diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-09-02 08:53:30 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-09-02 08:53:30 +0000 |
commit | 79bd4a5c576829470ee0605551cee89233732021 (patch) | |
tree | 63712bbd86c933e4857309d5117befa31630314d /environments/ssl/enable-internal-tls.yaml | |
parent | 878d236f7bd1aaa214acd37a74477c109ba756f2 (diff) | |
parent | ca4b08bb6df610f7eea6e40e9e0ca445091369fa (diff) |
Merge "Convert enable-internal-tls.yaml to be generated" into stable/pike
Diffstat (limited to 'environments/ssl/enable-internal-tls.yaml')
-rw-r--r-- | environments/ssl/enable-internal-tls.yaml | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/environments/ssl/enable-internal-tls.yaml b/environments/ssl/enable-internal-tls.yaml new file mode 100644 index 00000000..287ed19f --- /dev/null +++ b/environments/ssl/enable-internal-tls.yaml @@ -0,0 +1,36 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Enable SSL on OpenStack Internal Endpoints +# description: | +# A Heat environment file which can be used to enable TLS for the internal +# network via certmonger +parameter_defaults: + # ****************************************************** + # Static parameters - these are values that must be + # included in the environment but should not be changed. + # ****************************************************** + # + # Type: boolean + EnableInternalTLS: True + + # Rabbit client subscriber parameter to specify an SSL connection to the RabbitMQ host. + # Type: string + RabbitClientUseSSL: True + + # Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API. + # Type: json + ServerMetadata: + ipa_enroll: True + + # ********************* + # End static parameters + # ********************* +resource_registry: + OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml + OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml + OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml + OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml |