diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2015-12-29 06:34:27 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2015-12-29 06:34:27 +0000 |
| commit | d85635ba68e201c3ec5e42b4828e2f4291b8f080 (patch) | |
| tree | e6c1b2142fade0b0fc407a214dae16ef3d01a9f0 | |
| parent | 0f42bc25289d010ff829a1af5fcdcf31d5dac248 (diff) | |
| parent | ddc0d78dec04d0d2f4c1b5c7a6087321565b6f4a (diff) | |
Merge "Enable TLS in loadbalancer if cert path is detected"
| -rw-r--r-- | environments/enable-tls.yaml | 32 | ||||
| -rw-r--r-- | puppet/controller.yaml | 7 |
2 files changed, 33 insertions, 6 deletions
diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml index 5c2506e9..bc4d1bef 100644 --- a/environments/enable-tls.yaml +++ b/environments/enable-tls.yaml @@ -4,6 +4,38 @@ parameter_defaults: SSLIntermediateCertificate: '' SSLKey: | The contents of the private key go here + EndpointMap: + CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} + CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} + GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} + GlanceRegistryAdmin: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'} + GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'} + GlanceRegistryPublic: {protocol: 'https', port: '9191', host: 'IP_ADDRESS'} # Not set on the loadbalancer yet. + HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} + HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} + KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} + KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} + KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} + NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} + NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} + NovaEC2Admin: {protocol: 'http', port: '8773', host: 'IP_ADDRESS'} + NovaEC2Internal: {protocol: 'http', port: '8773', host: 'IP_ADDRESS'} + NovaEC2Public: {protocol: 'https', port: '13773', host: 'CLOUDNAME'} + SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} resource_registry: OS::TripleO::NodeTLSData: ../puppet/extraconfig/tls/tls-cert-inject.yaml diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 8f5fc116..4ec62762 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -1437,12 +1437,7 @@ resources: tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface} tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface} tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address} - # NOTE(jaosorior): The service certificate configuration for - # HAProxy was left commented because to properly use this, we - # need to be able to set up the keystone endpoints. And - # currently that is not possible, but is being addressed by - # other commits. A subsequent commit will uncomment this. - #tripleo::loadbalancer::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} + tripleo::loadbalancer::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} |