summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-01-18 01:02:35 +0200
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-01-25 22:54:34 +0200
commitc6b6466f079097271072c35720462eb6a7414de7 (patch)
tree3031fedf4db57471eb7df0fbfae4e050f6847c90
parent7dbd771a35e06bf1601e10c5d92e4b18955ce958 (diff)
Add novajoin entries to the TLS-everywhere environment file
These metadata settings (the hardcoded metadata and the hook override) are used by the novajoin service when it's deployed in the undercloud, and will tell it to enroll the overcloud nodes and the services that are specified by the metadata hook. bp novajoin bp tls-via-certmonger Change-Id: Ia4645cc356688b7bcf82ed7765c0b74d53d64ed1
-rw-r--r--environments/enable-internal-tls.yaml9
1 files changed, 9 insertions, 0 deletions
diff --git a/environments/enable-internal-tls.yaml b/environments/enable-internal-tls.yaml
index d2fc59c6..ff4ecfbe 100644
--- a/environments/enable-internal-tls.yaml
+++ b/environments/enable-internal-tls.yaml
@@ -2,9 +2,18 @@
# a TLS for in the internal network via certmonger
parameter_defaults:
EnableInternalTLS: true
+
+ # Required for novajoin to enroll the overcloud nodes
+ ServerMetadata:
+ ipa_enroll: True
+
resource_registry:
OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml
OS::TripleO::Services::ApacheTLS: ../puppet/services/apache-internal-tls-certmonger.yaml
OS::TripleO::Services::MySQLTLS: ../puppet/services/database/mysql-internal-tls-certmonger.yaml
# We use apache as a TLS proxy
OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml
+
+ # Creates nova metadata that will create the extra service principals per
+ # node.
+ OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml