summaryrefslogtreecommitdiffstats
path: root/environments/ssl/enable-internal-tls.yaml
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-09-02 08:53:30 +0000
committerGerrit Code Review <review@openstack.org>2017-09-02 08:53:30 +0000
commit79bd4a5c576829470ee0605551cee89233732021 (patch)
tree63712bbd86c933e4857309d5117befa31630314d /environments/ssl/enable-internal-tls.yaml
parent878d236f7bd1aaa214acd37a74477c109ba756f2 (diff)
parentca4b08bb6df610f7eea6e40e9e0ca445091369fa (diff)
Merge "Convert enable-internal-tls.yaml to be generated" into stable/pike
Diffstat (limited to 'environments/ssl/enable-internal-tls.yaml')
-rw-r--r--environments/ssl/enable-internal-tls.yaml36
1 files changed, 36 insertions, 0 deletions
diff --git a/environments/ssl/enable-internal-tls.yaml b/environments/ssl/enable-internal-tls.yaml
new file mode 100644
index 00000000..287ed19f
--- /dev/null
+++ b/environments/ssl/enable-internal-tls.yaml
@@ -0,0 +1,36 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Enable SSL on OpenStack Internal Endpoints
+# description: |
+# A Heat environment file which can be used to enable TLS for the internal
+# network via certmonger
+parameter_defaults:
+ # ******************************************************
+ # Static parameters - these are values that must be
+ # included in the environment but should not be changed.
+ # ******************************************************
+ #
+ # Type: boolean
+ EnableInternalTLS: True
+
+ # Rabbit client subscriber parameter to specify an SSL connection to the RabbitMQ host.
+ # Type: string
+ RabbitClientUseSSL: True
+
+ # Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API.
+ # Type: json
+ ServerMetadata:
+ ipa_enroll: True
+
+ # *********************
+ # End static parameters
+ # *********************
+resource_registry:
+ OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml
+ OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml
+ OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml
+ OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml