openstack/kolla-ansible
Code Issues Proposed changes
ac9c74bda9
kolla-ansible/ansible/roles/heat/defaults/main.yml
James Kirsch ff84292269 Add support for encrypting heat api 
This patch introduces an optional backend encryption for Heat
service. When used in conjunction with enabling TLS for service API
endpoints, network communcation will be encrypted end to end, from
client through HAProxy to the Heat service.

Change-Id: Ic12f7574135dcaed2a462e902c775a55176ff03b
Partially-Implements: blueprint add-ssl-internal-network
Depends-On: https://review.opendev.org/722028/
2020-04-24 12:23:48 +01:00

185 lines
7.4 KiB
YAML
Raw Blame History

---
project_name: "heat"
heat_services:
heat-api:
container_name: heat_api
group: heat-api
enabled: true
image: "{{ heat_api_image_full }}"
volumes: "{{ heat_api_default_volumes + heat_api_extra_volumes }}"
dimensions: "{{ heat_api_dimensions }}"
haproxy:
heat_api:
enabled: "{{ enable_heat }}"
mode: "http"
external: false
port: "{{ heat_api_port }}"
listen_port: "{{ heat_api_listen_port }}"
tls_backend: "{{ heat_enable_tls_backend }}"
heat_api_external:
enabled: "{{ enable_heat }}"
mode: "http"
external: true
port: "{{ heat_api_port }}"
listen_port: "{{ heat_api_listen_port }}"
tls_backend: "{{ heat_enable_tls_backend }}"
heat-api-cfn:
container_name: heat_api_cfn
group: heat-api-cfn
enabled: true
image: "{{ heat_api_cfn_image_full }}"
volumes: "{{ heat_api_cfn_default_volumes + heat_api_cfn_extra_volumes }}"
dimensions: "{{ heat_api_cfn_dimensions }}"
haproxy:
heat_api_cfn:
enabled: "{{ enable_heat }}"
mode: "http"
external: false
port: "{{ heat_api_cfn_port }}"
listen_port: "{{ heat_api_cfn_listen_port }}"
tls_backend: "{{ heat_enable_tls_backend }}"
heat_api_cfn_external:
enabled: "{{ enable_heat }}"
mode: "http"
external: true
port: "{{ heat_api_cfn_port }}"
listen_port: "{{ heat_api_cfn_listen_port }}"
tls_backend: "{{ heat_enable_tls_backend }}"
heat-engine:
container_name: heat_engine
group: heat-engine
enabled: true
image: "{{ heat_engine_image_full }}"
volumes: "{{ heat_engine_default_volumes + heat_engine_extra_volumes }}"
dimensions: "{{ heat_engine_dimensions }}"
####################
# Database
####################
heat_database_name: "heat"
heat_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}heat{% endif %}"
heat_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"
####################
# Docker
####################
heat_install_type: "{{ kolla_install_type }}"
heat_tag: "{{ openstack_tag }}"
heat_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ heat_install_type }}-heat-api"
heat_api_tag: "{{ heat_tag }}"
heat_api_image_full: "{{ heat_api_image }}:{{ heat_api_tag }}"
heat_api_cfn_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ heat_install_type }}-heat-api-cfn"
heat_api_cfn_tag: "{{ heat_tag }}"
heat_api_cfn_image_full: "{{ heat_api_cfn_image }}:{{ heat_api_cfn_tag }}"
heat_engine_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ heat_install_type }}-heat-engine"
heat_engine_tag: "{{ heat_tag }}"
heat_engine_image_full: "{{ heat_engine_image }}:{{ heat_engine_tag }}"
heat_api_dimensions: "{{ default_container_dimensions }}"
heat_api_cfn_dimensions: "{{ default_container_dimensions }}"
heat_engine_dimensions: "{{ default_container_dimensions }}"
heat_api_default_volumes:
- "{{ node_config_directory }}/heat-api/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if kolla_base_distro in ['debian', 'ubuntu'] else '' }}"
- "{{ kolla_dev_repos_directory ~ '/heat/heat:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/heat' if heat_dev_mode | bool else '' }}"
- "kolla_logs:/var/log/kolla/"
heat_api_cfn_default_volumes:
- "{{ node_config_directory }}/heat-api-cfn/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if kolla_base_distro in ['debian', 'ubuntu'] else '' }}"
- "{{ kolla_dev_repos_directory ~ '/heat/heat:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/heat' if heat_dev_mode | bool else '' }}"
- "kolla_logs:/var/log/kolla/"
heat_engine_default_volumes:
- "{{ node_config_directory }}/heat-engine/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if kolla_base_distro in ['debian', 'ubuntu'] else '' }}"
- "{{ kolla_dev_repos_directory ~ '/heat/heat:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/heat' if heat_dev_mode | bool else '' }}"
- "kolla_logs:/var/log/kolla/"
heat_extra_volumes: "{{ default_extra_volumes }}"
heat_api_extra_volumes: "{{ heat_extra_volumes }}"
heat_api_cfn_extra_volumes: "{{ heat_extra_volumes }}"
heat_engine_extra_volumes: "{{ heat_extra_volumes }}"
####################
# OpenStack
####################
heat_admin_endpoint: "{{ admin_protocol }}://{{ heat_internal_fqdn | put_address_in_context('url') }}:{{ heat_api_port }}/v1/%(tenant_id)s"
heat_internal_endpoint: "{{ internal_protocol }}://{{ heat_internal_fqdn | put_address_in_context('url') }}:{{ heat_api_port }}/v1/%(tenant_id)s"
heat_public_endpoint: "{{ public_protocol }}://{{ heat_external_fqdn | put_address_in_context('url') }}:{{ heat_api_port }}/v1/%(tenant_id)s"
heat_cfn_admin_endpoint: "{{ admin_protocol }}://{{ heat_cfn_internal_fqdn | put_address_in_context('url') }}:{{ heat_api_cfn_port }}/v1"
heat_cfn_internal_endpoint: "{{ internal_protocol }}://{{ heat_cfn_internal_fqdn | put_address_in_context('url') }}:{{ heat_api_cfn_port }}/v1"
heat_cfn_public_endpoint: "{{ public_protocol }}://{{ heat_cfn_external_fqdn | put_address_in_context('url') }}:{{ heat_api_cfn_port }}/v1"
heat_logging_debug: "{{ openstack_logging_debug }}"
heat_keystone_user: "heat"
heat_stack_user_role: "heat_stack_user"
heat_stack_owner_role: "heat_stack_owner"
openstack_heat_auth: "{{ openstack_auth }}"
####################
# Kolla
####################
heat_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
heat_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
heat_dev_mode: "{{ kolla_dev_mode }}"
heat_source_version: "{{ kolla_source_version }}"
####################
# Notifications
####################
heat_notification_topics:
- name: notifications
enabled: "{{ enable_ceilometer | bool }}"
heat_enabled_notification_topics: "{{ heat_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Keystone
####################
heat_ks_services:
- name: "heat"
type: "orchestration"
description: "Orchestration"
endpoints:
- {'interface': 'admin', 'url': '{{ heat_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ heat_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ heat_public_endpoint }}'}
- name: "heat-cfn"
type: "cloudformation"
description: "Orchestration"
endpoints:
- {'interface': 'admin', 'url': '{{ heat_cfn_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ heat_cfn_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ heat_cfn_public_endpoint }}'}
heat_ks_users:
- project: "service"
user: "{{ heat_keystone_user }}"
password: "{{ heat_keystone_password }}"
role: "admin"
heat_ks_roles:
- "{{ heat_stack_owner_role }}"
- "{{ heat_stack_user_role }}"
heat_ks_user_roles:
- project: "{{ openstack_auth.project_name }}"
user: "{{ openstack_auth.username }}"
role: "{{ heat_stack_owner_role }}"
####################
# TLS
####################
heat_enable_tls_backend: "{{ kolla_enable_tls_backend }}"
View Git Blame Copy Permalink