aboutsummaryrefslogtreecommitdiffstats
path: root/sample-env-generator
diff options
context:
space:
mode:
authorBen Nemec <bnemec@redhat.com>2017-08-11 16:31:01 -0500
committerEmilien Macchi <emilien@redhat.com>2017-09-02 04:18:31 +0000
commitca4b08bb6df610f7eea6e40e9e0ca445091369fa (patch)
treef33837e2376d74c6c4a0bff7f7109cc663762989 /sample-env-generator
parentd875f79dab32bca11016234ea135a206688f793e (diff)
Convert enable-internal-tls.yaml to be generated
All of the other SSL environments were converted, but this one was missed. That's an inconsistent user experience and should be cleaned up. This environment also exposed a bug in the tool where it did not include the parameter_defaults section key if all the parameters were marked static. Change-Id: I19bc422c22b9f60f781e696ce703b026dc317786 Closes-Bug: 1713761 (cherry picked from commit 7c06db3d1c384773c4abccbce450c259f75e5e4a)
Diffstat (limited to 'sample-env-generator')
-rw-r--r--sample-env-generator/ssl.yaml34
1 files changed, 34 insertions, 0 deletions
diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml
index 4e59d53b..43a1afc1 100644
--- a/sample-env-generator/ssl.yaml
+++ b/sample-env-generator/ssl.yaml
@@ -22,6 +22,40 @@ environments:
The contents of the private key go here
resource_registry:
OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
+ -
+ name: ssl/enable-internal-tls
+ title: Enable SSL on OpenStack Internal Endpoints
+ description: |
+ A Heat environment file which can be used to enable TLS for the internal
+ network via certmonger
+ files:
+ puppet/all-nodes-config.yaml:
+ parameters:
+ - EnableInternalTLS
+ puppet/services/nova-base.yaml:
+ parameters:
+ - RabbitClientUseSSL
+ overcloud.yaml:
+ parameters:
+ - ServerMetadata
+ static:
+ - EnableInternalTLS
+ - RabbitClientUseSSL
+ - ServerMetadata
+ sample_values:
+ EnableInternalTLS: True
+ RabbitClientUseSSL: True
+ ServerMetadata: |-2
+
+ ipa_enroll: True
+ resource_registry:
+ OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml
+ OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml
+ # We use apache as a TLS proxy
+ OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml
+ # Creates nova metadata that will create the extra service principals per
+ # node.
+ OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml
- name: ssl/inject-trust-anchor
title: Inject SSL Trust Anchor on Overcloud Nodes
description: |