summaryrefslogtreecommitdiffstats
path: root/sample-env-generator
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-09-02 08:53:30 +0000
committerGerrit Code Review <review@openstack.org>2017-09-02 08:53:30 +0000
commit79bd4a5c576829470ee0605551cee89233732021 (patch)
tree63712bbd86c933e4857309d5117befa31630314d /sample-env-generator
parent878d236f7bd1aaa214acd37a74477c109ba756f2 (diff)
parentca4b08bb6df610f7eea6e40e9e0ca445091369fa (diff)
Merge "Convert enable-internal-tls.yaml to be generated" into stable/pike
Diffstat (limited to 'sample-env-generator')
-rw-r--r--sample-env-generator/ssl.yaml34
1 files changed, 34 insertions, 0 deletions
diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml
index 4e59d53b..43a1afc1 100644
--- a/sample-env-generator/ssl.yaml
+++ b/sample-env-generator/ssl.yaml
@@ -22,6 +22,40 @@ environments:
The contents of the private key go here
resource_registry:
OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
+ -
+ name: ssl/enable-internal-tls
+ title: Enable SSL on OpenStack Internal Endpoints
+ description: |
+ A Heat environment file which can be used to enable TLS for the internal
+ network via certmonger
+ files:
+ puppet/all-nodes-config.yaml:
+ parameters:
+ - EnableInternalTLS
+ puppet/services/nova-base.yaml:
+ parameters:
+ - RabbitClientUseSSL
+ overcloud.yaml:
+ parameters:
+ - ServerMetadata
+ static:
+ - EnableInternalTLS
+ - RabbitClientUseSSL
+ - ServerMetadata
+ sample_values:
+ EnableInternalTLS: True
+ RabbitClientUseSSL: True
+ ServerMetadata: |-2
+
+ ipa_enroll: True
+ resource_registry:
+ OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml
+ OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml
+ # We use apache as a TLS proxy
+ OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml
+ # Creates nova metadata that will create the extra service principals per
+ # node.
+ OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml
- name: ssl/inject-trust-anchor
title: Inject SSL Trust Anchor on Overcloud Nodes
description: |