diff options
-rw-r--r-- | environments/enable-tls.yaml | 3 | ||||
-rw-r--r-- | environments/ssl/enable-tls.yaml | 41 | ||||
-rw-r--r-- | environments/ssl/tls-endpoints-public-dns.yaml | 131 | ||||
-rw-r--r-- | environments/ssl/tls-endpoints-public-ip.yaml | 131 | ||||
-rw-r--r-- | environments/ssl/tls-everywhere-endpoints-dns.yaml | 131 | ||||
-rw-r--r-- | environments/tls-endpoints-public-dns.yaml | 4 | ||||
-rw-r--r-- | environments/tls-endpoints-public-ip.yaml | 4 | ||||
-rw-r--r-- | sample-env-generator/README.rst | 4 | ||||
-rw-r--r-- | sample-env-generator/predictable-placement.yaml (renamed from sample-env-generator/sample-environments.yaml) | 0 | ||||
-rw-r--r-- | sample-env-generator/ssl.yaml | 426 | ||||
-rwxr-xr-x | tools/yaml-validate.py | 13 | ||||
-rw-r--r-- | tox.ini | 2 | ||||
-rwxr-xr-x | tripleo_heat_templates/environment_generator.py | 24 |
13 files changed, 900 insertions, 14 deletions
diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml index 39ded654..f7038015 100644 --- a/environments/enable-tls.yaml +++ b/environments/enable-tls.yaml @@ -1,3 +1,6 @@ +# ******************************************************************************** +# DEPRECATED: Use tripleo-heat-templates/environments/ssl/enable-tls.yaml instead. +# ******************************************************************************** # Use this environment to pass in certificates for SSL deployments. # For these values to take effect, one of the tls-endpoints-*.yaml environments # must also be used. diff --git a/environments/ssl/enable-tls.yaml b/environments/ssl/enable-tls.yaml new file mode 100644 index 00000000..c8ed2bd2 --- /dev/null +++ b/environments/ssl/enable-tls.yaml @@ -0,0 +1,41 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Enable SSL on OpenStack Public Endpoints +# description: | +# Use this environment to pass in certificates for SSL deployments. +# For these values to take effect, one of the tls-endpoints-*.yaml environments +# must also be used. +parameter_defaults: + # The content of the SSL certificate (without Key) in PEM format. + # Mandatory. This parameter must be set by the user. + # Type: string + SSLCertificate: | + The contents of your certificate go here + + # The content of an SSL intermediate CA certificate in PEM format. + # Type: string + SSLIntermediateCertificate: '' + + # The content of the SSL Key in PEM format. + # Mandatory. This parameter must be set by the user. + # Type: string + SSLKey: | + The contents of the private key go here + + # ****************************************************** + # Static parameters - these are values that must be + # included in the environment but should not be changed. + # ****************************************************** + # The filepath of the certificate as it will be stored in the controller. + # Type: string + DeployedSSLCertificatePath: /etc/pki/tls/private/overcloud_endpoint.pem + + # ********************* + # End static parameters + # ********************* +resource_registry: + OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml diff --git a/environments/ssl/tls-endpoints-public-dns.yaml b/environments/ssl/tls-endpoints-public-dns.yaml new file mode 100644 index 00000000..d1cab981 --- /dev/null +++ b/environments/ssl/tls-endpoints-public-dns.yaml @@ -0,0 +1,131 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Deploy Public SSL Endpoints as DNS Names +# description: | +# Use this environment when deploying an SSL-enabled overcloud where the public +# endpoint is a DNS name. +parameter_defaults: + # Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. + # Type: json + EndpointMap: + AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} + BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} + BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} + BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'} + CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} + CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} + CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} + CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} + CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} + ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} + Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} + Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} + GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} + GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} + HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} + HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'} + HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} + IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'} + IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} + IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} + IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'} + KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} + KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} + KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} + ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} + MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} + MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} + MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} + MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} + NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} + NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} + NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'} + NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} + OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} + OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} + OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'} + PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'} + SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} + SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} + TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} + TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} + ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} + ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} + diff --git a/environments/ssl/tls-endpoints-public-ip.yaml b/environments/ssl/tls-endpoints-public-ip.yaml new file mode 100644 index 00000000..cb41dc12 --- /dev/null +++ b/environments/ssl/tls-endpoints-public-ip.yaml @@ -0,0 +1,131 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Deploy Public SSL Endpoints as IP Addresses +# description: | +# Use this environment when deploying an SSL-enabled overcloud where the public +# endpoint is an IP address. +parameter_defaults: + # Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. + # Type: json + EndpointMap: + AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'} + BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} + BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} + BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'} + CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'} + CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} + CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'} + CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} + CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} + CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'} + ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} + Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} + Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'} + GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'} + GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'} + HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'} + HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'} + HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} + IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'} + IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} + IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} + IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'} + KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} + KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} + KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'} + ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'} + MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} + MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} + MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'} + MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} + NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'} + NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'} + NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'} + NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'} + OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} + OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} + OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'} + PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'} + SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'} + SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} + TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} + TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} + TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'} + ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'} + ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'} + diff --git a/environments/ssl/tls-everywhere-endpoints-dns.yaml b/environments/ssl/tls-everywhere-endpoints-dns.yaml new file mode 100644 index 00000000..7ae7f3a0 --- /dev/null +++ b/environments/ssl/tls-everywhere-endpoints-dns.yaml @@ -0,0 +1,131 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Deploy All SSL Endpoints as DNS Names +# description: | +# Use this environment when deploying an overcloud where all the endpoints are +# DNS names and there's TLS in all endpoint types. +parameter_defaults: + # Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. + # Type: json + EndpointMap: + AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'} + AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'} + AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} + BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'} + BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'} + BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'} + CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'} + CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'} + CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} + CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} + CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} + CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} + CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} + CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} + CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} + ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} + Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} + Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} + GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} + GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} + GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} + GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} + GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} + GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} + HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'} + HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'} + HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} + HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'} + HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'} + HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'} + HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} + IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'} + IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'} + IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'} + IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'} + IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'} + IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'} + KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'} + KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'} + KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} + ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'} + ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'} + ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} + MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'} + MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'} + MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} + MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'} + NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'} + NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'} + NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} + NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} + NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} + NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} + NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'} + NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'} + NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'} + NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} + NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} + NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} + OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'} + OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'} + OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'} + PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'} + PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'} + PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'} + SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} + SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} + SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} + SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'} + TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'} + TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} + ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} + ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} + ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} + diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml index 44432210..856bd3c6 100644 --- a/environments/tls-endpoints-public-dns.yaml +++ b/environments/tls-endpoints-public-dns.yaml @@ -1,3 +1,7 @@ +# ************************************************************************************* +# DEPRECATED: Use tripleo-heat-templates/environments/ssl/tls-endpoints-public-dns.yaml +# instead. +# ************************************************************************************* # Use this environment when deploying an SSL-enabled overcloud where the public # endpoint is a DNS name. parameter_defaults: diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml index 5ac2918b..a67e208a 100644 --- a/environments/tls-endpoints-public-ip.yaml +++ b/environments/tls-endpoints-public-ip.yaml @@ -1,3 +1,7 @@ +# ************************************************************************************* +# DEPRECATED: Use tripleo-heat-templates/environments/ssl/tls-endpoints-public-ip.yaml +# instead. +# ************************************************************************************* # Use this environment when deploying an SSL-enabled overcloud where the public # endpoint is an IP address. parameter_defaults: diff --git a/sample-env-generator/README.rst b/sample-env-generator/README.rst index 71e9810a..55f3bacf 100644 --- a/sample-env-generator/README.rst +++ b/sample-env-generator/README.rst @@ -19,8 +19,8 @@ target to do this:: ``tripleo-heat-templates`` project. If a new sample environment is needed, it should be added to the -``sample-env-generator/sample-environments.yaml`` file. The existing -entries in the file can be used as examples, and a more detailed +appropriate file in the ``sample-env-generator/`` directory. The existing +entries in the files can be used as examples, and a more detailed explanation of the different available keys is below: - **name**: the output file will be this name + .yaml, in the diff --git a/sample-env-generator/sample-environments.yaml b/sample-env-generator/predictable-placement.yaml index ffda7aca..ffda7aca 100644 --- a/sample-env-generator/sample-environments.yaml +++ b/sample-env-generator/predictable-placement.yaml diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml new file mode 100644 index 00000000..2f379f30 --- /dev/null +++ b/sample-env-generator/ssl.yaml @@ -0,0 +1,426 @@ +environments: + - + name: ssl/enable-tls + title: Enable SSL on OpenStack Public Endpoints + description: | + Use this environment to pass in certificates for SSL deployments. + For these values to take effect, one of the tls-endpoints-*.yaml environments + must also be used. + files: + puppet/extraconfig/tls/tls-cert-inject.yaml: + parameters: all + static: + # This should probably be private, but for testing static params I'm + # setting it as such for now. + - DeployedSSLCertificatePath + sample_values: + SSLCertificate: |- + | + The contents of your certificate go here + SSLKey: |- + | + The contents of the private key go here + resource_registry: + OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml + - + name: ssl/tls-endpoints-public-ip + title: Deploy Public SSL Endpoints as IP Addresses + description: | + Use this environment when deploying an SSL-enabled overcloud where the public + endpoint is an IP address. + files: + network/endpoints/endpoint_map.yaml: + parameters: + - EndpointMap + sample_values: + # NOTE(bnemec): This is a bit odd, but it's the only way I've found that + # works. The |-2 tells YAML to strip two spaces off the indentation of + # the value, which because it's indented six spaces gets us to the four + # that we actually want. Note that zero is not a valid value here, so + # two seemed like the most sane option. + EndpointMap: |-2 + + AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'} + BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} + BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} + BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'} + CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'} + CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} + CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'} + CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} + CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} + CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'} + ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} + Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} + Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'} + GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'} + GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'} + HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'} + HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'} + HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} + IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'} + IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} + IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} + IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'} + KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} + KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} + KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'} + ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'} + MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} + MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} + MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'} + MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} + NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'} + NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'} + NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'} + NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'} + OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} + OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} + OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'} + PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'} + SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'} + SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} + TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} + TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} + TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'} + ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'} + ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'} + - + name: ssl/tls-endpoints-public-dns + title: Deploy Public SSL Endpoints as DNS Names + description: | + Use this environment when deploying an SSL-enabled overcloud where the public + endpoint is a DNS name. + files: + network/endpoints/endpoint_map.yaml: + parameters: + - EndpointMap + sample_values: + # NOTE(bnemec): This is a bit odd, but it's the only way I've found that + # works. The |-2 tells YAML to strip two spaces off the indentation of + # the value, which because it's indented six spaces gets us to the four + # that we actually want. Note that zero is not a valid value here, so + # two seemed like the most sane option. + EndpointMap: |-2 + + AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} + BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} + BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} + BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'} + CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} + CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} + CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} + CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} + CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} + ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} + Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} + Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} + GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} + GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} + HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} + HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'} + HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} + IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'} + IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} + IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} + IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'} + KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} + KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} + KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} + ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} + MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} + MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} + MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} + MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} + NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} + NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} + NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'} + NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} + OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} + OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} + OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'} + PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'} + SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} + SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} + TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} + TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} + ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} + ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} + - + name: ssl/tls-everywhere-endpoints-dns + title: Deploy All SSL Endpoints as DNS Names + description: | + Use this environment when deploying an overcloud where all the endpoints are + DNS names and there's TLS in all endpoint types. + files: + network/endpoints/endpoint_map.yaml: + parameters: + - EndpointMap + sample_values: + # NOTE(bnemec): This is a bit odd, but it's the only way I've found that + # works. The |-2 tells YAML to strip two spaces off the indentation of + # the value, which because it's indented six spaces gets us to the four + # that we actually want. Note that zero is not a valid value here, so + # two seemed like the most sane option. + EndpointMap: |-2 + + AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'} + AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'} + AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} + BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'} + BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'} + BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'} + CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'} + CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'} + CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} + CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} + CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} + CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} + CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} + CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} + CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} + ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} + Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} + Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} + GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} + GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} + GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} + GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} + GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} + GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} + HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'} + HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'} + HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} + HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'} + HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'} + HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'} + HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} + IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'} + IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'} + IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'} + IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'} + IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'} + IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'} + KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'} + KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'} + KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} + ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'} + ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'} + ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} + MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'} + MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'} + MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} + MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'} + NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'} + NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'} + NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} + NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} + NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} + NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} + NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'} + NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'} + NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'} + NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} + NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} + NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} + OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'} + OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'} + OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'} + PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'} + PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'} + PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'} + SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} + SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} + SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} + SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'} + TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'} + TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} + ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} + ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} + ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 92d76d23..d7c0bd93 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -20,8 +20,15 @@ import yaml required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords', 'RoleName', 'RoleParameters'] +# NOTE(bnemec): The duplication in this list is intentional. For the +# transition to generated environments we have two copies of these files, +# so they need to be listed twice. Once the deprecated version can be removed +# the duplicate entries can be as well. envs_containing_endpoint_map = ['tls-endpoints-public-dns.yaml', 'tls-endpoints-public-ip.yaml', + 'tls-everywhere-endpoints-dns.yaml', + 'tls-endpoints-public-dns.yaml', + 'tls-endpoints-public-ip.yaml', 'tls-everywhere-endpoints-dns.yaml'] ENDPOINT_MAP_FILE = 'endpoint_map.yaml' REQUIRED_DOCKER_SECTIONS = ['service_name', 'docker_config', 'puppet_config', @@ -294,9 +301,9 @@ if base_endpoint_map and \ else: print("%s matches base endpoint map" % env_endpoint_map['file']) else: - print("ERROR: Can't validate endpoint maps since a file is missing. " - "If you meant to delete one of these files you should update this " - "tool as well.") + print("ERROR: Did not find expected number of environments containing the " + "EndpointMap parameter. If you meant to add or remove one of these " + "environments then you also need to update this tool.") if not base_endpoint_map: failed_files.append(ENDPOINT_MAP_FILE) if len(env_endpoint_maps) != len(envs_containing_endpoint_map): @@ -31,4 +31,4 @@ commands = python setup.py test --coverage --coverage-package-name=tripleo_heat_ [testenv:genconfig] commands = python ./tools/process-templates.py - python ./tripleo_heat_templates/environment_generator.py sample-env-generator/sample-environments.yaml + python ./tripleo_heat_templates/environment_generator.py sample-env-generator/ diff --git a/tripleo_heat_templates/environment_generator.py b/tripleo_heat_templates/environment_generator.py index e2f48720..659a7d57 100755 --- a/tripleo_heat_templates/environment_generator.py +++ b/tripleo_heat_templates/environment_generator.py @@ -165,24 +165,32 @@ def _generate_environment(input_env, parent_env=None): _generate_environment(e, env) -def generate_environments(config_file): - with open(config_file) as f: - config = yaml.safe_load(f) - for env in config['environments']: - _generate_environment(env) +def generate_environments(config_path): + if os.path.isdir(config_path): + config_files = os.listdir(config_path) + config_files = [os.path.join(config_path, i) for i in config_files + if os.path.splitext(i)[1] == '.yaml'] + else: + config_files = [config_path] + for config_file in config_files: + print('Reading environment definitions from %s' % config_file) + with open(config_file) as f: + config = yaml.safe_load(f) + for env in config['environments']: + _generate_environment(env) def usage(exit_code=1): - print('Usage: %s <filename.yaml>' % sys.argv[0]) + print('Usage: %s [<filename.yaml> | <directory>]' % sys.argv[0]) sys.exit(exit_code) def main(): try: - config_file = sys.argv[1] + config_path = sys.argv[1] except IndexError: usage() - generate_environments(config_file) + generate_environments(config_path) if __name__ == '__main__': |