 'stack_domain_admin' - node.set['openstack']['orchestration']['clients']['insecure'] = true - node.set['openstack']['endpoints']['identity-admin']['scheme'] = 'https' - - expect(chef_run).to run_execute('heat-keystone-setup-domain --insecure') - .with( - environment: { 'OS_USERNAME' => 'admin', - 'OS_PASSWORD' => 'admin_pass', - 'OS_AUTH_URL' => 'https://127.0.0.1:35357/v2.0', - 'OS_CACERT' => nil, - 'OS_CERT' => nil, - 'OS_KEY' => nil, - 'HEAT_DOMAIN' => 'stack_user_domain_name', - 'HEAT_DOMAIN_ADMIN' => 'stack_domain_admin', - 'HEAT_DOMAIN_PASSWORD' => 'stack_domain_admin_pass' - } - ) - end - - it 'calls domain setup script with secure mode' do - node.set['openstack']['orchestration']['heat_stack_user_role'] = 'heat_stack_user' - node.set['openstack']['orchestration']['stack_user_domain_name'] = 'stack_user_domain_name' - node.set['openstack']['orchestration']['stack_domain_admin'] = 'stack_domain_admin' - node.set['openstack']['orchestration']['clients']['insecure'] = false - node.set['openstack']['orchestration']['clients']['ca_file'] = 'path/cacert' - node.set['openstack']['orchestration']['clients']['cert_file'] = 'path/cert_file' - node.set['openstack']['orchestration']['clients']['key_file'] = 'path/key_file' - node.set['openstack']['endpoints']['identity-admin']['scheme'] = 'https' - - expect(chef_run).to run_execute('heat-keystone-setup-domain ') - .with( - environment: { 'OS_USERNAME' => 'admin', - 'OS_PASSWORD' => 'admin_pass', - 'OS_AUTH_URL' => 'https://127.0.0.1:35357/v2.0', - 'OS_CACERT' => 'path/cacert', - 'OS_CERT' => 'path/cert_file', - 'OS_KEY' => 'path/key_file', - 'HEAT_DOMAIN' => 'stack_user_domain_name', - 'HEAT_DOMAIN_ADMIN' => 'stack_domain_admin', - 'HEAT_DOMAIN_PASSWORD' => 'stack_domain_admin_pass' - } - ) - end end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 018a252..ef6442c 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -43,15 +43,9 @@ shared_context 'orchestration_stubs' do allow_any_instance_of(Chef::Recipe).to receive(:get_password) .with('user', 'admin-user') .and_return 'admin-pass' - allow_any_instance_of(Chef::Recipe).to receive(:get_password) - .with('user', 'heat_stack_admin') - .and_return 'heat_stack_domain_admin_password' allow_any_instance_of(Chef::Recipe).to receive(:get_password) .with('service', 'openstack-orchestration') .and_return 'heat-pass' - allow_any_instance_of(Chef::Recipe).to receive(:get_password) - .with('user', 'stack_domain_admin') - .and_return 'stack_domain_admin_pass' allow_any_instance_of(Chef::Recipe).to receive(:get_password) .with('user', 'admin') .and_return 'admin_pass' @@ -103,7 +97,7 @@ shared_examples 'expects to create heat directories' do expect(chef_run).to create_directory('/etc/heat').with( owner: 'heat', group: 'heat', - mode: 0700 + mode: 0750 ) end @@ -111,15 +105,7 @@ shared_examples 'expects to create heat directories' do expect(chef_run).to create_directory('/etc/heat/environment.d').with( owner: 'heat', group: 'heat', - mode: 0700 - ) - end - - it 'creates /var/cache/heat' do - expect(chef_run).to create_directory('/var/cache/heat').with( - owner: 'heat', - group: 'heat', - mode: 0700 + mode: 0750 ) end end @@ -136,356 +122,105 @@ shared_examples 'expects to create heat conf' do ) end - describe 'workers' do - it 'has default worker values' do - [ - 'heat_api', - 'heat_api_cfn', - 'heat_api_cloudwatch' - ].each do |section| - expect(chef_run).to render_config_file(file.name).with_section_content(section, /^workers=0$/) - end - end - - it 'has engine workers not set by default' do - expect(chef_run).not_to render_config_file(file.name).with_section_content('DEFAULT', /^num_engine_workers=/) - end - - it 'allows engine workers override' do - node.set['openstack']['orchestration']['num_engine_workers'] = 5 - expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^num_engine_workers=5$/) - end - end - - it 'uses default values for these attributes and they are not set' do - expect(chef_run).not_to render_file(file.name).with_content( - /^memcached_servers=/) - expect(chef_run).not_to render_file(file.name).with_content( - /^memcache_security_strategy=/) - expect(chef_run).not_to render_file(file.name).with_content( - /^memcache_secret_key=/) - expect(chef_run).not_to render_file(file.name).with_content( - /^cafile=/) - end - - it 'sets memcached server(s)' do - node.set['openstack']['orchestration']['api']['auth']['memcached_servers'] = 'localhost:11211' - expect(chef_run).to render_file(file.name).with_content(/^memcached_servers=localhost:11211$/) - end - - it 'sets memcache security strategy' do - node.set['openstack']['orchestration']['api']['auth']['memcache_security_strategy'] = 'MAC' - expect(chef_run).to render_file(file.name).with_content(/^memcache_security_strategy=MAC$/) - end - - it 'sets memcache secret key' do - node.set['openstack']['orchestration']['api']['auth']['memcache_secret_key'] = '0123456789ABCDEF' - expect(chef_run).to render_file(file.name).with_content(/^memcache_secret_key=0123456789ABCDEF$/) - end - - it 'sets cafile' do - node.set['openstack']['orchestration']['api']['auth']['cafile'] = 'dir/to/path' - expect(chef_run).to render_file(file.name).with_content(%r{^cafile=dir/to/path$}) - end - - it 'sets token hash algorithms' do - node.set['openstack']['orchestration']['api']['auth']['hash_algorithms'] = 'sha2' - expect(chef_run).to render_file(file.name).with_content(/^hash_algorithms=sha2$/) - end - - it 'sets insecure' do - node.set['openstack']['orchestration']['api']['auth']['insecure'] = false - expect(chef_run).to render_file(file.name).with_content(/^insecure=false$/) - end - it 'sets auth_encryption_key' do - expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^auth_encryption_key=auth_encryption_key_secret$/) - end - - describe 'default values for certificates files' do - it 'has no such values' do - [ - /^ca_file=/, - /^cert_file=/, - /^key_file=/ - ].each do |line| - expect(chef_run).not_to render_file(file.name).with_content(line) - end - end - - it 'sets clients ca_file cert_file key_file insecure' do - node.set['openstack']['orchestration']['clients']['ca_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients']['cert_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients']['key_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients']['insecure'] = true - expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/) - end - - it 'sets clients_ceilometer ca_file cert_file key_file insecure' do - node.set['openstack']['orchestration']['clients_ceilometer']['ca_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients_ceilometer']['cert_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients_ceilometer']['key_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients_ceilometer']['insecure'] = true - expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/) - end - - it 'sets clients_cinder ca_file cert_file key_file insecure' do - node.set['openstack']['orchestration']['clients_cinder']['ca_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients_cinder']['cert_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients_cinder']['key_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients_cinder']['insecure'] = true - expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/) - end - - it 'sets clients_glance ca_file cert_file key_file insecure' do - node.set['openstack']['orchestration']['clients_glance']['ca_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients_glance']['cert_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients_glance']['key_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients_glance']['insecure'] = true - expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/) - end - - it 'sets clients_heat ca_file cert_file key_file insecure' do - node.set['openstack']['orchestration']['clients_heat']['ca_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients_heat']['cert_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients_heat']['key_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients_heat']['insecure'] = true - expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/) - end - - it 'sets clients_keystone ca_file cert_file key_file insecure' do - node.set['openstack']['orchestration']['clients_keystone']['ca_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients_keystone']['cert_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients_keystone']['key_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients_keystone']['insecure'] = true - expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/) - end - - it 'sets clients_neutron ca_file cert_file key_file insecure' do - node.set['openstack']['orchestration']['clients_neutron']['ca_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients_neutron']['cert_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients_neutron']['key_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients_neutron']['insecure'] = true - expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/) - end - - it 'sets clients_nova ca_file cert_file key_file insecure' do - node.set['openstack']['orchestration']['clients_nova']['ca_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients_nova']['cert_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients_nova']['key_file'] = 'dir/to/path' - node.set['openstack']['orchestration']['clients_nova']['insecure'] = true - expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$}) - expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/) - end + expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^auth_encryption_key = auth_encryption_key_secret$/) end describe 'default values' do it 'has default conf values' do [ - %r{^connection=mysql://heat:heat@127.0.0.1:3306/heat\?charset=utf8$}, - %r{^heat_metadata_server_url=http://127.0.0.1:8000$}, - %r{^heat_waitcondition_server_url=http://127.0.0.1:8000/v1/waitcondition$}, - %r{^heat_watch_server_url=http://127.0.0.1:8003$}, - %r{^signing_dir=/var/cache/heat$}, - /^debug=False$/, - /^verbose=False$/, - %r{^log_dir=/var/log/heat$}, + %r{^heat_metadata_server_url = http://127.0.0.1:8000$}, + %r{^heat_waitcondition_server_url = http://127.0.0.1:8000/v1/waitcondition$}, + %r{^heat_watch_server_url = http://127.0.0.1:8003$}, + %r{^log_dir = /var/log/heat$}, /^notification_driver = heat.openstack.common.notifier.rpc_notifier$/, - /^default_notification_level = INFO$/, - /^default_publisher_id = $/, - /^list_notifier_drivers = heat.openstack.common.notifier.no_op_notifier$/, - /^notification_topics = notifications$/, - /^rpc_thread_pool_size=64$/, - /^rpc_response_timeout=60$/, - /^bind_host=127.0.0.1$/, - /^bind_port=8004$/, - %r{^auth_uri=http://127.0.0.1:5000/v2.0$}, - %r{^identity_uri=http://127.0.0.1:35357/$}, - /^auth_version=v2.0$/, - /^hash_algorithms=md5$/, - /^insecure=false$/, - /^admin_user=heat$/, - /^admin_password=heat-pass$/, - /^admin_tenant_name=service$/, - /^deferred_auth_method=trusts$/, - /^stack_scheduler_hints=false$/, - /^region_name_for_services=RegionOne$/ + /^region_name_for_services = RegionOne$/ ].each do |line| - expect(chef_run).to render_file(file.name).with_content(line) + expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line) end end - it 'overrides the schemes' do - node.set['openstack']['endpoints']['orchestration-api-cfn']['scheme'] = 'https' - node.set['openstack']['endpoints']['orchestration-api-cloudwatch']['scheme'] = 'https' - expect(chef_run).to render_file(file.name).with_content(%r{^heat_metadata_server_url=https://127.0.0.1:8000$}) - expect(chef_run).to render_file(file.name).with_content(%r{^heat_waitcondition_server_url=https://127.0.0.1:8000/v1/waitcondition$}) - expect(chef_run).to render_file(file.name).with_content(%r{^heat_watch_server_url=https://127.0.0.1:8003$}) - end - end - - describe 'domain values' do - it 'has no default domain values' do + it 'has heat_api binding' do [ - /^heat_stack_user_role=/, - /^stack_user_domain_name=/, - /^stack_user_domain_id=/, - /^stack_domain_admin=/, - /^stack_domain_admin_password=/ + /^bind_host = 127.0.0.1$/, + /^bind_port = 8004$/ ].each do |line| - expect(chef_run).not_to render_file(file.name).with_content(line) + expect(chef_run).to render_config_file(file.name).with_section_content('heat_api', line) end end - it 'has domain override values' do - node.set['openstack']['orchestration']['heat_stack_user_role'] = 'heat_stack_user' - node.set['openstack']['orchestration']['stack_user_domain_name'] = 'heat' - node.set['openstack']['orchestration']['stack_user_domain_id'] = '123' - node.set['openstack']['orchestration']['stack_domain_admin'] = 'heat_stack_admin' + it 'has heat_api_cfn binding' do [ - /^heat_stack_user_role=heat_stack_user$/, - /^stack_user_domain_name=heat$/, - /^stack_user_domain_id=123$/, - /^stack_domain_admin=heat_stack_admin$/, - /^stack_domain_admin_password=heat_stack_domain_admin_password$/ + /^bind_host = 127.0.0.1$/, + /^bind_port = 8000$/ ].each do |line| - expect(chef_run).to render_file(file.name).with_content(line) + expect(chef_run).to render_config_file(file.name).with_section_content('heat_api_cfn', line) end end - end - - describe 'has qpid values' do - it 'has default qpid_* values' do - node.set['openstack']['mq']['orchestration']['service_type'] = 'qpid' + it 'has heat_api_cloudwatch binding' do [ - /^rpc_conn_pool_size=30$/, - /^amqp_durable_queues=false$/, - /^amqp_auto_delete=false$/, - /^qpid_hostname=127.0.0.1$/, - /^qpid_port=5672$/, - /^qpid_username=guest$/, - /^qpid_password=mq-pass$/, - /^qpid_sasl_mechanisms=$/, - /^qpid_heartbeat=60$/, - /^qpid_protocol=tcp$/, - /^qpid_tcp_nodelay=true$/, - /^qpid_reconnect_timeout=0$/, - /^qpid_reconnect_limit=0$/, - /^qpid_reconnect_interval_min=0$/, - /^qpid_reconnect_interval_max=0$/, - /^qpid_reconnect_interval=0$/, - /^qpid_topology_version=1$/ + /^bind_host = 127.0.0.1$/, + /^bind_port = 8003$/ ].each do |line| - expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_qpid', line) + expect(chef_run).to render_config_file(file.name).with_section_content('heat_api_cloudwatch', line) end - expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^rpc_backend=heat.openstack.common.rpc.impl_qpid$/) + end + + it 'sets database connection value' do + expect(chef_run).to render_config_file(file.name).with_section_content( + 'database', %r{^connection = mysql://heat:heat@127.0.0.1:3306/heat\?charset=utf8$}) end end describe 'has ec2authtoken values' do it 'has default ec2authtoken values' do - expect(chef_run).to render_config_file(file.name).with_section_content('ec2authtoken', %r{^auth_uri=http://127.0.0.1:5000/v2.0$}) + expect(chef_run).to render_config_file(file.name).with_section_content('ec2authtoken', %r{^auth_uri = http://127.0.0.1:5000/v2.0$}) end end - describe 'has rabbit values' do - before do - node.set['openstack']['mq']['orchestration']['service_type'] = 'rabbitmq' + describe 'has clients_keystone values' do + it 'has default clients_keystone values' do + expect(chef_run).to render_config_file(file.name).with_section_content('clients_keystone', %r{^auth_uri = http://127.0.0.1:5000/v2.0$}) end + end - it 'has default rabbit values' do - [/^rpc_conn_pool_size=30$/, - /^amqp_durable_queues=false$/, - /^amqp_auto_delete=false$/, - /^heartbeat_timeout_threshold=0$/, - /^heartbeat_rate=2$/ - ].each do |line| - expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line) - end - end - - it 'does not have rabbit ha values' do + describe 'has oslo_messaging_rabbit values' do + it 'has default oslo_messaging_rabbit values' do [ - /^rabbit_host=127.0.0.1$/, - /^rabbit_port=5672$/, - /^rabbit_ha_queues=False$/ + /^rabbit_userid = guest$/, + /^rabbit_password = mq-pass$/ ].each do |line| expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line) end end + end - it 'has rabbit ha values' do - node.set['openstack']['mq']['orchestration']['rabbit']['ha'] = true + describe 'has keystone_authtoken values' do + it 'has default keystone_authtoken values' do [ - /^rabbit_hosts=1.1.1.1:5672,2.2.2.2:5672$/, - /^rabbit_ha_queues=True$/ + %r{^auth_url = http://127.0.0.1:5000/v2.0$}, + /^auth_plugin = v2password$/, + /^username = heat$/, + /^tenant_name = service$/, + /^password = heat-pass$/ ].each do |line| - expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line) + expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', line) end end + end - it 'does not have ssl config set' do - [/^rabbit_use_ssl=/, - /^kombu_ssl_version=/, - /^kombu_ssl_keyfile=/, - /^kombu_ssl_certfile=/, - /^kombu_ssl_ca_certs=/, - /^kombu_reconnect_delay=/, - /^kombu_reconnect_timeout=/].each do |line| - expect(chef_run).not_to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line) + describe 'has trustee values' do + it 'has default trustee values' do + [ + %r{^auth_url = http://127.0.0.1:35357/v2.0$}, + /^auth_plugin = v2password$/, + /^username = heat$/, + /^password = heat-pass$/ + ].each do |line| + expect(chef_run).to render_config_file(file.name).with_section_content('trustee', line) end end - - it 'sets ssl config' do - node.set['openstack']['mq']['orchestration']['rabbit']['use_ssl'] = true - node.set['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_version'] = 'TLSv1.2' - node.set['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_keyfile'] = 'keyfile' - node.set['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_certfile'] = 'certfile' - node.set['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_ca_certs'] = 'certsfile' - node.set['openstack']['mq']['orchestration']['rabbit']['kombu_reconnect_delay'] = 123.123 - node.set['openstack']['mq']['orchestration']['rabbit']['kombu_reconnect_timeout'] = 123 - [/^rabbit_use_ssl=true/, - /^kombu_ssl_version=TLSv1.2$/, - /^kombu_ssl_keyfile=keyfile$/, - /^kombu_ssl_certfile=certfile$/, - /^kombu_ssl_ca_certs=certsfile$/, - /^kombu_reconnect_delay=123.123$/, - /^kombu_reconnect_timeout=123$/].each do |line| - expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line) - end - end - - it 'has the default rabbit_retry_interval set' do - expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_retry_interval=1$/) - end - - it 'has the default rabbit_max_retries set' do - expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_max_retries=0$/) - end end end end diff --git a/templates/default/heat.conf.erb b/templates/default/heat.conf.erb deleted file mode 100644 index 083311d..0000000 --- a/templates/default/heat.conf.erb +++ /dev/null @@ -1,1506 +0,0 @@ -<%= node["openstack"]["orchestration"]["custom_template_banner"] %> - -[DEFAULT] - -# -# Options defined in heat.api.middleware.ssl -# - -# The HTTP Header that will be used to determine which the -# original request protocol scheme was, even if it was removed -# by an SSL terminator proxy. (string value) -#secure_proxy_ssl_header=X-Forwarded-Proto - - -# -# Options defined in heat.common.config -# - -# Name of the engine node. This can be an opaque identifier. -# It is not necessarily a hostname, FQDN, or IP address. -# (string value) -#host=heat - - -# -# Options defined in heat.common.config -# - -# The default user for new instances. This option is -# deprecated and will be removed in the Juno release. If it's -# empty, Heat will use the default user set up with your cloud -# image (for OS::Nova::Server) or 'ec2-user' (for -# AWS::EC2::Instance). (string value) -#instance_user=ec2-user - -# List of directories to search for plug-ins. (list value) -#plugin_dirs=/usr/lib64/heat,/usr/lib/heat,/usr/local/lib/heat,/usr/local/lib64/heat - -# The directory to search for environment files. (string -# value) -#environment_dir=/etc/heat/environment.d - -# Select deferred auth method, stored password or trusts. -# (string value) -<% if node['openstack']['orchestration']['deferred_auth_method'] -%> -deferred_auth_method=<%= node['openstack']['orchestration']['deferred_auth_method'] %> -<% end -%> - -# Subset of trustor roles to be delegated to heat. (list -# value) -#trusts_delegated_roles=heat_stack_owner - -# Maximum resources allowed per top-level stack. (integer -# value) -#max_resources_per_stack=1000 - -# Maximum number of stacks any one tenant may have active at -# one time. (integer value) -#max_stacks_per_tenant=100 - -# Number of times to retry to bring a resource to a non-error state. Set to 0 -# to disable retries. (integer value) -#action_retry_limit=5 - -# Controls how many events will be pruned whenever a stack's -# events exceed max_events_per_stack. Set this lower to keep -# more events at the expense of more frequent purges. (integer -# value) -#event_purge_batch_size=10 - -# Maximum events that will be available per stack. Older -# events will be deleted when this is reached. Set to 0 for -# unlimited events per stack. (integer value) -#max_events_per_stack=1000 - -# Timeout in seconds for stack action (ie. create or update). -# (integer value) -#stack_action_timeout=3600 - -# Error wait time in seconds for stack action (ie. create or update). (integer -# value) -#error_wait_time=240 - -# RPC timeout for the engine liveness check that is used for -# stack locking. (integer value) -#engine_life_check_timeout=2 - - -# Enable the legacy OS::Heat::CWLiteAlarm resource. (boolean value) -#enable_cloud_watch_lite=true - -# Enable the preview Stack Abandon feature. (boolean value) -#enable_stack_abandon=false - -# Enable the preview Stack Adopt feature. (boolean value) -#enable_stack_adopt=false - -# Enables engine with convergence architecture. All stacks with this option -# will be created using convergence engine . (boolean value) -#convergence_engine=false - -# Template default for how the server should receive the metadata required for -# software configuration. POLL_SERVER_CFN will allow calls to the cfn API -# action DescribeStackResource authenticated with the provided keypair -# (requires enabled heat-api-cfn). POLL_SERVER_HEAT will allow calls to the -# Heat API resource-show using the provided keystone credentials (requires -# keystone v3 API, and configured stack_user_* config options). POLL_TEMP_URL -# will create and populate a Swift TempURL with metadata for polling (requires -# object-store endpoint which supports TempURL). (string value) -# Allowed values: POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL -#default_software_config_transport=POLL_SERVER_CFN - -# Template default for how the server should signal to heat with the deployment -# output values. CFN_SIGNAL will allow an HTTP POST to a CFN keypair signed URL -# (requires enabled heat-api-cfn). TEMP_URL_SIGNAL will create a Swift TempURL -# to be signaled via HTTP PUT (requires object-store endpoint which supports -# TempURL). HEAT_SIGNAL will allow calls to the Heat API resource-signal using -# the provided keystone credentials (string value) -# Allowed values: CFN_SIGNAL, TEMP_URL_SIGNAL, HEAT_SIGNAL -#default_deployment_signal_transport=CFN_SIGNAL - -# When this feature is enabled, scheduler hints identifying the heat stack -# context of a server resource are passed to the configured schedulers in nova, -# for server creates done using heat resource types OS::Nova::Server and -# AWS::EC2::Instance. heat_root_stack_id will be set to the id of the root -# stack of the resource, heat_stack_id will be set to the id of the resource's -# parent stack, heat_stack_name will be set to the name of the resource's -# parent stack, heat_path_in_stack will be set to a list of tuples, -# (stackresourcename, stackname) with list[0] being (None, rootstackname), and -# heat_resource_name will be set to the resource's name. (boolean value) -stack_scheduler_hints=<%= node["openstack"]["orchestration"]["stack_scheduler_hints"] %> - - -# -# Options defined in heat.common.config -# - -# Seconds between running periodic tasks. (integer value) -#periodic_interval=60 - -# URL of the Heat metadata server. (string value) -heat_metadata_server_url=<%= @heat_api_cfn_endpoint.scheme %>://<%= @heat_api_cfn_endpoint.host %>:<%= @heat_api_cfn_endpoint.port %> - -# URL of the Heat waitcondition server. (string value) -heat_waitcondition_server_url=<%= @heat_api_cfn_endpoint.scheme %>://<%= @heat_api_cfn_endpoint.host %>:<%= @heat_api_cfn_endpoint.port %><%= @heat_api_cfn_endpoint.path %>/waitcondition - -# URL of the Heat CloudWatch server. (string value) -heat_watch_server_url=<%= @heat_api_cloudwatch_endpoint.scheme %>://<%= @heat_api_cloudwatch_endpoint.host %>:<%= @heat_api_cloudwatch_endpoint.port %> - -# Instance connection to CFN/CW API via https. (string value) -#instance_connection_is_secure=0 - -# Instance connection to CFN/CW API validate certs if SSL is -# used. (string value) -#instance_connection_https_validate_certificates=1 - -# Default region name used to get services endpoints. (string -# value) -region_name_for_services=<%= node['openstack']['orchestration']['region'] %> - - -# Keystone role for heat template-defined users. (string -# value) -<% if node['openstack']['orchestration']['heat_stack_user_role'] -%> -heat_stack_user_role=<%= node['openstack']['orchestration']['heat_stack_user_role'] %> -<% end -%> - -# Keystone domain ID which contains heat template-defined -# users. If this option is set, stack_user_domain_name option -# will be ignored. (string value) -# Deprecated group/name - [DEFAULT]/stack_user_domain_id -<% if node['openstack']['orchestration']['stack_user_domain_id'] -%> -stack_user_domain_id=<%= node['openstack']['orchestration']['stack_user_domain_id'] %> -<% end -%> - -# Keystone domain name which contains heat template-defined -# users. If `stack_user_domain_id` option is set, this option -# is ignored. (string value) -<% if node['openstack']['orchestration']['stack_user_domain_name'] -%> -stack_user_domain_name=<%= node['openstack']['orchestration']['stack_user_domain_name'] %> -<% end -%> - -# Keystone username, a user with roles sufficient to manage -# users and projects in the stack_user_domain. (string value) -<% if node['openstack']['orchestration']['stack_domain_admin'] -%> -stack_domain_admin=<%= node['openstack']['orchestration']['stack_domain_admin'] %> -<% end -%> - -# Keystone password for stack_domain_admin user. (string -# value) -<% if @stack_domain_admin_password -%> -stack_domain_admin_password=<%= @stack_domain_admin_password %> -<% end -%> - -# Maximum raw byte size of any template. (integer value) -#max_template_size=524288 - -# Maximum depth allowed when using nested stacks. (integer -# value) -#max_nested_stack_depth=5 - -# Number of heat-engine processes to fork and run. (integer -# value) -<% if node['openstack']['orchestration']['num_engine_workers'] -%> -num_engine_workers=<%= node['openstack']['orchestration']['num_engine_workers'] %> -<% end -%> - -# -# Options defined in heat.common.crypt -# - -# Encryption key used for authentication info in database. -# (string value) -auth_encryption_key=<%= @auth_encryption_key %> - - -# -# Options defined in heat.common.heat_keystoneclient -# - -# Fully qualified class name to use as a keystone backend. -# (string value) -#keystone_backend=heat.common.heat_keystoneclient.KeystoneClientV3 - - -# -# Options defined in heat.common.wsgi -# - -# Maximum raw byte size of JSON request body. Should be larger -# than max_template_size. (integer value) -#max_json_body_size=1048576 - - -# -# Options defined in heat.engine.clients -# - -# Fully qualified class name to use as a client backend. -# (string value) -#cloud_backend=heat.engine.clients.OpenStackClients - - -# -# Options defined in oslo.messaging -# - -# Use durable queues in amqp. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -amqp_durable_queues=<%= node['openstack']['mq']['orchestration']['durable_queues'] %> - -# Auto-delete queues in amqp. (boolean value) -amqp_auto_delete=<%= node['openstack']['mq']['orchestration']['auto_delete'] %> - -# Size of RPC connection pool. (integer value) -rpc_conn_pool_size=<%= node["openstack"]["orchestration"]["rpc_conn_pool_size"] %> - -# Modules of exceptions that are permitted to be recreated -# upon receiving exception data from an rpc call. (list value) -#allowed_rpc_exception_modules=oslo.messaging.exceptions,nova.exception,cinder.exception,exceptions - - - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet -# interface, or IP. The "host" option should point or resolve -# to this address. (string value) -#rpc_zmq_bind_address=* - -# MatchMaker driver. (string value) -#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost - -# ZeroMQ receiver listening port. (integer value) -#rpc_zmq_port=9501 - -# Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts=1 - -# Maximum number of ingress messages to locally buffer per -# topic. Default is unlimited. (integer value) -#rpc_zmq_topic_backlog= - -# Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir=/var/run/openstack - -# Name of this node. Must be a valid hostname, FQDN, or IP -# address. Must match "host" option, if running Nova. (string -# value) -#rpc_zmq_host=heat - -# Seconds to wait before a cast expires (TTL). Only supported -# by impl_zmq. (integer value) -#rpc_cast_timeout=30 - -# Heartbeat frequency. (integer value) -#matchmaker_heartbeat_freq=300 - -# Heartbeat time-to-live. (integer value) -#matchmaker_heartbeat_ttl=600 - -# Size of RPC greenthread pool. (integer value) -rpc_thread_pool_size=<%= node["openstack"]["orchestration"]["rpc_thread_pool_size"] %> - -# Driver or drivers to handle sending notifications. (multi -# valued) -notification_driver = <%= node['openstack']['orchestration']['notification_driver'] %> - -# AMQP topic used for OpenStack notifications. (list value) -# Deprecated group/name - [rpc_notifier2]/topics -notification_topics = <%= node['openstack']['orchestration']['notification_topics'] %> - -# Seconds to wait for a response from a call. (integer value) -rpc_response_timeout=<%= node["openstack"]["orchestration"]["rpc_response_timeout"] %> - -# A URL representing the messaging driver to use and its full -# configuration. If not set, we fall back to the rpc_backend -# option and driver specific configuration. (string value) -#transport_url= - -# The messaging driver to use, defaults to rabbit. Other -# drivers include qpid and zmq. (string value) -<% if @mq_service_type == "qpid" %> -rpc_backend=heat.openstack.common.rpc.impl_qpid -<% end -%> - -# The default exchange under which topics are scoped. May be -# overridden by an exchange name specified in the -# transport_url option. (string value) -#control_exchange=openstack - - -# -# Options defined in heat.engine.notification -# - -# Default notification level for outgoing notifications -# (string value) -default_notification_level = <%= node['openstack']['orchestration']['default_notification_level'] %> - -# Default publisher_id for outgoing notifications (string -# value) -default_publisher_id = <%= node['openstack']['orchestration']['default_publisher_id'] %> - -# List of drivers to send notifications (DEPRECATED) (multi -# valued) -list_notifier_drivers = <%= node['openstack']['orchestration']['list_notifier_drivers'] %> - - -# -# Options defined in heat.engine.resources.loadbalancer -# - -# Custom template for the built-in loadbalancer nested stack. -# (string value) -#loadbalancer_template= - - -# -# Options defined in heat.openstack.common.eventlet_backdoor -# - -# Enable eventlet backdoor. Acceptable values are 0, , -# and :, where 0 results in listening on a random -# tcp port number; results in listening on the -# specified port number (and not enabling backdoor if that -# port is in use); and : results in listening on -# the smallest unused port number within the specified range -# of port numbers. The chosen port is displayed in the -# service's log file. (string value) -#backdoor_port= - - -# -# Options defined in heat.openstack.common.lockutils -# - -# Enables or disables inter-process locks. (boolean value) -#disable_process_locking=false - -# Directory to use for lock files. (string value) -#lock_path= - - -# -# Options defined in heat.openstack.common.log -# - -# Print debugging output (set logging level to DEBUG instead -# of default WARNING level). (boolean value) -debug=<%= node["openstack"]["orchestration"]["debug"] %> - -# Print more verbose output (set logging level to INFO instead -# of default WARNING level). (boolean value) -verbose=<%= node["openstack"]["orchestration"]["verbose"] %> - -# Log output to standard error. (boolean value) -#use_stderr=true - -# Format string to use for log messages with context. (string -# value) -#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages without context. -# (string value) -#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Data to append to log format when level is DEBUG. (string -# value) -#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. -# (string value) -#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s - -# List of logger=LEVEL pairs. (list value) -#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN - -# Enables or disables publication of error events. (boolean -# value) -#publish_errors=false - -# Enables or disables fatal status of deprecations. (boolean -# value) -#fatal_deprecations=false - -# The format for an instance that is passed with the log -# message. (string value) -#instance_format="[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log -# message. (string value) -#instance_uuid_format="[instance: %(uuid)s] " - -# The name of a logging configuration file. This file is -# appended to any existing logging configuration files. For -# details about logging configuration files, see the Python -# logging module documentation. (string value) -# Deprecated group/name - [DEFAULT]/log_config -<% if node["openstack"]["orchestration"]["syslog"]["use"] %> -log_config = /etc/openstack/logging.conf -<% end %> - -# DEPRECATED. A logging.Formatter log message format string -# which may use any of the available logging.LogRecord -# attributes. This option is deprecated. Please use -# logging_context_format_string and -# logging_default_format_string instead. (string value) -#log_format= - -# Format string for %%(asctime)s in log records. Default: -# %(default)s . (string value) -#log_date_format=%Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to output to. If no default is -# set, logging will go to stdout. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file= - -# (Optional) The base directory used for relative --log-file -# paths. (string value) -# Deprecated group/name - [DEFAULT]/logdir -log_dir=<%= node["openstack"]["orchestration"]["log_dir"] %> - -# Use syslog for logging. Existing syslog format is DEPRECATED -# during I, and will change in J to honor RFC5424. (boolean -# value) -#use_syslog=false - -# (Optional) Enables or disables syslog rfc5424 format for -# logging. If enabled, prefixes the MSG part of the syslog -# message with APP-NAME (RFC5424). The format without the APP- -# NAME is deprecated in I, and will be removed in J. (boolean -# value) -#use_syslog_rfc_format=false - -# Syslog facility to receive log lines. (string value) -#syslog_log_facility=LOG_USER - - -# -# Options defined in heat.openstack.common.policy -# - -# The JSON file that defines policies. (string value) -#policy_file=policy.json - -# Default rule. Enforced when a requested rule is not found. -# (string value) -#policy_default_rule=default - -<% if node["openstack"]["orchestration"]["misc_heat"] %> -##### THIRD PARTY ADDITIONS ##### -<% node["openstack"]["orchestration"]["misc_heat"].each do |m| %> -<%= m %> -<% end %> -<% end %> - -[auth_password] - -# -# Options defined in heat.common.config -# - -# Allow orchestration of multiple clouds. (boolean value) -#multi_cloud=false - -# Allowed keystone endpoints for auth_uri when multi_cloud is -# enabled. At least one endpoint needs to be specified. (list -# value) -#allowed_auth_uris= - - -[clients] - -# -# Options defined in heat.common.config -# - -# Type of endpoint in Identity service catalog to use for -# communication with the OpenStack service. (string value) -#endpoint_type=publicURL - -# Optional CA cert file to use in SSL connections. (string -# value) -<% if node['openstack']['orchestration']['clients']['ca_file'] -%> -ca_file=<%= node['openstack']['orchestration']['clients']['ca_file'] %> -<% end -%> - -# Optional PEM-formatted certificate chain file. (string -# value) -<% if node['openstack']['orchestration']['clients']['cert_file'] -%> -cert_file=<%= node['openstack']['orchestration']['clients']['cert_file'] %> -<% end -%> - -# Optional PEM-formatted file that contains the private key. -# (string value) -<% if node['openstack']['orchestration']['clients']['key_file'] -%> -key_file=<%= node['openstack']['orchestration']['clients']['key_file'] %> -<% end -%> - -# If set, then the server's certificate will not be verified. -# (boolean value) -#insecure=false -insecure=<%= node['openstack']['orchestration']['clients']['insecure'] %> - - -[clients_ceilometer] - -# -# Options defined in heat.common.config -# - -# Type of endpoint in Identity service catalog to use for -# communication with the OpenStack service. (string value) -#endpoint_type=publicURL - -# Optional CA cert file to use in SSL connections. (string -# value) -<% if node['openstack']['orchestration']['clients_ceilometer']['ca_file'] -%> -ca_file=<%= node['openstack']['orchestration']['clients_ceilometer']['ca_file'] %> -<% end -%> - -# Optional PEM-formatted certificate chain file. (string -# value) -<% if node['openstack']['orchestration']['clients_ceilometer']['cert_file'] -%> -cert_file=<%= node['openstack']['orchestration']['clients_ceilometer']['cert_file'] %> -<% end -%> - -# Optional PEM-formatted file that contains the private key. -# (string value) -<% if node['openstack']['orchestration']['clients_ceilometer']['key_file'] -%> -key_file=<%= node['openstack']['orchestration']['clients_ceilometer']['key_file'] %> -<% end -%> - -# If set, then the server's certificate will not be verified. -# (boolean value) -#insecure=false -insecure=<%= node['openstack']['orchestration']['clients_ceilometer']['insecure'] %> - - -[clients_cinder] - -# -# Options defined in heat.common.config -# - -# Type of endpoint in Identity service catalog to use for -# communication with the OpenStack service. (string value) -#endpoint_type=publicURL - -# Optional CA cert file to use in SSL connections. (string -# value) -<% if node['openstack']['orchestration']['clients_cinder']['ca_file'] -%> -ca_file=<%= node['openstack']['orchestration']['clients_cinder']['ca_file'] %> -<% end -%> - -# Optional PEM-formatted certificate chain file. (string -# value) -<% if node['openstack']['orchestration']['clients_cinder']['cert_file'] -%> -cert_file=<%= node['openstack']['orchestration']['clients_cinder']['cert_file'] %> -<% end -%> - -# Optional PEM-formatted file that contains the private key. -# (string value) -<% if node['openstack']['orchestration']['clients_cinder']['key_file'] -%> -key_file=<%= node['openstack']['orchestration']['clients_cinder']['key_file'] %> -<% end -%> - -# If set, then the server's certificate will not be verified. -# (boolean value) -#insecure=false -insecure=<%= node['openstack']['orchestration']['clients_cinder']['insecure'] %> - - -[clients_glance] - -# -# Options defined in heat.common.config -# - -# Type of endpoint in Identity service catalog to use for -# communication with the OpenStack service. (string value) -#endpoint_type=publicURL - -# Optional CA cert file to use in SSL connections. (string -# value) -<% if node['openstack']['orchestration']['clients_glance']['ca_file'] -%> -ca_file=<%= node['openstack']['orchestration']['clients_glance']['ca_file'] %> -<% end -%> - -# Optional PEM-formatted certificate chain file. (string -# value) -<% if node['openstack']['orchestration']['clients_glance']['cert_file'] -%> -cert_file=<%= node['openstack']['orchestration']['clients_glance']['cert_file'] %> -<% end -%> - -# Optional PEM-formatted file that contains the private key. -# (string value) -<% if node['openstack']['orchestration']['clients_glance']['key_file'] -%> -key_file=<%= node['openstack']['orchestration']['clients_glance']['key_file'] %> -<% end -%> - -# If set, then the server's certificate will not be verified. -# (boolean value) -#insecure=false -insecure=<%= node['openstack']['orchestration']['clients_glance']['insecure'] %> - - -[clients_heat] - -# -# Options defined in heat.common.config -# - -# Type of endpoint in Identity service catalog to use for -# communication with the OpenStack service. (string value) -#endpoint_type=publicURL - -# Optional CA cert file to use in SSL connections. (string -# value) -<% if node['openstack']['orchestration']['clients_heat']['ca_file'] -%> -ca_file=<%= node['openstack']['orchestration']['clients_heat']['ca_file'] %> -<% end -%> - -# Optional PEM-formatted certificate chain file. (string -# value) -<% if node['openstack']['orchestration']['clients_heat']['cert_file'] -%> -cert_file=<%= node['openstack']['orchestration']['clients_heat']['cert_file'] %> -<% end -%> - -# Optional PEM-formatted file that contains the private key. -# (string value) -<% if node['openstack']['orchestration']['clients_heat']['key_file'] -%> -key_file=<%= node['openstack']['orchestration']['clients_heat']['key_file'] %> -<% end -%> - -# If set, then the server's certificate will not be verified. -# (boolean value) -#insecure=false -insecure=<%= node['openstack']['orchestration']['clients_heat']['insecure'] %> - -# -# Options defined in heat.common.config -# - -# Optional heat url in format like -# http://0.0.0.0:8004/v1/%(tenant_id)s. (string value) -#url= - - -[clients_keystone] - -# -# Options defined in heat.common.config -# - -# Type of endpoint in Identity service catalog to use for -# communication with the OpenStack service. (string value) -#endpoint_type=publicURL - -# Optional CA cert file to use in SSL connections. (string -# value) -<% if node['openstack']['orchestration']['clients_keystone']['ca_file'] -%> -ca_file=<%= node['openstack']['orchestration']['clients_keystone']['ca_file'] %> -<% end -%> - -# Optional PEM-formatted certificate chain file. (string -# value) -<% if node['openstack']['orchestration']['clients_keystone']['cert_file'] -%> -cert_file=<%= node['openstack']['orchestration']['clients_keystone']['cert_file'] %> -<% end -%> - -# Optional PEM-formatted file that contains the private key. -# (string value) -<% if node['openstack']['orchestration']['clients_keystone']['key_file'] -%> -key_file=<%= node['openstack']['orchestration']['clients_keystone']['key_file'] %> -<% end -%> - -# If set, then the server's certificate will not be verified. -# (boolean value) -#insecure=false -insecure=<%= node['openstack']['orchestration']['clients_keystone']['insecure'] %> - - -[clients_neutron] - -# -# Options defined in heat.common.config -# - -# Type of endpoint in Identity service catalog to use for -# communication with the OpenStack service. (string value) -#endpoint_type=publicURL - -# Optional CA cert file to use in SSL connections. (string -# value) -<% if node['openstack']['orchestration']['clients_neutron']['ca_file'] -%> -ca_file=<%= node['openstack']['orchestration']['clients_neutron']['ca_file'] %> -<% end -%> - -# Optional PEM-formatted certificate chain file. (string -# value) -<% if node['openstack']['orchestration']['clients_neutron']['cert_file'] -%> -cert_file=<%= node['openstack']['orchestration']['clients_neutron']['cert_file'] %> -<% end -%> - -# Optional PEM-formatted file that contains the private key. -# (string value) -<% if node['openstack']['orchestration']['clients_neutron']['key_file'] -%> -key_file=<%= node['openstack']['orchestration']['clients_neutron']['key_file'] %> -<% end -%> - -# If set, then the server's certificate will not be verified. -# (boolean value) -#insecure=false -insecure=<%= node['openstack']['orchestration']['clients_neutron']['insecure'] %> - - -[clients_nova] - -# -# Options defined in heat.common.config -# - -# Type of endpoint in Identity service catalog to use for -# communication with the OpenStack service. (string value) -#endpoint_type=publicURL - -# Optional CA cert file to use in SSL connections. (string -# value) -<% if node['openstack']['orchestration']['clients_nova']['ca_file'] -%> -ca_file=<%= node['openstack']['orchestration']['clients_nova']['ca_file'] %> -<% end -%> - -# Optional PEM-formatted certificate chain file. (string -# value) -<% if node['openstack']['orchestration']['clients_nova']['cert_file'] -%> -cert_file=<%= node['openstack']['orchestration']['clients_nova']['cert_file'] %> -<% end -%> - -# Optional PEM-formatted file that contains the private key. -# (string value) -<% if node['openstack']['orchestration']['clients_nova']['key_file'] -%> -key_file=<%= node['openstack']['orchestration']['clients_nova']['key_file'] %> -<% end -%> - -# If set, then the server's certificate will not be verified. -# (boolean value) -#insecure=false -insecure=<%= node['openstack']['orchestration']['clients_nova']['insecure'] %> - -# -# Options defined in heat.common.config -# - -# Allow client's debug log output. (boolean value) -#http_log_debug=false - - -[clients_swift] - -# -# Options defined in heat.common.config -# - -# Type of endpoint in Identity service catalog to use for -# communication with the OpenStack service. (string value) -#endpoint_type=publicURL - -# Optional CA cert file to use in SSL connections. (string -# value) -#ca_file= - -# Optional PEM-formatted certificate chain file. (string -# value) -#cert_file= - -# Optional PEM-formatted file that contains the private key. -# (string value) -#key_file= - -# If set, then the server's certificate will not be verified. -# (boolean value) -#insecure=false - - -[clients_trove] - -# -# Options defined in heat.common.config -# - -# Type of endpoint in Identity service catalog to use for -# communication with the OpenStack service. (string value) -#endpoint_type=publicURL - -# Optional CA cert file to use in SSL connections. (string -# value) -#ca_file= - -# Optional PEM-formatted certificate chain file. (string -# value) -#cert_file= - -# Optional PEM-formatted file that contains the private key. -# (string value) -#key_file= - -# If set, then the server's certificate will not be verified. -# (boolean value) -#insecure=false - - -[database] - -# -# Options defined in oslo.db -# - -# The file name to use with SQLite. (string value) -#sqlite_db=oslo.sqlite - -# If True, SQLite uses synchronous mode. (boolean value) -#sqlite_synchronous=true - -# The back end to use for the database. (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend=sqlalchemy - -# The SQLAlchemy connection string to use to connect to the -# database. (string value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -connection=<%= @sql_connection %> - -# The SQLAlchemy connection string to use to connect to the -# slave database. (string value) -#slave_connection= - -# The SQL mode to be used for MySQL sessions. This option, -# including the default, overrides any server-set SQL mode. To -# use whatever SQL mode is set by the server configuration, -# set this to no value. Example: mysql_sql_mode= (string -# value) -#mysql_sql_mode=TRADITIONAL - -# Timeout before idle SQL connections are reaped. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#idle_timeout=3600 - -# Minimum number of SQL connections to keep open in a pool. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size=1 - -# Maximum number of SQL connections to keep open in a pool. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size= - -# Maximum db connection retries during startup. Set to -1 to -# specify an infinite retry count. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries=10 - -# Interval between retries of opening a SQL connection. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval=10 - -# If set, use this value for max_overflow with SQLAlchemy. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow= - -# Verbosity of SQL debugging information: 0=None, -# 100=Everything. (integer value) -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug=0 - -# Add Python stack traces to SQL as comment strings. (boolean -# value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace=false - -# If set, use this value for pool_timeout with SQLAlchemy. -# (integer value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout= - -# Enable the experimental use of database reconnect on -# connection lost. (boolean value) -#use_db_reconnect=false - -# Seconds between database connection retries. (integer value) -#db_retry_interval=1 - -# If True, increases the interval between database connection -# retries up to db_max_retry_interval. (boolean value) -#db_inc_retry_interval=true - -# If db_inc_retry_interval is set, the maximum seconds between -# database connection retries. (integer value) -#db_max_retry_interval=10 - -# Maximum database connection retries before error is raised. -# Set to -1 to specify an infinite retry count. (integer -# value) -#db_max_retries=20 - - -[ec2authtoken] - -# -# Options defined in heat.api.aws.ec2token -# - -# Authentication Endpoint URI. (string value) -auth_uri=<%= @ec2_auth_uri %> - -# Allow orchestration of multiple clouds. (boolean value) -#multi_cloud=false - -# Allowed keystone endpoints for auth_uri when multi_cloud is -# enabled. At least one endpoint needs to be specified. (list -# value) -#allowed_auth_uris= - - -[heat_api] - -# -# Options defined in heat.common.wsgi -# - -# Address to bind the server. Useful when selecting a -# particular network interface. (string value) -bind_host=<%= @heat_api_bind.host %> - -# The port on which the server will listen. (integer value) -bind_port=<%= @heat_api_bind.port %> - -# Number of backlog requests to configure the socket with. -# (integer value) -#backlog=4096 - -# Location of the SSL certificate file to use for SSL mode. -# (string value) -#cert_file= - -# Location of the SSL key file to use for enabling SSL mode. -# (string value) -#key_file= - -# Number of workers for Heat service. (integer value) -workers=<%= node['openstack']['orchestration']['api']['workers'] %> - -# Maximum line size of message headers to be accepted. -# max_header_line may need to be increased when using large -# tokens (typically those generated by the Keystone v3 API -# with big service catalogs). (integer value) -#max_header_line=16384 - - -[heat_api_cfn] - -# -# Options defined in heat.common.wsgi -# - -# Address to bind the server. Useful when selecting a -# particular network interface. (string value) -bind_host=<%= @heat_api_cfn_bind.host %> - -# The port on which the server will listen. (integer value) -bind_port=<%= @heat_api_cfn_bind.port %> - -# Number of backlog requests to configure the socket with. -# (integer value) -#backlog=4096 - -# Location of the SSL certificate file to use for SSL mode. -# (string value) -#cert_file= - -# Location of the SSL key file to use for enabling SSL mode. -# (string value) -#key_file= - -# Number of workers for Heat service. (integer value) -workers=<%= node['openstack']['orchestration']['api_cfn']['workers'] %> - -# Maximum line size of message headers to be accepted. -# max_header_line may need to be increased when using large -# tokens (typically those generated by the Keystone v3 API -# with big service catalogs). (integer value) -#max_header_line=16384 - - -[heat_api_cloudwatch] - -# -# Options defined in heat.common.wsgi -# - -# Address to bind the server. Useful when selecting a -# particular network interface. (string value) -bind_host=<%= @heat_api_cloudwatch_bind.host %> - -# The port on which the server will listen. (integer value) -bind_port=<%= @heat_api_cloudwatch_bind.port %> - -# Number of backlog requests to configure the socket with. -# (integer value) -#backlog=4096 - -# Location of the SSL certificate file to use for SSL mode. -# (string value) -#cert_file= - -# Location of the SSL key file to use for enabling SSL mode. -# (string value) -#key_file= - -# Number of workers for Heat service. (integer value) -workers=<%= node['openstack']['orchestration']['api_cloudwatch']['workers'] %> - -# Maximum line size of message headers to be accepted. -# max_header_line may need to be increased when using large -# tokens (typically those generated by the Keystone v3 API -# with big service catalogs.) (integer value) -#max_header_line=16384 - - -[keystone_authtoken] - -# -# Options defined in keystoneclient.middleware.auth_token -# - -# Complete public Identity API endpoint (string value) -auth_uri=<%= @auth_uri %> - -# Complete admin Identity API endpoint. This should specify -# the unversioned root endpoint e.g. https://localhost:35357/ -# (string value) -identity_uri=<%= @identity_uri %> - -# API version of the admin Identity API endpoint (string -# value) -auth_version=<%= node["openstack"]["orchestration"]["api"]["auth"]["version"] %> - -# Do not handle authorization requests within the middleware, -# but delegate the authorization decision to downstream WSGI -# components (boolean value) -#delay_auth_decision=false - -# Request timeout value for communicating with Identity API -# server. (boolean value) -#http_connect_timeout= - -# How many times are we trying to reconnect when communicating -# with Identity API Server. (integer value) -#http_request_max_retries=3 - -# This option is deprecated and may be removed in a future -# release. Single shared secret with the Keystone -# configuration used for bootstrapping a Keystone -# installation, or otherwise bypassing the normal -# authentication process. This option should not be used, use -# `admin_user` and `admin_password` instead. (string value) -#admin_token= - -# Keystone account username (string value) -admin_user=<%= node["openstack"]["orchestration"]["service_user"] %> - -# Keystone account password (string value) -admin_password=<%= @service_pass %> - -# Keystone service account tenant name to validate user tokens -# (string value) -admin_tenant_name=<%= node["openstack"]["orchestration"]["service_tenant_name"] %> - -# Env key for the swift cache (string value) -#cache= - -# Required if Keystone server requires client certificate -# (string value) -#certfile= - -# Required if Keystone server requires client certificate -# (string value) -#keyfile= - -# A PEM encoded Certificate Authority to use when verifying -# HTTPs connections. Defaults to system CAs. (string value) -#cafile= -<% unless node['openstack']['orchestration']['api']['auth']['cafile'].nil? %> -cafile=<%= node['openstack']['orchestration']['api']['auth']['cafile'] %> -<% end %> - -# Verify HTTPS connections. (boolean value) -#insecure=false -insecure=<%= node['openstack']['orchestration']['api']['auth']['insecure'] %> - -# Directory used to cache files related to PKI tokens (string -# value) -signing_dir=<%= node['openstack']['orchestration']['api']['auth']['cache_dir'] %> - -# Optionally specify a list of memcached server(s) to use for -# caching. If left undefined, tokens will instead be cached -# in-process. (list value) -# Deprecated group/name - [DEFAULT]/memcache_servers -#memcached_servers= -<% unless node['openstack']['orchestration']['api']['auth']['memcached_servers'].nil? %> -memcached_servers=<%= node['openstack']['orchestration']['api']['auth']['memcached_servers'] %> -<% end %> - -# In order to prevent excessive effort spent validating -# tokens, the middleware caches previously-seen tokens for a -# configurable duration (in seconds). Set to -1 to disable -# caching completely. (integer value) -#token_cache_time=300 - -# Determines the frequency at which the list of revoked tokens -# is retrieved from the Identity service (in seconds). A high -# number of revocation events combined with a low cache -# duration may significantly reduce performance. (integer -# value) -#revocation_cache_time=10 - -# (optional) if defined, indicate whether token data should be -# authenticated or authenticated and encrypted. Acceptable -# values are MAC or ENCRYPT. If MAC, token data is -# authenticated (with HMAC) in the cache. If ENCRYPT, token -# data is encrypted and authenticated in the cache. If the -# value is not one of these options or empty, auth_token will -# raise an exception on initialization. (string value) -#memcache_security_strategy= -<% unless node['openstack']['orchestration']['api']['auth']['memcache_security_strategy'].nil? %> -memcache_security_strategy=<%= node['openstack']['orchestration']['api']['auth']['memcache_security_strategy'] %> -<% end %> - -# (optional, mandatory if memcache_security_strategy is -# defined) this string is used for key derivation. (string -# value) -#memcache_secret_key= -<% unless node['openstack']['orchestration']['api']['auth']['memcache_secret_key'].nil? %> -memcache_secret_key=<%= node['openstack']['orchestration']['api']['auth']['memcache_secret_key'] %> -<% end %> - -# (optional) indicate whether to set the X-Service-Catalog -# header. If False, middleware will not ask for service -# catalog on token validation and will not set the X-Service- -# Catalog header. (boolean value) -#include_service_catalog=true - -# Used to control the use and type of token binding. Can be -# set to: "disabled" to not check token binding. "permissive" -# (default) to validate binding information if the bind type -# is of a form known to the server and ignore it if not. -# "strict" like "permissive" but if the bind type is unknown -# the token will be rejected. "required" any form of token -# binding is needed to be allowed. Finally the name of a -# binding method that must be present in tokens. (string -# value) -#enforce_token_bind=permissive - -# If true, the revocation list will be checked for cached -# tokens. This requires that PKI tokens are configured on the -# Keystone server. (boolean value) -#check_revocations_for_cached=false - -# Hash algorithms to use for hashing PKI tokens. This may be a -# single algorithm or multiple. The algorithms are those -# supported by Python standard hashlib.new(). The hashes will -# be tried in the order given, so put the preferred one first -# for performance. The result of the first hash will be stored -# in the cache. This will typically be set to multiple values -# only while migrating from a less secure algorithm to a more -# secure one. Once all the old tokens are expired this option -# should be set to a single value for better performance. -# (list value) -#hash_algorithms=md5 -hash_algorithms=<%= node['openstack']['orchestration']['api']['auth']['hash_algorithms'] %> - - -[oslo_messaging_amqp] - -# -# From oslo.messaging -# - -# address prefix used when sending to a specific server (string value) -# Deprecated group/name - [amqp1]/server_request_prefix -#server_request_prefix = exclusive - -# address prefix used when broadcasting to all servers (string value) -# Deprecated group/name - [amqp1]/broadcast_prefix -#broadcast_prefix = broadcast - -# address prefix when sending to any server in group (string value) -# Deprecated group/name - [amqp1]/group_request_prefix -#group_request_prefix = unicast - -# Name for the AMQP container (string value) -# Deprecated group/name - [amqp1]/container_name -#container_name = - -# Timeout for inactive connections (in seconds) (integer value) -# Deprecated group/name - [amqp1]/idle_timeout -#idle_timeout = 0 - -# Debug: dump AMQP frames to stdout (boolean value) -# Deprecated group/name - [amqp1]/trace -#trace = false - -# CA certificate PEM file for verifing server certificate (string value) -# Deprecated group/name - [amqp1]/ssl_ca_file -#ssl_ca_file = - -# Identifying certificate PEM file to present to clients (string value) -# Deprecated group/name - [amqp1]/ssl_cert_file -#ssl_cert_file = - -# Private key PEM file used to sign cert_file certificate (string value) -# Deprecated group/name - [amqp1]/ssl_key_file -#ssl_key_file = - -# Password for decrypting ssl_key_file (if encrypted) (string value) -# Deprecated group/name - [amqp1]/ssl_key_password -#ssl_key_password = - -# Accept clients using either SSL or plain TCP (boolean value) -# Deprecated group/name - [amqp1]/allow_insecure_clients -#allow_insecure_clients = false - - -<% if @mq_service_type == "qpid" %> -[oslo_messaging_qpid] - -# Use durable queues in amqp. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -amqp_durable_queues=<%= node['openstack']['mq']['orchestration']['durable_queues'] %> - -# Auto-delete queues in amqp. (boolean value) -amqp_auto_delete=<%= node['openstack']['mq']['orchestration']['auto_delete'] %> - -# Size of RPC connection pool. (integer value) -rpc_conn_pool_size=<%= node["openstack"]["orchestration"]["rpc_conn_pool_size"] %> - -# Qpid broker hostname. (string value) -qpid_hostname=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["host"] %> - -# Qpid broker port. (integer value) -qpid_port=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["port"] %> - -# Qpid HA cluster host:port pairs. (list value) -#qpid_hosts=$qpid_hostname:$qpid_port - -# Username for Qpid connection. (string value) -qpid_username=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["username"] %> - -# Password for Qpid connection. (string value) -qpid_password=<%= @mq_password %> - -# Space separated list of SASL mechanisms to use for auth. -# (string value) -qpid_sasl_mechanisms=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["sasl_mechanisms"] %> - -# Seconds between connection keepalive heartbeats. (integer -# value) -qpid_heartbeat=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["heartbeat"] %> - -# Transport to use, either 'tcp' or 'ssl'. (string value) -qpid_protocol=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["protocol"] %> - -# Whether to disable the Nagle algorithm. (boolean value) -qpid_tcp_nodelay=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["tcp_nodelay"] %> - -# The qpid topology version to use. Version 1 is what was -# originally used by impl_qpid. Version 2 includes some -# backwards-incompatible changes that allow broker federation -# to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. -# (integer value) -qpid_topology_version=<%= node['openstack']['mq']['orchestration']['qpid']['topology_version'] %> - -qpid_reconnect_timeout=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["reconnect_timeout"] %> -qpid_reconnect_limit=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["reconnect_limit"] %> -qpid_reconnect_interval_min=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["reconnect_interval_min"] %> -qpid_reconnect_interval_max=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["reconnect_interval_max"] %> -qpid_reconnect_interval=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["reconnect_interval"] %> -<% end -%> - - -<% if @mq_service_type == "rabbitmq" %> -[oslo_messaging_rabbit] - -# Number of seconds after which the Rabbit broker is considered down if heartbeat's keep-alive fails (0 disable the heartbeat) -heartbeat_timeout_threshold=<%= node['openstack']['mq']['orchestration']['rabbit']['heartbeat_timeout_threshold'] %> - -# How often times during the heartbeat_timeout_threshold we check the heartbeat -heartbeat_rate=<%= node['openstack']['mq']['orchestration']['rabbit']['heartbeat_rate'] %> - -# Use durable queues in amqp. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -amqp_durable_queues=<%= node['openstack']['mq']['orchestration']['durable_queues'] %> - -# Auto-delete queues in amqp. (boolean value) -amqp_auto_delete=<%= node['openstack']['mq']['orchestration']['auto_delete'] %> - -# Size of RPC connection pool. (integer value) -rpc_conn_pool_size=<%= node["openstack"]["orchestration"]["rpc_conn_pool_size"] %> - -<% if node['openstack']['mq']['orchestration']['rabbit']['use_ssl'] -%> - -# Connect over SSL for RabbitMQ. (boolean value) -rabbit_use_ssl=true - -<% if node['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_version'] -%> -# SSL version to use (valid only if SSL enabled). valid values -# are TLSv1 and SSLv23. SSLv2 and SSLv3 may be available on -# some distributions. (string value) -kombu_ssl_version=<%= node['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_version'] %> -<% end -%> -<% if node['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_keyfile'] -%> -# SSL key file (valid only if SSL enabled) -kombu_ssl_keyfile=<%= node['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_keyfile'] %> -<% end -%> -<% if node['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_certfile'] -%> -# SSL cert file (valid only if SSL enabled) -kombu_ssl_certfile=<%= node['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_certfile'] %> -<% end -%> -<% if node['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_ca_certs'] -%> -# SSL certification authority file (valid only if SSL enabled) -kombu_ssl_ca_certs=<%= node['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_ca_certs'] %> -<% end -%> -# How long to wait before reconnecting in response to an AMQP consumer cancel notification -kombu_reconnect_delay=<%= node['openstack']['mq']['orchestration']['rabbit']['kombu_reconnect_delay'] %> -# How long to wait before considering a reconnect attempt to have failed. -# This value should not be longer than rpc_response_timeout -kombu_reconnect_timeout=<%= node['openstack']['mq']['orchestration']['rabbit']['kombu_reconnect_timeout'] %> -<% end -%> - -# RabbitMQ HA cluster host:port pairs (list value) -<% if node["openstack"]["mq"]["orchestration"]["rabbit"]["ha"] -%> -rabbit_hosts=<%= @rabbit_hosts %> - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. (boolean -# value) -rabbit_ha_queues=True -<% else -%> -# The RabbitMQ broker address where a single node is used. -# (string value) -rabbit_host=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["host"] %> - -# The RabbitMQ broker port where a single node is used. -# (integer value) -rabbit_port=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["port"] %> - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. (boolean -# value) -rabbit_ha_queues=False -<% end -%> - -# The RabbitMQ userid. (string value) -rabbit_userid=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["userid"] %> - -# The RabbitMQ password. (string value) -rabbit_password=<%= @mq_password %> - -# the RabbitMQ login method (string value) -#rabbit_login_method=AMQPLAIN - -# The RabbitMQ virtual host. (string value) -rabbit_virtual_host=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["vhost"] %> - -# How frequently to retry connecting with RabbitMQ. (integer -# value) -rabbit_retry_interval=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["rabbit_retry_interval"] %> - -# How long to backoff for between retries when connecting to -# RabbitMQ. (integer value) -#rabbit_retry_backoff=2 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -rabbit_max_retries=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["rabbit_max_retries"] %> - -# Number of seconds after which the Rabbit broker is considered down if -# heartbeat's keep-alive fails (0 disable the heartbeat). (integer value) -#heartbeat_timeout_threshold = 60 - -# How often times during the heartbeat_timeout_threshold we check the -# heartbeat. (integer value) -#heartbeat_rate = 2 - -# If passed, use a fake RabbitMQ provider. (boolean value) -#fake_rabbit=false -<% end -%> - - -[matchmaker_redis] - -# -# From oslo.messaging -# - -# Host to locate redis. (string value) -#host = 127.0.0.1 - -# Use this port to connect to redis host. (integer value) -#port = 6379 - -# Password for Redis server (optional). (string value) -#password = - - -[matchmaker_ring] - -# -# Options defined in heat.openstack.common.rpc.matchmaker_ring -# - -# Matchmaker ring file (JSON). (string value) -# Deprecated group/name - [DEFAULT]/matchmaker_ringfile -#ringfile=/etc/oslo/matchmaker_ring.json - - -[paste_deploy] - -# -# Options defined in heat.common.config -# - -# The flavor to use. (string value) -#flavor= - -# The API paste config file to use. (string value) -#api_paste_config=api-paste.ini - - -[revision] - -# -# Options defined in heat.common.config -# - -# Heat build revision. If you would prefer to manage your -# build revision separately, you can move this section to a -# different file and add it as another config option. (string -# value) -#heat_revision=unknown - -