diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2017-05-17 17:39:30 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2017-05-17 17:39:30 +0000 |
| commit | 86a355865c8f2eea102601be125cbb58f283f04d (patch) | |
| tree | 8958f7162c9fcab73c99607ce10d279ac6ca5b10 | |
| parent | a482e69d8fd312f817bee75e0ecae968c7fd5ca4 (diff) | |
| parent | a37debd3dfc590f4d4b3a10369a26ad36c4add91 (diff) | |
Merge "docker/internal TLS: spawn extra container for neutron server's TLS proxy"
| -rw-r--r-- | docker/services/neutron-api.yaml | 56 | ||||
| -rw-r--r-- | environments/docker-services-tls-everywhere.yaml | 7 |
2 files changed, 49 insertions, 14 deletions
diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index 9d266b0b..748371d5 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -39,6 +39,13 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -81,6 +88,8 @@ outputs: - path: /var/log/neutron owner: neutron:neutron recurse: true + /var/lib/kolla/config_files/neutron_server_tls_proxy.json: + command: /usr/sbin/httpd -DFOREGROUND docker_config: # db sync runs before permissions set by kolla_config step_3: @@ -113,20 +122,39 @@ outputs: - /var/log/containers/neutron:/var/log/neutron command: ['neutron-db-manage', 'upgrade', 'heads'] step_4: - neutron_api: - image: *neutron_api_image - net: host - privileged: false - restart: always - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro - - /var/log/containers/neutron:/var/log/neutron - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + map_merge: + - neutron_api: + image: *neutron_api_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro + - /var/log/containers/neutron:/var/log/neutron + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - if: + - internal_tls_enabled + - neutron_server_tls_proxy: + image: *neutron_api_image + net: host + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/neutron/etc/httpd/:/etc/httpd/:ro + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - {} host_prep_tasks: - name: create persistent logs directory file: diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml index 33afbc66..e37f2515 100644 --- a/environments/docker-services-tls-everywhere.yaml +++ b/environments/docker-services-tls-everywhere.yaml @@ -12,6 +12,7 @@ resource_registry: OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml + OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::GlanceApi: ../docker/services/glance-api.yaml OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml @@ -20,6 +21,12 @@ resource_registry: OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml + OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml + OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml + OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml + OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml + OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml + OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml |