Add cookbook support for Openstack Orchestration
This new cookbook supports the installation and configuraiton for heat services. More pedantic patches will follow to make Rubocop happy. Implements: blueprint heat-support Change-Id: I8b734b7124c49190a68acc4d0da28a31da03ac57
This commit is contained in:
parent
b8873817f4
commit
0b81a7b037
|
@ -0,0 +1,6 @@
|
|||
metadata
|
||||
|
||||
cookbook "openstack-identity",
|
||||
git: "git://github.com/stackforge/cookbook-openstack-identity.git"
|
||||
cookbook "openstack-common",
|
||||
git: "git://github.com/stackforge/cookbook-openstack-common.git"
|
|
@ -0,0 +1,41 @@
|
|||
{
|
||||
"sources": {
|
||||
"openstack-orchestration": {
|
||||
"path": "."
|
||||
},
|
||||
"openstack-identity": {
|
||||
"locked_version": "8.0.0",
|
||||
"git": "git://github.com/stackforge/cookbook-openstack-identity.git",
|
||||
"ref": "309b8040a03d4bde97ca443644125e16c242edd8"
|
||||
},
|
||||
"openstack-common": {
|
||||
"locked_version": "8.0.0",
|
||||
"git": "git://github.com/stackforge/cookbook-openstack-common.git",
|
||||
"ref": "3ca576b8e6dfca3b39ab4ccd7327a40c78379985"
|
||||
},
|
||||
"apt": {
|
||||
"locked_version": "2.3.0"
|
||||
},
|
||||
"database": {
|
||||
"locked_version": "1.5.2"
|
||||
},
|
||||
"mysql": {
|
||||
"locked_version": "4.0.6"
|
||||
},
|
||||
"openssl": {
|
||||
"locked_version": "1.1.0"
|
||||
},
|
||||
"build-essential": {
|
||||
"locked_version": "1.4.2"
|
||||
},
|
||||
"postgresql": {
|
||||
"locked_version": "3.3.4"
|
||||
},
|
||||
"aws": {
|
||||
"locked_version": "1.0.0"
|
||||
},
|
||||
"xfs": {
|
||||
"locked_version": "1.1.0"
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,6 @@
|
|||
# CHANGELOG for cookbook-openstack-orchestration
|
||||
|
||||
This file is used to list changes made in each version of cookbook-openstack-orchestration
|
||||
|
||||
## 8.0.0:
|
||||
* Initial release of cookbook-openstack-orchestration.
|
|
@ -0,0 +1,9 @@
|
|||
source "https://rubygems.org"
|
||||
|
||||
gem "chef", "~> 11.4.4"
|
||||
gem "json", "<= 1.7.7" # chef 11 dependency
|
||||
gem "berkshelf", "~> 2.0.10"
|
||||
gem "chefspec", "~> 3.0.2"
|
||||
gem "foodcritic", "~> 3.0.3"
|
||||
gem "strainer"
|
||||
gem "rubocop"
|
|
@ -0,0 +1,213 @@
|
|||
GEM
|
||||
remote: https://rubygems.org/
|
||||
specs:
|
||||
activesupport (3.2.16)
|
||||
i18n (~> 0.6, >= 0.6.4)
|
||||
multi_json (~> 1.0)
|
||||
addressable (2.3.5)
|
||||
akami (1.2.0)
|
||||
gyoku (>= 0.4.0)
|
||||
nokogiri (>= 1.4.0)
|
||||
ast (1.1.0)
|
||||
berkshelf (2.0.10)
|
||||
activesupport (~> 3.2.0)
|
||||
addressable (~> 2.3.4)
|
||||
buff-shell_out (~> 0.1)
|
||||
chozo (>= 0.6.1)
|
||||
faraday (>= 0.8.5)
|
||||
hashie (>= 2.0.2)
|
||||
minitar (~> 0.5.4)
|
||||
rbzip2 (~> 0.2.0)
|
||||
retryable (~> 1.3.3)
|
||||
ridley (~> 1.5.0)
|
||||
solve (>= 0.5.0)
|
||||
thor (~> 0.18.0)
|
||||
buff-config (0.4.0)
|
||||
buff-extensions (~> 0.3)
|
||||
varia_model (~> 0.1)
|
||||
buff-extensions (0.5.0)
|
||||
buff-ignore (1.1.1)
|
||||
buff-platform (0.1.0)
|
||||
buff-ruby_engine (0.1.0)
|
||||
buff-shell_out (0.1.1)
|
||||
buff-ruby_engine (~> 0.1.0)
|
||||
builder (3.2.2)
|
||||
celluloid (0.14.1)
|
||||
timers (>= 1.0.0)
|
||||
celluloid-io (0.14.1)
|
||||
celluloid (>= 0.14.1)
|
||||
nio4r (>= 0.4.5)
|
||||
chef (11.4.4)
|
||||
erubis
|
||||
highline (>= 1.6.9)
|
||||
json (>= 1.4.4, <= 1.7.7)
|
||||
mixlib-authentication (>= 1.3.0)
|
||||
mixlib-cli (~> 1.3.0)
|
||||
mixlib-config (>= 1.1.2)
|
||||
mixlib-log (>= 1.3.0)
|
||||
mixlib-shellout
|
||||
net-ssh (~> 2.6)
|
||||
net-ssh-multi (~> 1.1.0)
|
||||
ohai (>= 0.6.0)
|
||||
rest-client (>= 1.0.4, < 1.7.0)
|
||||
yajl-ruby (~> 1.1)
|
||||
chefspec (3.0.2)
|
||||
chef (~> 11.0)
|
||||
fauxhai (~> 2.0)
|
||||
rspec (~> 2.14)
|
||||
chozo (0.6.1)
|
||||
activesupport (>= 3.2.0)
|
||||
hashie (>= 2.0.2)
|
||||
multi_json (>= 1.3.0)
|
||||
diff-lcs (1.2.5)
|
||||
erubis (2.7.0)
|
||||
faraday (0.8.8)
|
||||
multipart-post (~> 1.2.0)
|
||||
fauxhai (2.0.1)
|
||||
net-ssh
|
||||
ohai
|
||||
ffi (1.9.3)
|
||||
foodcritic (3.0.3)
|
||||
erubis
|
||||
gherkin (~> 2.11.7)
|
||||
nokogiri (~> 1.5.4)
|
||||
rake
|
||||
treetop (~> 1.4.10)
|
||||
yajl-ruby (~> 1.1.0)
|
||||
gherkin (2.11.8)
|
||||
multi_json (~> 1.3)
|
||||
gssapi (1.0.3)
|
||||
ffi (>= 1.0.1)
|
||||
gyoku (1.1.0)
|
||||
builder (>= 2.1.2)
|
||||
hashie (2.0.5)
|
||||
highline (1.6.20)
|
||||
httpclient (2.3.4.1)
|
||||
httpi (0.9.7)
|
||||
rack
|
||||
i18n (0.6.9)
|
||||
ipaddress (0.8.0)
|
||||
json (1.7.7)
|
||||
little-plugger (1.1.3)
|
||||
logging (1.8.1)
|
||||
little-plugger (>= 1.1.3)
|
||||
multi_json (>= 1.3.6)
|
||||
mime-types (2.0)
|
||||
minitar (0.5.4)
|
||||
mixlib-authentication (1.3.0)
|
||||
mixlib-log
|
||||
mixlib-cli (1.3.0)
|
||||
mixlib-config (2.1.0)
|
||||
mixlib-log (1.6.0)
|
||||
mixlib-shellout (1.3.0)
|
||||
multi_json (1.8.2)
|
||||
multipart-post (1.2.0)
|
||||
net-http-persistent (2.9)
|
||||
net-ssh (2.7.0)
|
||||
net-ssh-gateway (1.2.0)
|
||||
net-ssh (>= 2.6.5)
|
||||
net-ssh-multi (1.1)
|
||||
net-ssh (>= 2.1.4)
|
||||
net-ssh-gateway (>= 0.99.0)
|
||||
nio4r (0.5.0)
|
||||
nokogiri (1.5.11)
|
||||
nori (1.1.5)
|
||||
ohai (6.20.0)
|
||||
ipaddress
|
||||
mixlib-cli
|
||||
mixlib-config
|
||||
mixlib-log
|
||||
mixlib-shellout
|
||||
systemu (~> 2.5.2)
|
||||
yajl-ruby
|
||||
parser (2.1.1)
|
||||
ast (~> 1.1)
|
||||
slop (~> 3.4, >= 3.4.5)
|
||||
polyglot (0.3.3)
|
||||
powerpack (0.0.9)
|
||||
rack (1.5.2)
|
||||
rainbow (1.99.0)
|
||||
rake (10.1.1)
|
||||
rbzip2 (0.2.0)
|
||||
rest-client (1.6.7)
|
||||
mime-types (>= 1.16)
|
||||
retryable (1.3.3)
|
||||
ridley (1.5.3)
|
||||
addressable
|
||||
buff-config (~> 0.2)
|
||||
buff-extensions (~> 0.3)
|
||||
buff-ignore (~> 1.1)
|
||||
buff-shell_out (~> 0.1)
|
||||
celluloid (~> 0.14.0)
|
||||
celluloid-io (~> 0.14.0)
|
||||
erubis
|
||||
faraday (>= 0.8.4)
|
||||
hashie (>= 2.0.2)
|
||||
json (>= 1.7.7)
|
||||
mixlib-authentication (>= 1.3.0)
|
||||
net-http-persistent (>= 2.8)
|
||||
net-ssh
|
||||
nio4r (>= 0.5.0)
|
||||
retryable
|
||||
solve (>= 0.4.4)
|
||||
varia_model (~> 0.1)
|
||||
winrm (~> 1.1.0)
|
||||
rspec (2.14.1)
|
||||
rspec-core (~> 2.14.0)
|
||||
rspec-expectations (~> 2.14.0)
|
||||
rspec-mocks (~> 2.14.0)
|
||||
rspec-core (2.14.7)
|
||||
rspec-expectations (2.14.4)
|
||||
diff-lcs (>= 1.1.3, < 2.0)
|
||||
rspec-mocks (2.14.4)
|
||||
rubocop (0.16.0)
|
||||
parser (~> 2.1)
|
||||
powerpack (~> 0.0.6)
|
||||
rainbow (>= 1.1.4)
|
||||
rubyntlm (0.1.1)
|
||||
savon (0.9.5)
|
||||
akami (~> 1.0)
|
||||
builder (>= 2.1.2)
|
||||
gyoku (>= 0.4.0)
|
||||
httpi (~> 0.9)
|
||||
nokogiri (>= 1.4.0)
|
||||
nori (~> 1.0)
|
||||
wasabi (~> 1.0)
|
||||
slop (3.4.7)
|
||||
solve (0.8.2)
|
||||
strainer (3.3.0)
|
||||
berkshelf (~> 2.0)
|
||||
buff-platform (~> 0.1)
|
||||
systemu (2.5.2)
|
||||
thor (0.18.1)
|
||||
timers (1.1.0)
|
||||
treetop (1.4.15)
|
||||
polyglot
|
||||
polyglot (>= 0.3.1)
|
||||
uuidtools (2.1.4)
|
||||
varia_model (0.2.0)
|
||||
buff-extensions (~> 0.2)
|
||||
hashie (>= 2.0.2)
|
||||
wasabi (1.0.0)
|
||||
nokogiri (>= 1.4.0)
|
||||
winrm (1.1.3)
|
||||
gssapi (~> 1.0.0)
|
||||
httpclient (~> 2.2, >= 2.2.0.2)
|
||||
logging (~> 1.6, >= 1.6.1)
|
||||
nokogiri (~> 1.5)
|
||||
rubyntlm (~> 0.1.1)
|
||||
savon (= 0.9.5)
|
||||
uuidtools (~> 2.1.2)
|
||||
yajl-ruby (1.1.0)
|
||||
|
||||
PLATFORMS
|
||||
ruby
|
||||
|
||||
DEPENDENCIES
|
||||
berkshelf (~> 2.0.10)
|
||||
chef (~> 11.4.4)
|
||||
chefspec (~> 3.0.2)
|
||||
foodcritic (~> 3.0.3)
|
||||
json (<= 1.7.7)
|
||||
rubocop
|
||||
strainer
|
|
@ -0,0 +1,131 @@
|
|||
Description
|
||||
===========
|
||||
|
||||
This cookbook installs the OpenStack Heat service **Heat** as part of an OpenStack reference deployment Chef for OpenStack.
|
||||
|
||||
http://heat.openstack.org/
|
||||
|
||||
Requirements
|
||||
============
|
||||
|
||||
Chef 0.10.0 or higher required (for Chef environment use).
|
||||
|
||||
Cookbooks
|
||||
---------
|
||||
|
||||
The following cookbooks are dependencies:
|
||||
|
||||
* openstack-common
|
||||
* openstack-identity
|
||||
|
||||
Usage
|
||||
=====
|
||||
|
||||
common
|
||||
------
|
||||
- Installs the heat packages and setup configuration for Heat.
|
||||
|
||||
api
|
||||
------
|
||||
- Configure and start heat-api service
|
||||
|
||||
api-cfn
|
||||
------
|
||||
- Configure and start heat-api-cfn service
|
||||
|
||||
api-cloudwatch
|
||||
------
|
||||
- Configure and start heat-api-cloudwatch service
|
||||
|
||||
engine
|
||||
------
|
||||
- Setup the heat database and start heat-engine service
|
||||
|
||||
keystone-registration
|
||||
---------------------
|
||||
- Registers the Heat API endpoint, heat service and user
|
||||
|
||||
Attributes
|
||||
==========
|
||||
|
||||
Attributes for the Heat service are in the ['openstack']['orchestration'] namespace.
|
||||
|
||||
* `openstack['orchestration']['verbose']` - Enables/disables verbose output for heat services.
|
||||
* `openstack['orchestration']['debug']` - Enables/disables debug output for heat services.
|
||||
* `openstack['orchestration']['identity_service_chef_role']` - The name of the Chef role that installs the Keystone Service API
|
||||
* `openstack['orchestration']['rabbit_server_chef_role']` - The name of the Chef role that knows about the message queue server
|
||||
* `openstack['orchestration']['user']` - User heat runs as
|
||||
* `openstack['orchestration']['group']` - Group heat runs as
|
||||
* `openstack['orchestration']['db']['username']` - Username for heat database access
|
||||
* `openstack['orchestration']['api']['adminURL']` - Used when registering heat endpoint with keystone
|
||||
* `openstack['orchestration']['api']['internalURL']` - Used when registering heat endpoint with keystone
|
||||
* `openstack['orchestration']['api']['publicURL']` - Used when registering heat endpoint with keystone
|
||||
* `openstack['orchestration']['service_tenant_name']` - Tenant name used by heat when interacting with keystone - used in the API and registry paste.ini files
|
||||
* `openstack['orchestration']['service_user']` - User name used by heat when interacting with keystone - used in the API and registry paste.ini files
|
||||
* `openstack['orchestration']['service_role']` - User role used by heat when interacting with keystone - used in the API and registry paste.ini files
|
||||
* `openstack['orchestration']['api']['auth']['cache_dir']` - Defaults to `/var/cache/heat`. Directory where `auth_token` middleware writes certificates for heat
|
||||
* `openstack['orchestration']['syslog']['use']` - Should heat log to syslog?
|
||||
* `openstack['orchestration']['syslog']['facility']` - Which facility heat should use when logging in python style (for example, `LOG_LOCAL1`)
|
||||
* `openstack['orchestration']['syslog']['config_facility']` - Which facility heat should use when logging in rsyslog style (for example, local1)
|
||||
* `openstack['orchestration']['rpc_thread_pool_size']` - size of RPC thread pool
|
||||
* `openstack['orchestration']['rpc_conn_pool_size']` - size of RPC connection pool
|
||||
* `openstack['orchestration']['rpc_response_timeout']` - seconds to wait for a response from call or multicall
|
||||
* `openstack['orchestration']['platform']` - hash of platform specific package/service names and options
|
||||
|
||||
MQ attributes
|
||||
-------------
|
||||
* `openstack["orchestration"]["mq"]["service_type"]` - Select qpid or rabbitmq. default rabbitmq
|
||||
TODO: move rabbit parameters under openstack["orchestration"]["mq"]
|
||||
* `openstack["orchestration"]["rabbit"]["username"]` - Username for nova rabbit access
|
||||
* `openstack["orchestration"]["rabbit"]["vhost"]` - The rabbit vhost to use
|
||||
* `openstack["orchestration"]["rabbit"]["port"]` - The rabbit port to use
|
||||
* `openstack["orchestration"]["rabbit"]["host"]` - The rabbit host to use (must set when `openstack["orchestration"]["rabbit"]["ha"]` false).
|
||||
* `openstack["orchestration"]["rabbit"]["ha"]` - Whether or not to use rabbit ha
|
||||
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["host"]` - The qpid host to use
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["port"]` - The qpid port to use
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["qpid_hosts"]` - Qpid hosts. TODO. use only when ha is specified.
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["username"]` - Username for qpid connection
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["password"]` - Password for qpid connection
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["sasl_mechanisms"]` - Space separated list of SASL mechanisms to use for auth
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["reconnect_timeout"]` - The number of seconds to wait before deciding that a reconnect attempt has failed.
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["reconnect_limit"]` - The limit for the number of times to reconnect before considering the connection to be failed.
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["reconnect_interval_min"]` - Minimum number of seconds between connection attempts.
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["reconnect_interval_max"]` - Maximum number of seconds between connection attempts.
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["reconnect_interval"]` - Equivalent to setting qpid_reconnect_interval_min and qpid_reconnect_interval_max to the same value.
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["heartbeat"]` - Seconds between heartbeat messages sent to ensure that the connection is still alive.
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["protocol"]` - Protocol to use. Default tcp.
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["tcp_nodelay"]` - Disable the Nagle algorithm. default disabled.
|
||||
|
||||
Testing
|
||||
=====
|
||||
This cookbook uses [bundler](http://gembundler.com/), [berkshelf](http://berkshelf.com/), and [strainer](https://github.com/customink/strainer) to isolate dependencies and run tests.
|
||||
|
||||
Tests are defined in Strainerfile.
|
||||
|
||||
To run tests:
|
||||
|
||||
$ bundle install # install gem dependencies
|
||||
$ bundle exec berks install # install cookbook dependencies
|
||||
$ bundle exec strainer test # run tests
|
||||
|
||||
License and Author
|
||||
==================
|
||||
|
||||
| | |
|
||||
|:---------------------|:---------------------------------------------------|
|
||||
| **Author** | Zhao Fang Han (<hanzhf@cn.ibm.com>) |
|
||||
| | | |
|
||||
| **Copyright** | Copyright (c) 2013, IBM Corp. |
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
|
@ -0,0 +1,5 @@
|
|||
# Strainerfile
|
||||
rubocop: bundle exec rubocop $SANDBOX/$COOKBOOK
|
||||
knife test: bundle exec knife cookbook test $COOKBOOK
|
||||
foodcritic: bundle exec foodcritic -f any -t ~FC003 -t ~FC023 $SANDBOX/$COOKBOOK
|
||||
chefspec: bundle exec rspec $SANDBOX/$COOKBOOK/spec
|
|
@ -0,0 +1,138 @@
|
|||
#
|
||||
# Cookbook Name:: openstack-orchestration
|
||||
# Attributes:: default
|
||||
#
|
||||
# Copyright 2013, IBM Corp.
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
# Set to some text value if you want templated config files
|
||||
# to contain a custom banner at the top of the written file
|
||||
default["openstack"]["orchestration"]["custom_template_banner"] = "
|
||||
# This file autogenerated by Chef
|
||||
# Do not edit, changes will be overwritten
|
||||
"
|
||||
|
||||
default["openstack"]["orchestration"]["verbose"] = "False"
|
||||
default["openstack"]["orchestration"]["debug"] = "False"
|
||||
# This is the name of the Chef role that will install the Keystone Service API
|
||||
default["openstack"]["orchestration"]["identity_service_chef_role"] = "os-identity"
|
||||
|
||||
# Gets set in the Heat Endpoint when registering with Keystone
|
||||
default["openstack"]["orchestration"]["region"] = "RegionOne"
|
||||
|
||||
# The name of the Chef role that knows about the message queue server
|
||||
# that Heat uses
|
||||
default["openstack"]["orchestration"]["rabbit_server_chef_role"] = "os-ops-messaging"
|
||||
|
||||
default["openstack"]["orchestration"]["db"]["username"] = "heat"
|
||||
|
||||
# This user's password is stored in an encrypted databag
|
||||
# and accessed with openstack-common cookbook library's
|
||||
# user_password routine. You are expected to create
|
||||
# the user, pass, vhost in a wrapper rabbitmq cookbook.
|
||||
default["openstack"]["orchestration"]["rabbit"]["ha"] = false
|
||||
default["openstack"]["orchestration"]["rabbit"]["username"] = "guest"
|
||||
default["openstack"]["orchestration"]["rabbit"]["vhost"] = "/"
|
||||
default["openstack"]["orchestration"]["rabbit"]["port"] = 5672
|
||||
default["openstack"]["orchestration"]["rabbit"]["host"] = "127.0.0.1"
|
||||
|
||||
# MQ options
|
||||
default["openstack"]["orchestration"]["mq"]["service_type"] = node["openstack"]["mq"]["service_type"]
|
||||
default["openstack"]["orchestration"]["mq"]["qpid"]["host"] = "127.0.0.1"
|
||||
default["openstack"]["orchestration"]["mq"]["qpid"]["port"] = "5672"
|
||||
default["openstack"]["orchestration"]["mq"]["qpid"]["qpid_hosts"] = ['127.0.0.1:5672']
|
||||
|
||||
default["openstack"]["orchestration"]["mq"]["qpid"]["username"] = ""
|
||||
default["openstack"]["orchestration"]["mq"]["qpid"]["password"] = ""
|
||||
default["openstack"]["orchestration"]["mq"]["qpid"]["sasl_mechanisms"] = ""
|
||||
default["openstack"]["orchestration"]["mq"]["qpid"]["reconnect_timeout"] = 0
|
||||
default["openstack"]["orchestration"]["mq"]["qpid"]["reconnect_limit"] = 0
|
||||
default["openstack"]["orchestration"]["mq"]["qpid"]["reconnect_interval_min"] = 0
|
||||
default["openstack"]["orchestration"]["mq"]["qpid"]["reconnect_interval_max"] = 0
|
||||
default["openstack"]["orchestration"]["mq"]["qpid"]["reconnect_interval"] = 0
|
||||
default["openstack"]["orchestration"]["mq"]["qpid"]["heartbeat"] = 60
|
||||
default["openstack"]["orchestration"]["mq"]["qpid"]["protocol"] = "tcp"
|
||||
default["openstack"]["orchestration"]["mq"]["qpid"]["tcp_nodelay"] = true
|
||||
|
||||
default["openstack"]["orchestration"]["service_tenant_name"] = "service"
|
||||
default["openstack"]["orchestration"]["service_user"] = "heat"
|
||||
default["openstack"]["orchestration"]["service_role"] = "admin"
|
||||
|
||||
default["openstack"]["orchestration"]["api"]["auth"]["version"] = "v2.0"
|
||||
|
||||
# If set, heat API service will bind to the address on this interface,
|
||||
# otherwise it will bind to the API endpoint's host.
|
||||
default["openstack"]["orchestration"]["api"]["bind_interface"] = nil
|
||||
|
||||
# If set, heat api-cfn service will bind to the address on this interface,
|
||||
# otherwise it will bind to the API endpoint's host.
|
||||
default["openstack"]["orchestration"]["api-cfn"]["bind_interface"] = nil
|
||||
|
||||
# If set, heat api-cloudwatch service will bind to the address on this interface,
|
||||
# otherwise it will bind to the API endpoint's host.
|
||||
default["openstack"]["orchestration"]["api-cloudwatch"]["bind_interface"] = nil
|
||||
|
||||
# Keystone PKI signing directory. Only written to the filter:authtoken section
|
||||
# of the api-paste.ini when node["openstack"]["auth"]["strategy"] == "pki"
|
||||
default["openstack"]["orchestration"]["api"]["auth"]["cache_dir"] = "/var/cache/heat"
|
||||
|
||||
# logging attribute
|
||||
default["openstack"]["orchestration"]["syslog"]["use"] = false
|
||||
default["openstack"]["orchestration"]["syslog"]["facility"] = "LOG_LOCAL2"
|
||||
default["openstack"]["orchestration"]["syslog"]["config_facility"] = "local2"
|
||||
|
||||
# Common rpc definitions
|
||||
default["openstack"]["orchestration"]["rpc_thread_pool_size"] = 64
|
||||
default["openstack"]["orchestration"]["rpc_conn_pool_size"] = 30
|
||||
default["openstack"]["orchestration"]["rpc_response_timeout"] = 60
|
||||
|
||||
# platform-specific settings
|
||||
case platform
|
||||
when "fedora", "redhat", "centos" # :pragma-foodcritic: ~FC024 - won't fix this
|
||||
default["openstack"]["orchestration"]["user"] = "heat"
|
||||
default["openstack"]["orchestration"]["group"] = "heat"
|
||||
default["openstack"]["orchestration"]["platform"] = {
|
||||
"mysql_python_packages" => [ "MySQL-python" ],
|
||||
"postgresql_python_packages" => ["python-psycopg2"],
|
||||
"heat_common_packages" => [ "openstack-heat" ],
|
||||
"heat_api_packages" => ["python-heatclient"],
|
||||
"heat_api_service" => "openstack-heat-api",
|
||||
"heat_api_cfn_packages" => ["python-heatclient"],
|
||||
"heat_api_cfn_service" => "openstack-heat-api-cfn",
|
||||
"heat_api_cloudwatch_packages" => ["python-heatclient"],
|
||||
"heat_api_cloudwatch_service" => "openstack-heat-api-cloudwatch",
|
||||
"heat_engine_packages" => [],
|
||||
"heat_engine_service" => "openstack-heat-engine",
|
||||
"heat_api_process_name" => "heat-api",
|
||||
"package_overrides" => ""
|
||||
}
|
||||
when "ubuntu"
|
||||
default["openstack"]["orchestration"]["user"] = "heat"
|
||||
default["openstack"]["orchestration"]["group"] = "heat"
|
||||
default["openstack"]["orchestration"]["platform"] = {
|
||||
"mysql_python_packages" => [ "python-mysqldb" ],
|
||||
"postgresql_python_packages" => ["python-psycopg2"],
|
||||
"heat_common_packages" => ["heat-common"],
|
||||
"heat_api_packages" => ["heat-api", "python-heatclient"],
|
||||
"heat_api_service" => "heat-api",
|
||||
"heat_api_cfn_packages" => ["heat-api-cfn","python-heatclient"],
|
||||
"heat_api_cfn_service" => "heat-api-cfn",
|
||||
"heat_api_cloudwatch_packages" => ["heat-api-cloudwatch","python-heatclient"],
|
||||
"heat_api_cloudwatch_service" => "heat-api-cloudwatch",
|
||||
"heat_engine_packages" => ["heat-engine"],
|
||||
"heat_engine_service" => "heat-engine",
|
||||
"package_overrides" => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'"
|
||||
}
|
||||
end
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
name "openstack-orchestration"
|
||||
maintainer "IBM, Inc."
|
||||
license "Apache 2.0"
|
||||
description "Installs and configures the Heat Service"
|
||||
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
|
||||
version "8.0.0"
|
||||
recipe "openstack-orchestration::common", "Installs packages and set up configuraitions for a Heat Server"
|
||||
recipe "openstack-orchestration::api", "Start Heat Api service and set up configuraions for this service"
|
||||
recipe "openstack-orchestration::api-cfn", "Start Heat Api CloudFormation service and set up configuraions for this service"
|
||||
recipe "openstack-orchestration::api-cloudwatch", "Start Heat Api CloudWatch service and set up configuraions for this service"
|
||||
recipe "openstack-orchestration::engine", "Setup Heat database and start Heat Engine service"
|
||||
recipe "openstack-orchestration::identity_registration", "Registers Heat service, user and endpoints with Keystone"
|
||||
|
||||
%w{ ubuntu fedora redhat centos }.each do |os|
|
||||
supports os
|
||||
end
|
||||
|
||||
depends "openstack-common", "~> 8.0"
|
||||
depends "openstack-identity", "~> 8.0"
|
|
@ -0,0 +1,54 @@
|
|||
#
|
||||
# Cookbook Name:: openstack-orchestration
|
||||
# Recipe:: api-cfn
|
||||
#
|
||||
# Copyright 2013, IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
include_recipe "openstack-orchestration::common"
|
||||
|
||||
platform_options = node["openstack"]["orchestration"]["platform"]
|
||||
|
||||
platform_options["heat_api_cfn_packages"].each do |pkg|
|
||||
package pkg do
|
||||
options platform_options["package_overrides"]
|
||||
|
||||
action :upgrade
|
||||
end
|
||||
end
|
||||
|
||||
service "heat-api-cfn" do
|
||||
service_name platform_options["heat_api_cfn_service"]
|
||||
supports :status => true, :restart => true
|
||||
|
||||
action :enable
|
||||
subscribes :restart, "template[/etc/heat/heat.conf]"
|
||||
end
|
||||
|
||||
template "/etc/heat/api-paste.ini" do
|
||||
source "api-paste.ini.erb"
|
||||
group node["openstack"]["orchestration"]["group"]
|
||||
owner node["openstack"]["orchestration"]["user"]
|
||||
mode 00644
|
||||
notifies :restart, "service[heat-api-cfn]", :immediately
|
||||
end
|
||||
|
||||
template "/etc/heat/policy.json" do
|
||||
source "policy.json.erb"
|
||||
group node["openstack"]["orchestration"]["group"]
|
||||
owner node["openstack"]["orchestration"]["user"]
|
||||
mode 00644
|
||||
notifies :restart, "service[heat-api-cfn]", :immediately
|
||||
end
|
|
@ -0,0 +1,58 @@
|
|||
#
|
||||
# Cookbook Name:: openstack-orchestration
|
||||
# Recipe:: api-cloudwatch
|
||||
#
|
||||
#
|
||||
# Cookbook Name:: openstack-orchestration
|
||||
# Recipe:: api-cloudwatch
|
||||
#
|
||||
# Copyright 2013, IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
include_recipe "openstack-orchestration::common"
|
||||
|
||||
platform_options = node["openstack"]["orchestration"]["platform"]
|
||||
|
||||
platform_options["heat_api_cloudwatch_packages"].each do |pkg|
|
||||
package pkg do
|
||||
options platform_options["package_overrides"]
|
||||
|
||||
action :upgrade
|
||||
end
|
||||
end
|
||||
|
||||
service "heat-api-cloudwatch" do
|
||||
service_name platform_options["heat_api_cloudwatch_service"]
|
||||
supports :status => true, :restart => true
|
||||
|
||||
action :enable
|
||||
subscribes :restart, "template[/etc/heat/heat.conf]"
|
||||
end
|
||||
|
||||
template "/etc/heat/api-paste.ini" do
|
||||
source "api-paste.ini.erb"
|
||||
group node["openstack"]["orchestration"]["group"]
|
||||
owner node["openstack"]["orchestration"]["user"]
|
||||
mode 00644
|
||||
notifies :restart, "service[heat-api-cloudwatch]", :immediately
|
||||
end
|
||||
|
||||
template "/etc/heat/policy.json" do
|
||||
source "policy.json.erb"
|
||||
group node["openstack"]["orchestration"]["group"]
|
||||
owner node["openstack"]["orchestration"]["user"]
|
||||
mode 00644
|
||||
notifies :restart, "service[heat-api-cloudwatch]", :immediately
|
||||
end
|
|
@ -0,0 +1,54 @@
|
|||
#
|
||||
# Cookbook Name:: openstack-orchestration
|
||||
# Recipe:: api
|
||||
#
|
||||
# Copyright 2013, IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
include_recipe "openstack-orchestration::common"
|
||||
|
||||
platform_options = node["openstack"]["orchestration"]["platform"]
|
||||
|
||||
platform_options["heat_api_packages"].each do |pkg|
|
||||
package pkg do
|
||||
options platform_options["package_overrides"]
|
||||
|
||||
action :upgrade
|
||||
end
|
||||
end
|
||||
|
||||
service "heat-api" do
|
||||
service_name platform_options["heat_api_service"]
|
||||
supports :status => true, :restart => true
|
||||
|
||||
action :enable
|
||||
subscribes :restart, "template[/etc/heat/heat.conf]"
|
||||
end
|
||||
|
||||
template "/etc/heat/api-paste.ini" do
|
||||
source "api-paste.ini.erb"
|
||||
group node["openstack"]["orchestration"]["group"]
|
||||
owner node["openstack"]["orchestration"]["user"]
|
||||
mode 00644
|
||||
notifies :restart, "service[heat-api]", :immediately
|
||||
end
|
||||
|
||||
template "/etc/heat/policy.json" do
|
||||
source "policy.json.erb"
|
||||
group node["openstack"]["orchestration"]["group"]
|
||||
owner node["openstack"]["orchestration"]["user"]
|
||||
mode 00644
|
||||
notifies :restart, "service[heat-api]", :immediately
|
||||
end
|
|
@ -0,0 +1,128 @@
|
|||
#
|
||||
# Cookbook Name:: openstack-orchestration
|
||||
# Recipe:: engine
|
||||
#
|
||||
# Copyright 2013, IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
class ::Chef::Recipe
|
||||
include ::Openstack
|
||||
end
|
||||
|
||||
if node["openstack"]["orchestration"]["syslog"]["use"]
|
||||
include_recipe "openstack-common::logging"
|
||||
end
|
||||
|
||||
package "python-keystone" do
|
||||
action :upgrade
|
||||
end
|
||||
|
||||
platform_options = node["openstack"]["orchestration"]["platform"]
|
||||
|
||||
platform_options["heat_common_packages"].each do |pkg|
|
||||
package pkg do
|
||||
options platform_options["package_overrides"]
|
||||
|
||||
action :upgrade
|
||||
end
|
||||
end
|
||||
|
||||
db_type = node['openstack']['db']['orchestration']['db_type']
|
||||
platform_options["#{db_type}_python_packages"].each do |pkg|
|
||||
package pkg do
|
||||
action :upgrade
|
||||
end
|
||||
end
|
||||
|
||||
db_user = node["openstack"]["orchestration"]["db"]["username"]
|
||||
db_pass = db_password "heat"
|
||||
sql_connection = db_uri("orchestration", db_user, db_pass)
|
||||
|
||||
identity_endpoint = endpoint "identity-api"
|
||||
identity_admin_endpoint = endpoint "identity-admin"
|
||||
heat_api_endpoint = endpoint "orchestration-api"
|
||||
heat_api_cfn_endpoint = endpoint "orchestration-api-cfn"
|
||||
heat_api_cloudwatch_endpoint = endpoint "orchestration-api-cloudwatch"
|
||||
|
||||
service_pass = service_password "openstack-orchestration"
|
||||
|
||||
#TODO(jaypipes): Move this logic and stuff into the openstack-common
|
||||
# library cookbook.
|
||||
auth_uri = identity_endpoint.to_s
|
||||
if node["openstack"]["orchestration"]["api"]["auth"]["version"] != "v2.0"
|
||||
# The auth_uri should contain /v2.0 in most cases, but if the
|
||||
# auth_version is v3.0, we leave it off. This is only necessary
|
||||
# for environments that need to support V3 non-default-domain
|
||||
# tokens, which is really the only reason to set version to
|
||||
# something other than v2.0 (the default)
|
||||
auth_uri = auth_uri.gsub('/v2.0', '')
|
||||
end
|
||||
|
||||
if node["openstack"]["orchestration"]["mq"]["service_type"] == "rabbitmq"
|
||||
if node["openstack"]["orchestration"]["rabbit"]["ha"]
|
||||
rabbit_hosts = rabbit_servers
|
||||
end
|
||||
rabbit_pass = user_password node["openstack"]["orchestration"]["rabbit"]["username"]
|
||||
end
|
||||
|
||||
directory "/etc/heat" do
|
||||
group node["openstack"]["orchestration"]["group"]
|
||||
owner node["openstack"]["orchestration"]["user"]
|
||||
mode 00700
|
||||
action :create
|
||||
end
|
||||
|
||||
directory "/etc/heat/environment.d" do
|
||||
group node["openstack"]["orchestration"]["group"]
|
||||
owner node["openstack"]["orchestration"]["user"]
|
||||
mode 00700
|
||||
action :create
|
||||
end
|
||||
|
||||
directory node["openstack"]["orchestration"]["api"]["auth"]["cache_dir"] do
|
||||
owner node["openstack"]["orchestration"]["user"]
|
||||
group node["openstack"]["orchestration"]["group"]
|
||||
mode 00700
|
||||
end
|
||||
|
||||
template "/etc/heat/heat.conf" do
|
||||
source "heat.conf.erb"
|
||||
group node["openstack"]["orchestration"]["group"]
|
||||
owner node["openstack"]["orchestration"]["user"]
|
||||
mode 00644
|
||||
variables(
|
||||
:rabbit_password => rabbit_pass,
|
||||
:rabbit_hosts => rabbit_hosts,
|
||||
:auth_uri => auth_uri,
|
||||
:identity_admin_endpoint => identity_admin_endpoint,
|
||||
:service_pass => service_pass,
|
||||
:sql_connection => sql_connection,
|
||||
:heat_api_endpoint => heat_api_endpoint,
|
||||
:heat_api_cfn_endpoint => heat_api_cfn_endpoint,
|
||||
:heat_api_cloudwatch_endpoint => heat_api_cloudwatch_endpoint
|
||||
)
|
||||
end
|
||||
|
||||
template "/etc/heat/environment.d/default.yaml" do
|
||||
source "default.yaml.erb"
|
||||
group node["openstack"]["orchestration"]["group"]
|
||||
owner node["openstack"]["orchestration"]["user"]
|
||||
mode 00644
|
||||
end
|
||||
|
||||
execute "heat-manage db_sync" do
|
||||
command "heat-manage db_sync"
|
||||
action :run
|
||||
end
|
|
@ -0,0 +1,18 @@
|
|||
#
|
||||
# Cookbook Name:: openstack-orchestration
|
||||
# Recipe:: default
|
||||
#
|
||||
# Copyright 2013, IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
|
@ -0,0 +1,37 @@
|
|||
#
|
||||
# Cookbook Name:: openstack-orchestration
|
||||
# Recipe:: engine
|
||||
#
|
||||
# Copyright 2013, IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
include_recipe "openstack-orchestration::common"
|
||||
|
||||
platform_options = node["openstack"]["orchestration"]["platform"]
|
||||
|
||||
platform_options["heat_engine_packages"].each do |pkg|
|
||||
package pkg do
|
||||
options platform_options["package_overrides"]
|
||||
|
||||
action :upgrade
|
||||
end
|
||||
end
|
||||
|
||||
service "heat_engine" do
|
||||
service_name platform_options["heat_engine_service"]
|
||||
supports :status => true, :restart => true
|
||||
action :enable
|
||||
subscribes :restart, "template[/etc/heat/heat.conf]"
|
||||
end
|
|
@ -0,0 +1,124 @@
|
|||
#
|
||||
# Cookbook Name:: openstack-orchestration
|
||||
# Recipe:: identity_registration
|
||||
#
|
||||
# Copyright 2013, IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
require "uri"
|
||||
|
||||
class ::Chef::Recipe
|
||||
include ::Openstack
|
||||
end
|
||||
|
||||
identity_admin_endpoint = endpoint "identity-admin"
|
||||
|
||||
token = secret "secrets", "openstack_identity_bootstrap_token"
|
||||
auth_url = ::URI.decode identity_admin_endpoint.to_s
|
||||
|
||||
heat_endpoint = endpoint "orchestration-api"
|
||||
heat_cfn_endpoint = endpoint "orchestration-api-cfn"
|
||||
|
||||
service_pass = service_password "openstack-orchestration"
|
||||
service_tenant_name = node["openstack"]["orchestration"]["service_tenant_name"]
|
||||
service_user = node["openstack"]["orchestration"]["service_user"]
|
||||
service_role = node["openstack"]["orchestration"]["service_role"]
|
||||
region = node["openstack"]["orchestration"]["region"]
|
||||
|
||||
#Do not configure a service/endpoint in keystone for heat-api-cloudwatch(Bug #1167927),
|
||||
#See discussions on https://bugs.launchpad.net/heat/+bug/1167927
|
||||
|
||||
# Register Heat API Service
|
||||
openstack_identity_register "Register Heat Orchestration Service" do
|
||||
auth_uri auth_url
|
||||
bootstrap_token token
|
||||
service_name "heat"
|
||||
service_type "orchestration"
|
||||
service_description "Heat Orchestration Service"
|
||||
|
||||
action :create_service
|
||||
end
|
||||
|
||||
# Register Heat API Cloudformation Service
|
||||
openstack_identity_register "Register Heat Cloudformation Service" do
|
||||
auth_uri auth_url
|
||||
bootstrap_token token
|
||||
service_name "heat-cfn"
|
||||
service_type "cloudformation"
|
||||
service_description "Heat Cloudformation Service"
|
||||
|
||||
action :create_service
|
||||
end
|
||||
|
||||
# Register Heat API Endpoint
|
||||
openstack_identity_register "Register Heat Orchestration Endpoint" do
|
||||
auth_uri auth_url
|
||||
bootstrap_token token
|
||||
service_type "orchestration"
|
||||
endpoint_region region
|
||||
endpoint_adminurl heat_endpoint.to_s
|
||||
endpoint_internalurl heat_endpoint.to_s
|
||||
endpoint_publicurl heat_endpoint.to_s
|
||||
|
||||
action :create_endpoint
|
||||
end
|
||||
|
||||
# Register Heat API CloudFormation Endpoint
|
||||
openstack_identity_register "Register Heat Cloudformation Endpoint" do
|
||||
auth_uri auth_url
|
||||
bootstrap_token token
|
||||
service_type "cloudformation"
|
||||
endpoint_region region
|
||||
endpoint_adminurl heat_cfn_endpoint.to_s
|
||||
endpoint_internalurl heat_cfn_endpoint.to_s
|
||||
endpoint_publicurl heat_cfn_endpoint.to_s
|
||||
|
||||
action :create_endpoint
|
||||
end
|
||||
|
||||
# Register Service Tenant
|
||||
openstack_identity_register "Register Service Tenant" do
|
||||
auth_uri auth_url
|
||||
bootstrap_token token
|
||||
tenant_name service_tenant_name
|
||||
tenant_description "Service Tenant"
|
||||
tenant_enabled true # Not required as this is the default
|
||||
|
||||
action :create_tenant
|
||||
end
|
||||
|
||||
# Register Service User
|
||||
openstack_identity_register "Register Heat Service User" do
|
||||
auth_uri auth_url
|
||||
bootstrap_token token
|
||||
tenant_name service_tenant_name
|
||||
user_name service_user
|
||||
user_pass service_pass
|
||||
# String until https://review.openstack.org/#/c/29498/ merged
|
||||
user_enabled true
|
||||
|
||||
action :create_user
|
||||
end
|
||||
|
||||
## Grant Admin role to Service User for Service Tenant ##
|
||||
openstack_identity_register "Grant '#{service_role}' Role to #{service_user} User for #{service_tenant_name} Tenant" do
|
||||
auth_uri auth_url
|
||||
bootstrap_token token
|
||||
tenant_name service_tenant_name
|
||||
user_name service_user
|
||||
role_name service_role
|
||||
|
||||
action :grant_role
|
||||
end
|
|
@ -0,0 +1,29 @@
|
|||
require_relative "spec_helper"
|
||||
|
||||
describe "openstack-orchestration::api-cfn" do
|
||||
before { orchestration_stubs }
|
||||
describe "redhat" do
|
||||
before do
|
||||
@chef_run = ::ChefSpec::Runner.new ::REDHAT_OPTS do |n|
|
||||
n.set["openstack"]["orchestration"]["syslog"]["use"] = true
|
||||
end
|
||||
@chef_run.converge "openstack-orchestration::api-cfn"
|
||||
end
|
||||
|
||||
expect_runs_openstack_orchestration_common_recipe
|
||||
|
||||
expect_runs_openstack_common_logging_recipe
|
||||
|
||||
it "installs heat client packages" do
|
||||
expect(@chef_run).to upgrade_package "python-heatclient"
|
||||
end
|
||||
|
||||
expect_creates_api_paste "service[heat-api-cfn]"
|
||||
|
||||
expect_creates_policy_json "service[heat-api-cfn]","heat","heat"
|
||||
|
||||
it "starts heat api-cfn on boot" do
|
||||
expect(@chef_run).to enable_service("openstack-heat-api-cfn")
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,29 @@
|
|||
require_relative "spec_helper"
|
||||
|
||||
describe "openstack-orchestration::api-cloudwatch" do
|
||||
before { orchestration_stubs }
|
||||
describe "redhat" do
|
||||
before do
|
||||
@chef_run = ::ChefSpec::Runner.new ::REDHAT_OPTS do |n|
|
||||
n.set["openstack"]["orchestration"]["syslog"]["use"] = true
|
||||
end
|
||||
@chef_run.converge "openstack-orchestration::api-cloudwatch"
|
||||
end
|
||||
|
||||
expect_runs_openstack_orchestration_common_recipe
|
||||
|
||||
expect_runs_openstack_common_logging_recipe
|
||||
|
||||
it "installs heat client packages" do
|
||||
expect(@chef_run).to upgrade_package "python-heatclient"
|
||||
end
|
||||
|
||||
expect_creates_api_paste "service[heat-api-cloudwatch]"
|
||||
|
||||
expect_creates_policy_json "service[heat-api-cloudwatch]","heat","heat"
|
||||
|
||||
it "starts heat api-cloudwatch on boot" do
|
||||
expect(@chef_run).to enable_service("openstack-heat-api-cloudwatch")
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,29 @@
|
|||
require_relative "spec_helper"
|
||||
|
||||
describe "openstack-orchestration::api" do
|
||||
before { orchestration_stubs }
|
||||
describe "redhat" do
|
||||
before do
|
||||
@chef_run = ::ChefSpec::Runner.new ::REDHAT_OPTS
|
||||
@chef_run.converge "openstack-orchestration::api"
|
||||
end
|
||||
|
||||
expect_runs_openstack_orchestration_common_recipe
|
||||
|
||||
it "doesn't run logging recipe" do
|
||||
expect(@chef_run).not_to include_recipe "openstack-common::logging"
|
||||
end
|
||||
|
||||
it "installs heat client packages" do
|
||||
expect(@chef_run).to upgrade_package "python-heatclient"
|
||||
end
|
||||
|
||||
expect_creates_api_paste "service[heat-api]"
|
||||
|
||||
expect_creates_policy_json "service[heat-api]","heat","heat"
|
||||
|
||||
it "starts heat api on boot" do
|
||||
expect(@chef_run).to enable_service("openstack-heat-api")
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,115 @@
|
|||
require_relative "spec_helper"
|
||||
|
||||
describe "openstack-orchestration::common" do
|
||||
before { orchestration_stubs }
|
||||
before do
|
||||
@chef_run = ::ChefSpec::Runner.new ::REDHAT_OPTS
|
||||
@chef_run.converge "openstack-orchestration::common"
|
||||
end
|
||||
|
||||
it "installs python-keystone" do
|
||||
expect(@chef_run).to upgrade_package "python-keystone"
|
||||
end
|
||||
|
||||
it "installs the openstack-heat package" do
|
||||
expect(@chef_run).to upgrade_package "openstack-heat"
|
||||
end
|
||||
|
||||
it "installs mysql python packages by default" do
|
||||
expect(@chef_run).to upgrade_package "MySQL-python"
|
||||
end
|
||||
|
||||
it "installs postgresql python packages if explicitly told" do
|
||||
chef_run = ::ChefSpec::Runner.new ::REDHAT_OPTS
|
||||
node = chef_run.node
|
||||
node.set["openstack"]["db"]["orchestration"]["db_type"] = "postgresql"
|
||||
chef_run.converge "openstack-orchestration::common"
|
||||
|
||||
expect(chef_run).to upgrade_package "python-psycopg2"
|
||||
expect(chef_run).not_to upgrade_package "MySQL-python"
|
||||
end
|
||||
|
||||
describe "/etc/heat" do
|
||||
before do
|
||||
@dir = @chef_run.directory "/etc/heat"
|
||||
end
|
||||
|
||||
it "has proper owner" do
|
||||
expect(@dir.owner).to eq("heat")
|
||||
end
|
||||
|
||||
it "has proper modes" do
|
||||
expect(sprintf("%o", @dir.mode)).to eq "700"
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
describe "/etc/heat/environment.d" do
|
||||
before do
|
||||
@dir = @chef_run.directory "/etc/heat/environment.d"
|
||||
end
|
||||
|
||||
it "has proper owner" do
|
||||
expect(@dir.owner).to eq("heat")
|
||||
end
|
||||
|
||||
it "has proper modes" do
|
||||
expect(sprintf("%o", @dir.mode)).to eq "700"
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
describe "/var/cache/heat" do
|
||||
before do
|
||||
@dir = @chef_run.directory "/var/cache/heat"
|
||||
end
|
||||
|
||||
it "has proper owner" do
|
||||
expect(@dir.owner).to eq("heat")
|
||||
end
|
||||
|
||||
it "has proper modes" do
|
||||
expect(sprintf("%o", @dir.mode)).to eq "700"
|
||||
end
|
||||
end
|
||||
|
||||
describe "heat.conf" do
|
||||
before do
|
||||
@template = @chef_run.template "/etc/heat/heat.conf"
|
||||
end
|
||||
it "has proper owner" do
|
||||
expect(@template.owner).to eq("heat")
|
||||
expect(@template.group).to eq("heat")
|
||||
end
|
||||
|
||||
it "has proper modes" do
|
||||
expect(sprintf("%o", @template.mode)).to eq "644"
|
||||
end
|
||||
|
||||
# Pending on https://review.openstack.org/#/c/59088/
|
||||
it "template contents" do
|
||||
pending "TODO: implement"
|
||||
end
|
||||
end
|
||||
|
||||
describe "default.yaml" do
|
||||
before do
|
||||
@template = @chef_run.template "/etc/heat/environment.d/default.yaml"
|
||||
end
|
||||
|
||||
it "has proper owner" do
|
||||
expect(@template.owner).to eq("heat")
|
||||
expect(@template.group).to eq("heat")
|
||||
end
|
||||
|
||||
it "has proper modes" do
|
||||
expect(sprintf("%o", @template.mode)).to eq "644"
|
||||
end
|
||||
end
|
||||
|
||||
it "runs db migrations" do
|
||||
cmd = "heat-manage db_sync"
|
||||
expect(@chef_run).to run_execute(cmd)
|
||||
end
|
||||
end
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
require_relative "spec_helper"
|
||||
|
||||
describe "openstack-orchestration::default" do
|
||||
end
|
|
@ -0,0 +1,21 @@
|
|||
require_relative "spec_helper"
|
||||
|
||||
describe "openstack-orchestration::engine" do
|
||||
before { orchestration_stubs }
|
||||
describe "redhat" do
|
||||
before do
|
||||
@chef_run = ::ChefSpec::Runner.new ::REDHAT_OPTS
|
||||
@chef_run.converge "openstack-orchestration::engine"
|
||||
end
|
||||
|
||||
expect_runs_openstack_orchestration_common_recipe
|
||||
|
||||
it "doesn't run logging recipe" do
|
||||
expect(@chef_run).not_to include_recipe "openstack-common::logging"
|
||||
end
|
||||
|
||||
it "starts heat engine on boot" do
|
||||
expect(@chef_run).to enable_service("openstack-heat-engine")
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,87 @@
|
|||
require_relative "spec_helper"
|
||||
|
||||
describe "openstack-orchestration::identity_registration" do
|
||||
before do
|
||||
orchestration_stubs
|
||||
@chef_run = ::ChefSpec::Runner.new ::REDHAT_OPTS
|
||||
@chef_run.converge "openstack-orchestration::identity_registration"
|
||||
end
|
||||
|
||||
it "Register Heat Orchestration Service" do
|
||||
resource = @chef_run.find_resource(
|
||||
"openstack-identity_register",
|
||||
"Register Heat Orchestration Service"
|
||||
).to_hash
|
||||
|
||||
expect(resource).to include(
|
||||
:auth_uri => "http://127.0.0.1:35357/v2.0",
|
||||
:bootstrap_token => "bootstrap-token",
|
||||
:service_name => "heat",
|
||||
:service_type => "orchestration",
|
||||
:service_description => "Heat Orchestration Service",
|
||||
:action => [:create_service]
|
||||
)
|
||||
end
|
||||
|
||||
# Pending on https://review.openstack.org/#/c/59088/
|
||||
it "Register Heat Orchestration Endpoint" do
|
||||
pending "TODO: implement"
|
||||
end
|
||||
|
||||
|
||||
it "Register Heat Cloudformation Service" do
|
||||
resource = @chef_run.find_resource(
|
||||
"openstack-identity_register",
|
||||
"Register Heat Cloudformation Service"
|
||||
).to_hash
|
||||
|
||||
expect(resource).to include(
|
||||
:auth_uri => "http://127.0.0.1:35357/v2.0",
|
||||
:bootstrap_token => "bootstrap-token",
|
||||
:service_name => "heat-cfn",
|
||||
:service_type => "cloudformation",
|
||||
:service_description => "Heat Cloudformation Service",
|
||||
:action => [:create_service]
|
||||
)
|
||||
end
|
||||
|
||||
# Pending on https://review.openstack.org/#/c/59088/
|
||||
it "Register Heat Cloudformation Endpoint" do
|
||||
pending "TODO: implement"
|
||||
end
|
||||
|
||||
|
||||
it "registers service user" do
|
||||
resource = @chef_run.find_resource(
|
||||
"openstack-identity_register",
|
||||
"Register Heat Service User"
|
||||
).to_hash
|
||||
|
||||
expect(resource).to include(
|
||||
:auth_uri => "http://127.0.0.1:35357/v2.0",
|
||||
:bootstrap_token => "bootstrap-token",
|
||||
:tenant_name => "service",
|
||||
:user_name => "heat",
|
||||
:user_pass => "heat-pass",
|
||||
:user_enabled => true,
|
||||
:action => [:create_user]
|
||||
)
|
||||
end
|
||||
|
||||
it "grants admin role to service user for service tenant" do
|
||||
resource = @chef_run.find_resource(
|
||||
"openstack-identity_register",
|
||||
"Grant 'admin' Role to heat User for service Tenant"
|
||||
).to_hash
|
||||
|
||||
expect(resource).to include(
|
||||
:auth_uri => "http://127.0.0.1:35357/v2.0",
|
||||
:bootstrap_token => "bootstrap-token",
|
||||
:tenant_name => "service",
|
||||
:user_name => "heat",
|
||||
:role_name => "admin",
|
||||
:action => [:grant_role]
|
||||
)
|
||||
end
|
||||
|
||||
end
|
|
@ -0,0 +1,95 @@
|
|||
require "chefspec"
|
||||
require "chef/application"
|
||||
|
||||
::LOG_LEVEL = :fatal
|
||||
::REDHAT_OPTS = {
|
||||
:platform => "redhat",
|
||||
:version => "6.3",
|
||||
:log_level => ::LOG_LEVEL
|
||||
}
|
||||
|
||||
def orchestration_stubs
|
||||
::Chef::Recipe.any_instance.stub(:rabbit_servers).
|
||||
and_return "1.1.1.1:5672,2.2.2.2:5672"
|
||||
::Chef::Recipe.any_instance.stub(:address_for).
|
||||
with("lo").
|
||||
and_return "127.0.1.1"
|
||||
::Chef::Recipe.any_instance.stub(:secret).
|
||||
with("secrets", "openstack_identity_bootstrap_token").
|
||||
and_return "bootstrap-token"
|
||||
::Chef::Recipe.any_instance.stub(:db_password).and_return String.new
|
||||
::Chef::Recipe.any_instance.stub(:user_password).and_return String.new
|
||||
::Chef::Recipe.any_instance.stub(:user_password).
|
||||
with("guest").
|
||||
and_return "rabbit-pass"
|
||||
::Chef::Recipe.any_instance.stub(:user_password).
|
||||
with("admin-user").
|
||||
and_return "admin-pass"
|
||||
::Chef::Recipe.any_instance.stub(:service_password).with("openstack-orchestration").
|
||||
and_return "heat-pass"
|
||||
::Chef::Application.stub(:fatal!)
|
||||
end
|
||||
|
||||
def expect_runs_openstack_orchestration_common_recipe
|
||||
it "runs orchestration common recipe" do
|
||||
expect(@chef_run).to include_recipe "openstack-orchestration::common"
|
||||
end
|
||||
end
|
||||
|
||||
def expect_installs_python_keystone
|
||||
it "installs python-keystone" do
|
||||
expect(@chef_run).to upgrade_package "python-keystone"
|
||||
end
|
||||
end
|
||||
|
||||
def expect_runs_openstack_common_logging_recipe
|
||||
it "runs logging recipe if node attributes say to" do
|
||||
expect(@chef_run).to include_recipe "openstack-common::logging"
|
||||
end
|
||||
end
|
||||
|
||||
def expect_creates_api_paste service, action=:restart
|
||||
describe "api-paste.ini" do
|
||||
before do
|
||||
@template = @chef_run.template "/etc/heat/api-paste.ini"
|
||||
end
|
||||
|
||||
it "has proper owner" do
|
||||
expect(@template.owner).to eq("heat")
|
||||
expect(@template.group).to eq("heat")
|
||||
end
|
||||
|
||||
it "has proper modes" do
|
||||
expect(sprintf("%o", @template.mode)).to eq "644"
|
||||
end
|
||||
|
||||
it "template contents" do
|
||||
pending "TODO: implement"
|
||||
end
|
||||
|
||||
it "notifies heat-api restart" do
|
||||
expect(@template).to notify(service).to(action)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def expect_creates_policy_json service, user, group, action=:restart
|
||||
describe "policy.json" do
|
||||
before do
|
||||
@template = @chef_run.template "/etc/heat/policy.json"
|
||||
end
|
||||
|
||||
it "has proper owner" do
|
||||
expect(@template.owner).to eq(user)
|
||||
expect(@template.group).to eq(group)
|
||||
end
|
||||
|
||||
it "has proper modes" do
|
||||
expect(sprintf("%o", @template.mode)).to eq "644"
|
||||
end
|
||||
|
||||
it "notifies service restart" do
|
||||
expect(@template).to notify(service).to(action)
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,88 @@
|
|||
<%= node["openstack"]["orchestration"]["custom_template_banner"] %>
|
||||
|
||||
# heat-api pipeline
|
||||
[pipeline:heat-api]
|
||||
pipeline = faultwrap versionnegotiation authtoken context apiv1app
|
||||
|
||||
# heat-api pipeline for standalone heat
|
||||
# ie. uses alternative auth backend that authenticates users against keystone
|
||||
# using username and password instead of validating token (which requires
|
||||
# an admin/service token).
|
||||
# To enable, in heat.conf:
|
||||
# [paste_deploy]
|
||||
# flavor = standalone
|
||||
#
|
||||
[pipeline:heat-api-standalone]
|
||||
pipeline = faultwrap versionnegotiation authpassword context apiv1app
|
||||
|
||||
# heat-api pipeline for custom cloud backends
|
||||
# i.e. in heat.conf:
|
||||
# [paste_deploy]
|
||||
# flavor = custombackend
|
||||
#
|
||||
[pipeline:heat-api-custombackend]
|
||||
pipeline = faultwrap versionnegotiation context custombackendauth apiv1app
|
||||
|
||||
# heat-api-cfn pipeline
|
||||
[pipeline:heat-api-cfn]
|
||||
pipeline = cfnversionnegotiation ec2authtoken authtoken context apicfnv1app
|
||||
|
||||
# heat-api-cfn pipeline for standalone heat
|
||||
# relies exclusively on authenticating with ec2 signed requests
|
||||
[pipeline:heat-api-cfn-standalone]
|
||||
pipeline = cfnversionnegotiation ec2authtoken context apicfnv1app
|
||||
|
||||
# heat-api-cloudwatch pipeline
|
||||
[pipeline:heat-api-cloudwatch]
|
||||
pipeline = versionnegotiation ec2authtoken authtoken context apicwapp
|
||||
|
||||
# heat-api-cloudwatch pipeline for standalone heat
|
||||
# relies exclusively on authenticating with ec2 signed requests
|
||||
[pipeline:heat-api-cloudwatch-standalone]
|
||||
pipeline = versionnegotiation ec2authtoken context apicwapp
|
||||
|
||||
[app:apiv1app]
|
||||
paste.app_factory = heat.common.wsgi:app_factory
|
||||
heat.app_factory = heat.api.openstack.v1:API
|
||||
|
||||
[app:apicfnv1app]
|
||||
paste.app_factory = heat.common.wsgi:app_factory
|
||||
heat.app_factory = heat.api.cfn.v1:API
|
||||
|
||||
[app:apicwapp]
|
||||
paste.app_factory = heat.common.wsgi:app_factory
|
||||
heat.app_factory = heat.api.cloudwatch:API
|
||||
|
||||
[filter:versionnegotiation]
|
||||
paste.filter_factory = heat.common.wsgi:filter_factory
|
||||
heat.filter_factory = heat.api.openstack:version_negotiation_filter
|
||||
|
||||
[filter:faultwrap]
|
||||
paste.filter_factory = heat.common.wsgi:filter_factory
|
||||
heat.filter_factory = heat.api.openstack:faultwrap_filter
|
||||
|
||||
[filter:cfnversionnegotiation]
|
||||
paste.filter_factory = heat.common.wsgi:filter_factory
|
||||
heat.filter_factory = heat.api.cfn:version_negotiation_filter
|
||||
|
||||
[filter:cwversionnegotiation]
|
||||
paste.filter_factory = heat.common.wsgi:filter_factory
|
||||
heat.filter_factory = heat.api.cloudwatch:version_negotiation_filter
|
||||
|
||||
[filter:context]
|
||||
paste.filter_factory = heat.common.context:ContextMiddleware_filter_factory
|
||||
|
||||
[filter:ec2authtoken]
|
||||
paste.filter_factory = heat.api.aws.ec2token:EC2Token_filter_factory
|
||||
|
||||
# Auth middleware that validates token against keystone
|
||||
[filter:authtoken]
|
||||
paste.filter_factory = heat.common.auth_token:filter_factory
|
||||
|
||||
# Auth middleware that validates username/password against keystone
|
||||
[filter:authpassword]
|
||||
paste.filter_factory = heat.common.auth_password:filter_factory
|
||||
|
||||
# Auth middleware that validates against custom backend
|
||||
[filter:custombackendauth]
|
||||
paste.filter_factory = heat.common.custom_backend_auth:filter_factory
|
|
@ -0,0 +1,10 @@
|
|||
<%= node["openstack"]["orchestration"]["custom_template_banner"] %>
|
||||
|
||||
resource_registry:
|
||||
# allow older templates with Quantum in them.
|
||||
"OS::Quantum*": "OS::Neutron*"
|
||||
# Choose your implementation of AWS::CloudWatch::Alarm
|
||||
#"AWS::CloudWatch::Alarm": "file:///etc/heat/templates/AWS_CloudWatch_Alarm.yaml"
|
||||
"AWS::CloudWatch::Alarm": "OS::Heat::CWLiteAlarm"
|
||||
"OS::Metering::Alarm": "OS::Ceilometer::Alarm"
|
||||
"AWS::RDS::DBInstance": "file:///etc/heat/templates/AWS_RDS_DBInstance.yaml"
|
|
@ -0,0 +1,862 @@
|
|||
<%= node["openstack"]["orchestration"]["custom_template_banner"] %>
|
||||
|
||||
[DEFAULT]
|
||||
#
|
||||
# Options defined in heat.common.config
|
||||
#
|
||||
|
||||
sql_connection=<%= @sql_connection %>
|
||||
|
||||
# The default user for new instances (string value)
|
||||
#instance_user=ec2-user
|
||||
|
||||
# Driver to use for controlling instances (string value)
|
||||
#instance_driver=heat.engine.nova
|
||||
|
||||
# Engine identifier for multi-engine distributed lock. If
|
||||
# this is set to "generate_uuid", a UUID will be generated.
|
||||
# (string value)
|
||||
#engine_id=generate_uuid
|
||||
|
||||
# List of directories to search for Plugins (list value)
|
||||
#plugin_dirs=/usr/lib64/heat,/usr/lib/heat
|
||||
|
||||
# The directory to search for environment files (string value)
|
||||
#environment_dir=/etc/heat/environment.d
|
||||
|
||||
# Select deferred auth method, stored password or trusts
|
||||
# (string value)
|
||||
#deferred_auth_method=password
|
||||
|
||||
# Subset of trustor roles to be delegated to heat (list value)
|
||||
#trusts_delegated_roles=heat_stack_owner
|
||||
|
||||
# Maximum resources allowed per top-level stack. (integer
|
||||
# value)
|
||||
#max_resources_per_stack=1000
|
||||
|
||||
# Maximum number of stacks any one tenant may have active at
|
||||
# one time. (integer value)
|
||||
#max_stacks_per_tenant=100
|
||||
|
||||
# Controls how many events will be pruned whenever a stack's
|
||||
# events exceed max_events_per_stack. Set this lower to keep
|
||||
# more events at the expense of more frequent purges. (integer
|
||||
# value)
|
||||
#event_purge_batch_size=10
|
||||
|
||||
# Maximum events that will be available per stack. Older
|
||||
# events will be deleted when this is reached. Set to 0 for
|
||||
# unlimited events per stack. (integer value)
|
||||
#max_events_per_stack=1000
|
||||
|
||||
# Name of the engine node. This can be an opaque identifier.It
|
||||
# is not necessarily a hostname, FQDN, or IP address. (string
|
||||
# value)
|
||||
#host=heat
|
||||
|
||||
# seconds between running periodic tasks (integer value)
|
||||
#periodic_interval=60
|
||||
|
||||
# URL of the Heat metadata server (string value)
|
||||
heat_metadata_server_url=http://<%= @heat_api_cfn_endpoint.host %>:<%= @heat_api_cfn_endpoint.port %>
|
||||
|
||||
# URL of the Heat waitcondition server (string value)
|
||||
heat_waitcondition_server_url=http://<%= @heat_api_cfn_endpoint.host %>:<%= @heat_api_cfn_endpoint.port %><%= @heat_api_cfn_endpoint.path %>/waitcondition
|
||||
|
||||
# URL of the Heat cloudwatch server (string value)
|
||||
heat_watch_server_url=http://<%= @heat_api_cloudwatch_endpoint.host %>:<%= @heat_api_cloudwatch_endpoint.port %>
|
||||
|
||||
# Instance connection to cfn/cw API via https (string value)
|
||||
#instance_connection_is_secure=0
|
||||
|
||||
# Instance connection to cfn/cw API validate certs if ssl
|
||||
# (string value)
|
||||
#instance_connection_https_validate_certificates=1
|
||||
|
||||
# Keystone role for heat template-defined users (string value)
|
||||
#heat_stack_user_role=heat_stack_user
|
||||
|
||||
# Maximum raw byte size of any template. (integer value)
|
||||
#max_template_size=524288
|
||||
|
||||
# Maximum depth allowed when using nested stacks. (integer
|
||||
# value)
|
||||
#max_nested_stack_depth=3
|
||||
|
||||
|
||||
#
|
||||
# Options defined in heat.common.crypt
|
||||
#
|
||||
|
||||
# Encryption key used for authentication info in database
|
||||
# (string value)
|
||||
#auth_encryption_key=notgood but just long enough i think
|
||||
|
||||
|
||||
#
|
||||
# Options defined in heat.common.wsgi
|
||||
#
|
||||
|
||||
# Maximum raw byte size of JSON request body. Should be larger
|
||||
# than max_template_size. (integer value)
|
||||
#max_json_body_size=1048576
|
||||
|
||||
|
||||
#
|
||||
# Options defined in heat.db.api
|
||||
#
|
||||
|
||||
# The backend to use for db (string value)
|
||||
#db_backend=sqlalchemy
|
||||
|
||||
|
||||
#
|
||||
# Options defined in heat.engine.clients
|
||||
#
|
||||
|
||||
# Fully qualified class name to use as a client backend.
|
||||
# (string value)
|
||||
#cloud_backend=heat.engine.clients.OpenStackClients
|
||||
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.db.sqlalchemy.session
|
||||
#
|
||||
|
||||
# the filename to use with sqlite (string value)
|
||||
#sqlite_db=heat.sqlite
|
||||
|
||||
# If true, use synchronous mode for sqlite (boolean value)
|
||||
#sqlite_synchronous=true
|
||||
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.eventlet_backdoor
|
||||
#
|
||||
|
||||
# Enable eventlet backdoor. Acceptable values are 0, <port>,
|
||||
# and <start>:<end>, where 0 results in listening on a random
|
||||
# tcp port number; <port> results in listening on the
|
||||
# specified port number (and not enabling backdoor if that
|
||||
# port is in use); and <start>:<end> results in listening on
|
||||
# the smallest unused port number within the specified range
|
||||
# of port numbers. The chosen port is displayed in the
|
||||
# service's log file. (string value)
|
||||
#backdoor_port=<None>
|
||||
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.lockutils
|
||||
#
|
||||
|
||||
# Whether to disable inter-process locks (boolean value)
|
||||
#disable_process_locking=false
|
||||
|
||||
# Directory to use for lock files. (string value)
|
||||
#lock_path=<None>
|
||||
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.log
|
||||
#
|
||||
|
||||
# Print debugging output (set logging level to DEBUG instead
|
||||
# of default WARNING level). (boolean value)
|
||||
debug=<%= node["openstack"]["orchestration"]["debug"] %>
|
||||
|
||||
# Print more verbose output (set logging level to INFO instead
|
||||
# of default WARNING level). (boolean value)
|
||||
verbose=<%= node["openstack"]["orchestration"]["verbose"] %>
|
||||
|
||||
# Log output to standard error (boolean value)
|
||||
#use_stderr=true
|
||||
|
||||
# format string to use for log messages with context (string
|
||||
# value)
|
||||
#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user)s %(tenant)s] %(instance)s%(message)s
|
||||
|
||||
# format string to use for log messages without context
|
||||
# (string value)
|
||||
#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
|
||||
|
||||
# data to append to log format when level is DEBUG (string
|
||||
# value)
|
||||
#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d
|
||||
|
||||
# prefix each line of exception output with this format
|
||||
# (string value)
|
||||
#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s
|
||||
|
||||
# list of logger=LEVEL pairs (list value)
|
||||
#default_log_levels=amqplib=WARN,sqlalchemy=WARN,boto=WARN,suds=INFO,keystone=INFO,eventlet.wsgi.server=WARN
|
||||
|
||||
# publish error events (boolean value)
|
||||
#publish_errors=false
|
||||
|
||||
# make deprecations fatal (boolean value)
|
||||
#fatal_deprecations=false
|
||||
|
||||
# If an instance is passed with the log message, format it
|
||||
# like this (string value)
|
||||
#instance_format="[instance: %(uuid)s] "
|
||||
|
||||
# If an instance UUID is passed with the log message, format
|
||||
# it like this (string value)
|
||||
#instance_uuid_format="[instance: %(uuid)s] "
|
||||
|
||||
# (Optional) In addition to the system's default language log,
|
||||
# creates an additional log in the given language if such
|
||||
# language is present in the operating system. This option is
|
||||
# only enabled if the 'log-file' option is used, and the
|
||||
# additional log will be created in the same directory of the
|
||||
# main log, inside a directory named after the locale. This is
|
||||
# an OSEE-only property. (string value)
|
||||
#log_additional_locale=<None>
|
||||
|
||||
# If this option is specified, the logging configuration file
|
||||
# specified is used and overrides any other logging options
|
||||
# specified. Please see the Python logging module
|
||||
# documentation for details on logging configuration files.
|
||||
# (string value)
|
||||
<% if node["openstack"]["orchestration"]["syslog"]["use"] %>
|
||||
log_config = /etc/openstack/logging.conf
|
||||
<% end %>
|
||||
|
||||
# DEPRECATED. A logging.Formatter log message format string
|
||||
# which may use any of the available logging.LogRecord
|
||||
# attributes. This option is deprecated. Please use
|
||||
# logging_context_format_string and
|
||||
# logging_default_format_string instead. (string value)
|
||||
#log_format=<None>
|
||||
|
||||
# Format string for %%(asctime)s in log records. Default:
|
||||
# %(default)s (string value)
|
||||
#log_date_format=%Y-%m-%d %H:%M:%S
|
||||
|
||||
# (Optional) Name of log file to output to. If no default is
|
||||
# set, logging will go to stdout. (string value)
|
||||
#log_file=<None>
|
||||
|
||||
# (Optional) The base directory used for relative --log-file
|
||||
# paths (string value)
|
||||
#log_dir=<None>
|
||||
|
||||
# Use syslog for logging. (boolean value)
|
||||
#use_syslog=false
|
||||
|
||||
# syslog facility to receive log lines (string value)
|
||||
#syslog_log_facility=LOG_USER
|
||||
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.notifier.api
|
||||
#
|
||||
|
||||
# Driver or drivers to handle sending notifications (multi
|
||||
# valued)
|
||||
#notification_driver=
|
||||
|
||||
# Default notification level for outgoing notifications
|
||||
# (string value)
|
||||
#default_notification_level=INFO
|
||||
|
||||
# Default publisher_id for outgoing notifications (string
|
||||
# value)
|
||||
#default_publisher_id=<None>
|
||||
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.notifier.list_notifier
|
||||
#
|
||||
|
||||
# List of drivers to send notifications (multi valued)
|
||||
#list_notifier_drivers=heat.openstack.common.notifier.no_op_notifier
|
||||
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.notifier.rpc_notifier
|
||||
#
|
||||
|
||||
# AMQP topic used for openstack notifications (list value)
|
||||
#notification_topics=notifications
|
||||
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.policy
|
||||
#
|
||||
|
||||
# JSON file containing policy (string value)
|
||||
#policy_file=policy.json
|
||||
|
||||
# Rule enforced when requested rule is not found (string
|
||||
# value)
|
||||
#policy_default_rule=default
|
||||
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.rpc
|
||||
#
|
||||
|
||||
# The messaging module to use, defaults to kombu. (string
|
||||
# value)
|
||||
#rpc_backend=
|
||||
|
||||
# Size of RPC thread pool (integer value)
|
||||
rpc_thread_pool_size=<%= node["openstack"]["orchestration"]["rpc_thread_pool_size"] %>
|
||||
|
||||
# Size of RPC connection pool (integer value)
|
||||
rpc_conn_pool_size=<%= node["openstack"]["orchestration"]["rpc_conn_pool_size"] %>
|
||||
|
||||
# Seconds to wait for a response from call or multicall
|
||||
# (integer value)
|
||||
rpc_response_timeout=<%= node["openstack"]["orchestration"]["rpc_response_timeout"] %>
|
||||
|
||||
# Seconds to wait before a cast expires (TTL). Only supported
|
||||
# by impl_zmq. (integer value)
|
||||
#rpc_cast_timeout=30
|
||||
|
||||
# Modules of exceptions that are permitted to be recreatedupon
|
||||
# receiving exception data from an rpc call. (list value)
|
||||
#allowed_rpc_exception_modules=heat.openstack.common.exception,heat.common.exception,nova.exception,cinder.exception,exceptions
|
||||
|
||||
# If passed, use a fake RabbitMQ provider (boolean value)
|
||||
#fake_rabbit=false
|
||||
|
||||
# AMQP exchange to connect to if using RabbitMQ or Qpid
|
||||
# (string value)
|
||||
#control_exchange=openstack
|
||||
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.rpc.amqp
|
||||
#
|
||||
|
||||
# Use durable queues in amqp. (boolean value)
|
||||
#amqp_durable_queues=false
|
||||
|
||||
# Auto-delete queues in amqp. (boolean value)
|
||||
#amqp_auto_delete=false
|
||||
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.rpc.impl_kombu
|
||||
#
|
||||
|
||||
# SSL version to use (valid only if SSL enabled). valid values
|
||||
# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some
|
||||
# distributions (string value)
|
||||
#kombu_ssl_version=
|
||||
|
||||
# SSL key file (valid only if SSL enabled) (string value)
|
||||
#kombu_ssl_keyfile=
|
||||
|
||||
# SSL cert file (valid only if SSL enabled) (string value)
|
||||
#kombu_ssl_certfile=
|
||||
|
||||
# SSL certification authority file (valid only if SSL enabled)
|
||||
# (string value)
|
||||
#kombu_ssl_ca_certs=
|
||||
<% if node["openstack"]["orchestration"]["mq"]["service_type"] == "rabbitmq" %>
|
||||
<% if node["openstack"]["orchestration"]["rabbit"]["ha"] -%>
|
||||
rabbit_hosts=<%= @rabbit_hosts %>
|
||||
#### (ListOpt) RabbitMQ HA cluster host:port pairs
|
||||
|
||||
# rabbit_durable_queues=false
|
||||
#### (BoolOpt) use durable queues in RabbitMQ
|
||||
|
||||
rabbit_ha_queues=True
|
||||
#### (BoolOpt) use H/A queues in RabbitMQ (x-ha-policy: all).You need to
|
||||
#### wipe RabbitMQ database when changing this option.
|
||||
<% else -%>
|
||||
rabbit_host=<%= node["openstack"]["orchestration"]["rabbit"]["host"] %>
|
||||
#### (StrOpt) The RabbitMQ broker address where a single node is used
|
||||
|
||||
rabbit_port=<%= node["openstack"]["orchestration"]["rabbit"]["port"] %>
|
||||
#### (IntOpt) The RabbitMQ broker port where a single node is used
|
||||
<% end -%>
|
||||
|
||||
# connect over SSL for RabbitMQ (boolean value)
|
||||
#rabbit_use_ssl=false
|
||||
|
||||
rabbit_userid=<%= node["openstack"]["orchestration"]["rabbit"]["username"] %>
|
||||
#### (StrOpt) the RabbitMQ userid
|
||||
|
||||
rabbit_password=<%= @rabbit_password %>
|
||||
#### (StrOpt) the RabbitMQ password
|
||||
|
||||
rabbit_virtual_host=<%= node["openstack"]["orchestration"]["rabbit"]["vhost"] %>
|
||||
#### (StrOpt) the RabbitMQ virtual host
|
||||
|
||||
# how frequently to retry connecting with RabbitMQ (integer
|
||||
# value)
|
||||
#rabbit_retry_interval=1
|
||||
|
||||
# how long to backoff for between retries when connecting to
|
||||
# RabbitMQ (integer value)
|
||||
#rabbit_retry_backoff=2
|
||||
|
||||
# maximum retries with trying to connect to RabbitMQ (the
|
||||
# default of 0 implies an infinite retry count) (integer
|
||||
# value)
|
||||
#rabbit_max_retries=0
|
||||
|
||||
# use H/A queues in RabbitMQ (x-ha-policy: all).You need to
|
||||
# wipe RabbitMQ database when changing this option. (boolean
|
||||
# value)
|
||||
#rabbit_ha_queues=false
|
||||
<% end -%>
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.rpc.impl_qpid
|
||||
#
|
||||
<% if node["openstack"]["orchestration"]["mq"]["service_type"] == "qpid" %>
|
||||
|
||||
rpc_backend=heat.openstack.common.rpc.impl_qpid
|
||||
|
||||
# Qpid broker hostname (string value)
|
||||
qpid_hostname=<%= node["openstack"]["orchestration"]["mq"]["qpid"]["host"] %>
|
||||
|
||||
# Qpid broker port (integer value)
|
||||
qpid_port=<%= node["openstack"]["orchestration"]["mq"]["qpid"]["port"] %>
|
||||
|
||||
# Qpid HA cluster host:port pairs (list value)
|
||||
#qpid_hosts=$qpid_hostname:$qpid_port
|
||||
|
||||
# Username for qpid connection (string value)
|
||||
qpid_username=<%= node["openstack"]["orchestration"]["mq"]["qpid"]["username"] %>
|
||||
|
||||
# Password for qpid connection (string value)
|
||||
qpid_password=<%= node["openstack"]["orchestration"]["mq"]["qpid"]["password"] %>
|
||||
|
||||
# Space separated list of SASL mechanisms to use for auth
|
||||
# (string value)
|
||||
qpid_sasl_mechanisms=<%= node["openstack"]["orchestration"]["mq"]["qpid"]["sasl_mechanisms"] %>
|
||||
|
||||
# Seconds between connection keepalive heartbeats (integer
|
||||
# value)
|
||||
qpid_heartbeat=<%= node["openstack"]["orchestration"]["mq"]["qpid"]["heartbeat"] %>
|
||||
|
||||
# Transport to use, either 'tcp' or 'ssl' (string value)
|
||||
qpid_protocol=<%= node["openstack"]["orchestration"]["mq"]["qpid"]["protocol"] %>
|
||||
|
||||
# Disable Nagle algorithm (boolean value)
|
||||
qpid_tcp_nodelay=<%= node["openstack"]["orchestration"]["mq"]["qpid"]["tcp_nodelay"] %>
|
||||
|
||||
# The qpid topology version to use. Version 1 is what was
|
||||
# originally used by impl_qpid. Version 2 includes some
|
||||
# backwards-incompatible changes that allow broker federation
|
||||
# to work. Users should update to version 2 when they are
|
||||
# able to take everything down, as it requires a clean break.
|
||||
# (integer value)
|
||||
#qpid_topology_version=1
|
||||
|
||||
qpid_reconnect_timeout=<%= node["openstack"]["orchestration"]["mq"]["qpid"]["reconnect_timeout"] %>
|
||||
qpid_reconnect_limit=<%= node["openstack"]["orchestration"]["mq"]["qpid"]["reconnect_limit"] %>
|
||||
qpid_reconnect_interval_min=<%= node["openstack"]["orchestration"]["mq"]["qpid"]["reconnect_interval_min"] %>
|
||||
qpid_reconnect_interval_max=<%= node["openstack"]["orchestration"]["mq"]["qpid"]["reconnect_interval_max"] %>
|
||||
qpid_reconnect_interval=<%= node["openstack"]["orchestration"]["mq"]["qpid"]["reconnect_interval"] %>
|
||||
<% end -%>
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.rpc.impl_zmq
|
||||
#
|
||||
|
||||
# ZeroMQ bind address. Should be a wildcard (*), an ethernet
|
||||
# interface, or IP. The "host" option should point or resolve
|
||||
# to this address. (string value)
|
||||
#rpc_zmq_bind_address=*
|
||||
|
||||
# MatchMaker driver (string value)
|
||||
#rpc_zmq_matchmaker=heat.openstack.common.rpc.matchmaker.MatchMakerLocalhost
|
||||
|
||||
# ZeroMQ receiver listening port (integer value)
|
||||
#rpc_zmq_port=9501
|
||||
|
||||
# Number of ZeroMQ contexts, defaults to 1 (integer value)
|
||||
#rpc_zmq_contexts=1
|
||||
|
||||
# Maximum number of ingress messages to locally buffer per
|
||||
# topic. Default is unlimited. (integer value)
|
||||
#rpc_zmq_topic_backlog=<None>
|
||||
|
||||
# Directory for holding IPC sockets (string value)
|
||||
#rpc_zmq_ipc_dir=/var/run/openstack
|
||||
|
||||
# Name of this node. Must be a valid hostname, FQDN, or IP
|
||||
# address. Must match "host" option, if running Nova. (string
|
||||
# value)
|
||||
#rpc_zmq_host=heat
|
||||
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.rpc.matchmaker
|
||||
#
|
||||
|
||||
# Heartbeat frequency (integer value)
|
||||
#matchmaker_heartbeat_freq=300
|
||||
|
||||
# Heartbeat time-to-live. (integer value)
|
||||
#matchmaker_heartbeat_ttl=600
|
||||
|
||||
|
||||
[ssl]
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.sslutils
|
||||
#
|
||||
|
||||
# CA certificate file to use to verify connecting clients
|
||||
# (string value)
|
||||
#ca_file=<None>
|
||||
|
||||
# Certificate file to use when starting the server securely
|
||||
# (string value)
|
||||
#cert_file=<None>
|
||||
|
||||
# Private key file to use when starting the server securely
|
||||
# (string value)
|
||||
#key_file=<None>
|
||||
|
||||
|
||||
[database]
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.db.api
|
||||
#
|
||||
|
||||
# The backend to use for db (string value)
|
||||
#backend=sqlalchemy
|
||||
|
||||
# Enable the experimental use of thread pooling for all DB API
|
||||
# calls (boolean value)
|
||||
#use_tpool=false
|
||||
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.db.sqlalchemy.session
|
||||
#
|
||||
|
||||
# The SQLAlchemy connection string used to connect to the
|
||||
# database (string value)
|
||||
#connection=sqlite:////heat/openstack/common/db/$sqlite_db
|
||||
|
||||
# The SQLAlchemy connection string used to connect to the
|
||||
# slave database (string value)
|
||||
#slave_connection=
|
||||
|
||||
# timeout before idle sql connections are reaped (integer
|
||||
# value)
|
||||
#idle_timeout=3600
|
||||
|
||||
# Minimum number of SQL connections to keep open in a pool
|
||||
# (integer value)
|
||||
#min_pool_size=1
|
||||
|
||||
# Maximum number of SQL connections to keep open in a pool
|
||||
# (integer value)
|
||||
#max_pool_size=<None>
|
||||
|
||||
# maximum db connection retries during startup. (setting -1
|
||||
# implies an infinite retry count) (integer value)
|
||||
#max_retries=10
|
||||
|
||||
# interval between retries of opening a sql connection
|
||||
# (integer value)
|
||||
#retry_interval=10
|
||||
|
||||
# If set, use this value for max_overflow with sqlalchemy
|
||||
# (integer value)
|
||||
#max_overflow=<None>
|
||||
|
||||
# Verbosity of SQL debugging information. 0=None,
|
||||
# 100=Everything (integer value)
|
||||
#connection_debug=0
|
||||
|
||||
# Add python stack traces to SQL as comment strings (boolean
|
||||
# value)
|
||||
#connection_trace=false
|
||||
|
||||
# If set, use this value for pool_timeout with sqlalchemy
|
||||
# (integer value)
|
||||
#pool_timeout=<None>
|
||||
|
||||
|
||||
[paste_deploy]
|
||||
|
||||
#
|
||||
# Options defined in heat.common.config
|
||||
#
|
||||
|
||||
# The flavor to use (string value)
|
||||
#flavor=<None>
|
||||
|
||||
# The API paste config file to use (string value)
|
||||
#api_paste_config=api-paste.ini
|
||||
|
||||
|
||||
[rpc_notifier2]
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.notifier.rpc_notifier2
|
||||
#
|
||||
|
||||
# AMQP topic(s) used for openstack notifications (list value)
|
||||
#topics=notifications
|
||||
|
||||
|
||||
[ec2authtoken]
|
||||
|
||||
#
|
||||
# Options defined in heat.api.aws.ec2token
|
||||
#
|
||||
|
||||
# Authentication Endpoint URI (string value)
|
||||
#auth_uri=<None>
|
||||
|
||||
# Allow orchestration of multiple clouds (boolean value)
|
||||
#multi_cloud=false
|
||||
|
||||
# Allowed keystone endpoints for auth_uri when multi_cloud is
|
||||
# enabled. At least one endpoint needs to be specified. (list
|
||||
# value)
|
||||
#allowed_auth_uris=
|
||||
|
||||
|
||||
[heat_api_cloudwatch]
|
||||
#
|
||||
# Options defined in heat.common.wsgi
|
||||
#
|
||||
|
||||
# Address to bind the server. Useful when selecting a
|
||||
# particular network interface. (string value)
|
||||
bind_host=<%= @heat_api_cloudwatch_endpoint.host %>
|
||||
|
||||
# The port on which the server will listen. (integer value)
|
||||
bind_port=<%= @heat_api_cloudwatch_endpoint.port %>
|
||||
|
||||
# Number of backlog requests to configure the socket with
|
||||
# (integer value)
|
||||
#backlog=4096
|
||||
|
||||
# Location of the SSL Certificate File to use for SSL mode
|
||||
# (string value)
|
||||
#cert_file=<None>
|
||||
|
||||
# Location of the SSL Key File to use for enabling SSL mode
|
||||
# (string value)
|
||||
#key_file=<None>
|
||||
|
||||
# Number of workers for Heat service (integer value)
|
||||
#workers=0
|
||||
|
||||
|
||||
[heat_api]
|
||||
#
|
||||
# Options defined in heat.common.wsgi
|
||||
#
|
||||
|
||||
# Address to bind the server. Useful when selecting a
|
||||
# particular network interface. (string value)
|
||||
bind_host=<%= @heat_api_endpoint.host %>
|
||||
|
||||
# The port on which the server will listen. (integer value)
|
||||
bind_port=<%= @heat_api_endpoint.port %>
|
||||
|
||||
# Number of backlog requests to configure the socket with
|
||||
# (integer value)
|
||||
#backlog=4096
|
||||
|
||||
# Location of the SSL Certificate File to use for SSL mode
|
||||
# (string value)
|
||||
#cert_file=<None>
|
||||
|
||||
# Location of the SSL Key File to use for enabling SSL mode
|
||||
# (string value)
|
||||
#key_file=<None>
|
||||
|
||||
# Number of workers for Heat service (integer value)
|
||||
#workers=0
|
||||
|
||||
|
||||
[heat_api_cfn]
|
||||
#
|
||||
# Options defined in heat.common.wsgi
|
||||
#
|
||||
|
||||
# Address to bind the server. Useful when selecting a
|
||||
# particular network interface. (string value)
|
||||
bind_host=<%= @heat_api_cfn_endpoint.host %>
|
||||
|
||||
# The port on which the server will listen. (integer value)
|
||||
bind_port=<%= @heat_api_cfn_endpoint.port %>
|
||||
|
||||
# Number of backlog requests to configure the socket with
|
||||
# (integer value)
|
||||
#backlog=4096
|
||||
|
||||
# Location of the SSL Certificate File to use for SSL mode
|
||||
# (string value)
|
||||
#cert_file=<None>
|
||||
|
||||
# Location of the SSL Key File to use for enabling SSL mode
|
||||
# (string value)
|
||||
#key_file=<None>
|
||||
|
||||
# Number of workers for Heat service (integer value)
|
||||
#workers=0
|
||||
|
||||
|
||||
[keystone_authtoken]
|
||||
#
|
||||
# Options defined in keystoneclient.middleware.auth_token
|
||||
#
|
||||
|
||||
# Prefix to prepend at the beginning of the path (string
|
||||
# value)
|
||||
#auth_admin_prefix=
|
||||
|
||||
# Host providing the admin Identity API endpoint (string
|
||||
# value)
|
||||
auth_host=<%= @identity_admin_endpoint.host %>
|
||||
|
||||
# Port of the admin Identity API endpoint (integer value)
|
||||
auth_port=<%= @identity_admin_endpoint.port %>
|
||||
|
||||
# Protocol of the admin Identity API endpoint(http or https)
|
||||
# (string value)
|
||||
auth_protocol=<%= @identity_admin_endpoint.scheme %>
|
||||
|
||||
# Complete public Identity API endpoint (string value)
|
||||
auth_uri=<%= @auth_uri %>
|
||||
|
||||
# API version of the admin Identity API endpoint (string
|
||||
# value)
|
||||
auth_version=<%= node["openstack"]["orchestration"]["api"]["auth"]["version"] %>
|
||||
|
||||
# Do not handle authorization requests within the middleware,
|
||||
# but delegate the authorization decision to downstream WSGI
|
||||
# components (boolean value)
|
||||
#delay_auth_decision=false
|
||||
|
||||
# Request timeout value for communicating with Identity API
|
||||
# server. (boolean value)
|
||||
#http_connect_timeout=<None>
|
||||
|
||||
# How many times are we trying to reconnect when communicating
|
||||
# with Identity API Server. (integer value)
|
||||
#http_request_max_retries=3
|
||||
|
||||
# Allows to pass in the name of a fake http_handler callback
|
||||
# function used instead of httplib.HTTPConnection or
|
||||
# httplib.HTTPSConnection. Useful for unit testing where
|
||||
# network is not available. (string value)
|
||||
#http_handler=<None>
|
||||
|
||||
# Single shared secret with the Keystone configuration used
|
||||
# for bootstrapping a Keystone installation, or otherwise
|
||||
# bypassing the normal authentication process. (string value)
|
||||
#admin_token=<None>
|
||||
|
||||
# Keystone account username (string value)
|
||||
admin_user=<%= node["openstack"]["orchestration"]["service_user"] %>
|
||||
|
||||
# Keystone account password (string value)
|
||||
admin_password=<%= @service_pass %>
|
||||
|
||||
# Keystone service account tenant name to validate user tokens
|
||||
# (string value)
|
||||
admin_tenant_name=<%= node["openstack"]["orchestration"]["service_tenant_name"] %>
|
||||
|
||||
# Env key for the swift cache (string value)
|
||||
#cache=<None>
|
||||
|
||||
# Required if Keystone server requires client certificate
|
||||
# (string value)
|
||||
#certfile=<None>
|
||||
|
||||
# Required if Keystone server requires client certificate
|
||||
# (string value)
|
||||
#keyfile=<None>
|
||||
|
||||
# A PEM encoded Certificate Authority to use when verifying
|
||||
# HTTPs connections. Defaults to system CAs. (string value)
|
||||
#cafile=<None>
|
||||
|
||||
# Verify HTTPS connections. (boolean value)
|
||||
#insecure=false
|
||||
|
||||
# Directory used to cache files related to PKI tokens (string
|
||||
# value)
|
||||
signing_dir=<%= node["openstack"]["orchestration"]["api"]["auth"]["cache_dir"] %>
|
||||
|
||||
# If defined, the memcache server(s) to use for caching (list
|
||||
# value)
|
||||
#memcached_servers=<None>
|
||||
|
||||
# In order to prevent excessive requests and validations, the
|
||||
# middleware uses an in-memory cache for the tokens the
|
||||
# Keystone API returns. This is only valid if memcache_servers
|
||||
# is defined. Set to -1 to disable caching completely.
|
||||
# (integer value)
|
||||
#token_cache_time=300
|
||||
|
||||
# Value only used for unit testing (integer value)
|
||||
#revocation_cache_time=1
|
||||
|
||||
# (optional) if defined, indicate whether token data should be
|
||||
# authenticated or authenticated and encrypted. Acceptable
|
||||
# values are MAC or ENCRYPT. If MAC, token data is
|
||||
# authenticated (with HMAC) in the cache. If ENCRYPT, token
|
||||
# data is encrypted and authenticated in the cache. If the
|
||||
# value is not one of these options or empty, auth_token will
|
||||
# raise an exception on initialization. (string value)
|
||||
#memcache_security_strategy=<None>
|
||||
|
||||
# (optional, mandatory if memcache_security_strategy is
|
||||
# defined) this string is used for key derivation. (string
|
||||
# value)
|
||||
#memcache_secret_key=<None>
|
||||
|
||||
|
||||
[auth_password]
|
||||
|
||||
#
|
||||
# Options defined in heat.common.config
|
||||
#
|
||||
|
||||
# Allow orchestration of multiple clouds (boolean value)
|
||||
#multi_cloud=false
|
||||
|
||||
# Allowed keystone endpoints for auth_uri when multi_cloud is
|
||||
# enabled. At least one endpoint needs to be specified. (list
|
||||
# value)
|
||||
#allowed_auth_uris=
|
||||
|
||||
|
||||
[matchmaker_ring]
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.rpc.matchmaker_ring
|
||||
#
|
||||
|
||||
# Matchmaker ring file (JSON) (string value)
|
||||
#ringfile=/etc/oslo/matchmaker_ring.json
|
||||
|
||||
|
||||
[matchmaker_redis]
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.rpc.matchmaker_redis
|
||||
#
|
||||
|
||||
# Host to locate redis (string value)
|
||||
#host=127.0.0.1
|
||||
|
||||
# Use this port to connect to redis host. (integer value)
|
||||
#port=6379
|
||||
|
||||
# Password for Redis server. (optional) (string value)
|
||||
#password=<None>
|
||||
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
<%= node["openstack"]["orchestration"]["custom_template_banner"] %>
|
||||
|
||||
{
|
||||
"deny_stack_user": "not role:heat_stack_user",
|
||||
"cloudformation:ListStacks": "rule:deny_stack_user",
|
||||
"cloudformation:CreateStack": "rule:deny_stack_user",
|
||||
"cloudformation:DescribeStacks": "rule:deny_stack_user",
|
||||
"cloudformation:DeleteStack": "rule:deny_stack_user",
|
||||
"cloudformation:UpdateStack": "rule:deny_stack_user",
|
||||
"cloudformation:DescribeStackEvents": "rule:deny_stack_user",
|
||||
"cloudformation:ValidateTemplate": "rule:deny_stack_user",
|
||||
"cloudformation:GetTemplate": "rule:deny_stack_user",
|
||||
"cloudformation:EstimateTemplateCost": "rule:deny_stack_user",
|
||||
"cloudformation:DescribeStackResource": "",
|
||||
"cloudformation:DescribeStackResources": "rule:deny_stack_user",
|
||||
"cloudformation:ListStackResources": "rule:deny_stack_user",
|
||||
|
||||
"cloudwatch:DeleteAlarms": "rule:deny_stack_user",
|
||||
"cloudwatch:DescribeAlarmHistory": "rule:deny_stack_user",
|
||||
"cloudwatch:DescribeAlarms": "rule:deny_stack_user",
|
||||
"cloudwatch:DescribeAlarmsForMetric": "rule:deny_stack_user",
|
||||
"cloudwatch:DisableAlarmActions": "rule:deny_stack_user",
|
||||
"cloudwatch:EnableAlarmActions": "rule:deny_stack_user",
|
||||
"cloudwatch:GetMetricStatistics": "rule:deny_stack_user",
|
||||
"cloudwatch:ListMetrics": "rule:deny_stack_user",
|
||||
"cloudwatch:PutMetricAlarm": "rule:deny_stack_user",
|
||||
"cloudwatch:PutMetricData": "",
|
||||
"cloudwatch:SetAlarmState": "rule:deny_stack_user"
|
||||
}
|
Loading…
Reference in New Issue