diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-09-02 08:53:30 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-09-02 08:53:30 +0000 |
commit | 79bd4a5c576829470ee0605551cee89233732021 (patch) | |
tree | 63712bbd86c933e4857309d5117befa31630314d /sample-env-generator | |
parent | 878d236f7bd1aaa214acd37a74477c109ba756f2 (diff) | |
parent | ca4b08bb6df610f7eea6e40e9e0ca445091369fa (diff) |
Merge "Convert enable-internal-tls.yaml to be generated" into stable/pike
Diffstat (limited to 'sample-env-generator')
-rw-r--r-- | sample-env-generator/ssl.yaml | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml index 4e59d53b..43a1afc1 100644 --- a/sample-env-generator/ssl.yaml +++ b/sample-env-generator/ssl.yaml @@ -22,6 +22,40 @@ environments: The contents of the private key go here resource_registry: OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml + - + name: ssl/enable-internal-tls + title: Enable SSL on OpenStack Internal Endpoints + description: | + A Heat environment file which can be used to enable TLS for the internal + network via certmonger + files: + puppet/all-nodes-config.yaml: + parameters: + - EnableInternalTLS + puppet/services/nova-base.yaml: + parameters: + - RabbitClientUseSSL + overcloud.yaml: + parameters: + - ServerMetadata + static: + - EnableInternalTLS + - RabbitClientUseSSL + - ServerMetadata + sample_values: + EnableInternalTLS: True + RabbitClientUseSSL: True + ServerMetadata: |-2 + + ipa_enroll: True + resource_registry: + OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml + OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml + # We use apache as a TLS proxy + OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml + # Creates nova metadata that will create the extra service principals per + # node. + OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml - name: ssl/inject-trust-anchor title: Inject SSL Trust Anchor on Overcloud Nodes description: | |