Puppet Class: profile::openstack::base::puppetmaster::encapi

Defined in:
modules/profile/manifests/openstack/base/puppetmaster/encapi.pp

Overview

Parameters:

  • encapi_db_host (Stdlib::Host) (defaults to: lookup('profile::openstack::base::puppetmaster::encapi::encapi_db_host'))
  • encapi_db_name (String) (defaults to: lookup('profile::openstack::base::puppetmaster::encapi::encapi_db_name'))
  • encapi_db_user (String) (defaults to: lookup('profile::openstack::base::puppetmaster::encapi::encapi_db_user'))
  • encapi_db_pass (String) (defaults to: lookup('profile::openstack::base::puppetmaster::encapi::encapi_db_pass'))
  • acme_certname (String) (defaults to: lookup('profile::openstack::base::puppetmaster::encapi::acme_certname'))
  • keystone_api_protocol (Enum['http', 'https']) (defaults to: lookup('profile::openstack::base::keystone::auth_protocol'))
  • keystone_api_port (Stdlib::Port) (defaults to: lookup('profile::openstack::base::keystone::public_port'))
  • keystone_api_fqdn (Stdlib::Fqdn) (defaults to: lookup('profile::openstack::base::keystone_api_fqdn'))
  • token_validator_username (String[1]) (defaults to: lookup('profile::openstack::base::puppetmaster::encapi::token_validator_username'))
  • token_validator_project (String[1]) (defaults to: lookup('profile::openstack::base::puppetmaster::encapi::token_validator_project'))
  • token_validator_password (String[1]) (defaults to: lookup('profile::openstack::base::puppetmaster::encapi::token_validator_password'))
  • openstack_controllers (Array[Stdlib::Fqdn]) (defaults to: lookup('profile::openstack::base::puppetmaster::encapi::openstack_controllers'))
  • designate_hosts (Array[Stdlib::Fqdn]) (defaults to: lookup('profile::openstack::base::puppetmaster::encapi::designate_hosts'))
  • labweb_hosts (Array[Stdlib::Fqdn]) (defaults to: lookup('profile::openstack::base::labweb_hosts'))


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# File 'modules/profile/manifests/openstack/base/puppetmaster/encapi.pp', line 1

class profile::openstack::base::puppetmaster::encapi (
    Stdlib::Host $encapi_db_host = lookup('profile::openstack::base::puppetmaster::encapi::encapi_db_host'),
    String $encapi_db_name = lookup('profile::openstack::base::puppetmaster::encapi::encapi_db_name'),
    String $encapi_db_user = lookup('profile::openstack::base::puppetmaster::encapi::encapi_db_user'),
    String $encapi_db_pass = lookup('profile::openstack::base::puppetmaster::encapi::encapi_db_pass'),
    String $acme_certname = lookup('profile::openstack::base::puppetmaster::encapi::acme_certname'),
    Enum['http', 'https'] $keystone_api_protocol = lookup('profile::openstack::base::keystone::auth_protocol'),
    Stdlib::Port $keystone_api_port = lookup('profile::openstack::base::keystone::public_port'),
    Stdlib::Fqdn $keystone_api_fqdn = lookup('profile::openstack::base::keystone_api_fqdn'),
    String[1] $token_validator_username = lookup('profile::openstack::base::puppetmaster::encapi::token_validator_username'),
    String[1] $token_validator_project = lookup('profile::openstack::base::puppetmaster::encapi::token_validator_project'),
    String[1] $token_validator_password = lookup('profile::openstack::base::puppetmaster::encapi::token_validator_password'),
    Array[Stdlib::Fqdn] $openstack_controllers = lookup('profile::openstack::base::puppetmaster::encapi::openstack_controllers'),
    Array[Stdlib::Fqdn] $designate_hosts = lookup('profile::openstack::base::puppetmaster::encapi::designate_hosts'),
    Array[Stdlib::Fqdn] $labweb_hosts = lookup('profile::openstack::base::labweb_hosts'),
) {
    include ::network::constants

    # needed by ssl_ciphersuite('nginx', 'strong') inside the encapi class
    class { '::sslcert::dhparam': }

    class { '::openstack::puppet::master::encapi':
        mysql_host               => $encapi_db_host,
        mysql_db                 => $encapi_db_name,
        mysql_username           => $encapi_db_user,
        mysql_password           => $encapi_db_pass,
        acme_certname            => $acme_certname,
        keystone_api_url         => "${keystone_api_protocol}://${keystone_api_fqdn}:${keystone_api_port}",
        token_validator_username => $token_validator_username,
        token_validator_password => $token_validator_password,
        token_validator_project  => $token_validator_project,
        labweb_hosts             => $labweb_hosts,
        openstack_controllers    => $openstack_controllers,
        designate_hosts          => $designate_hosts,
        labs_instance_ranges     => $::network::constants::labs_networks,
    }

    ferm::service { 'enc-writes':
        proto  => 'tcp',
        port   => '(443 8101)',
        srange => "@resolve((${designate_hosts.join(' ')} ${openstack_controllers.join(' ')} ${labweb_hosts.join(' ')}))",
    }

    ferm::service { 'enc-reads':
        proto  => 'tcp',
        port   => '(8100 8143)',
        srange => '$LABS_NETWORKS',
    }
}