diff options
| author |   Ben Nemec <bnemec@redhat.com> | 2017-08-11 16:31:01 -0500 |
|---|---|---|
| committer |   Emilien Macchi <emilien@redhat.com> | 2017-09-02 04:18:31 +0000 |
| commit | ca4b08bb6df610f7eea6e40e9e0ca445091369fa (patch) | |
| tree | f33837e2376d74c6c4a0bff7f7109cc663762989 /sample-env-generator | |
| parent | d875f79dab32bca11016234ea135a206688f793e (diff) | |
Convert enable-internal-tls.yaml to be generated
All of the other SSL environments were converted, but this one was
missed. That's an inconsistent user experience and should be
cleaned up.
This environment also exposed a bug in the tool where it did not
include the parameter_defaults section key if all the parameters
were marked static.
Change-Id: I19bc422c22b9f60f781e696ce703b026dc317786
Closes-Bug: 1713761
(cherry picked from commit 7c06db3d1c384773c4abccbce450c259f75e5e4a)
Diffstat (limited to 'sample-env-generator')
| -rw-r--r-- | sample-env-generator/ssl.yaml | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml index 4e59d53b..43a1afc1 100644 --- a/sample-env-generator/ssl.yaml +++ b/sample-env-generator/ssl.yaml @@ -22,6 +22,40 @@ environments: The contents of the private key go here resource_registry: OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml + - + name: ssl/enable-internal-tls + title: Enable SSL on OpenStack Internal Endpoints + description: | + A Heat environment file which can be used to enable TLS for the internal + network via certmonger + files: + puppet/all-nodes-config.yaml: + parameters: + - EnableInternalTLS + puppet/services/nova-base.yaml: + parameters: + - RabbitClientUseSSL + overcloud.yaml: + parameters: + - ServerMetadata + static: + - EnableInternalTLS + - RabbitClientUseSSL + - ServerMetadata + sample_values: + EnableInternalTLS: True + RabbitClientUseSSL: True + ServerMetadata: |-2 + + ipa_enroll: True + resource_registry: + OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml + OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml + # We use apache as a TLS proxy + OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml + # Creates nova metadata that will create the extra service principals per + # node. + OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml - name: ssl/inject-trust-anchor title: Inject SSL Trust Anchor on Overcloud Nodes description: | |