aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docker/services/heat-api-cfn.yaml16
-rw-r--r--docker/services/heat-api.yaml16
-rw-r--r--environments/docker-services-tls-everywhere.yaml13
3 files changed, 40 insertions, 5 deletions
diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml
index fc228155..ff18f177 100644
--- a/docker/services/heat-api-cfn.yaml
+++ b/docker/services/heat-api-cfn.yaml
@@ -31,7 +31,13 @@ parameters:
DefaultPasswords:
default: {}
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -95,6 +101,16 @@ outputs:
- /var/lib/config-data/heat_api_cfn/etc/httpd/:/etc/httpd/:ro
- /var/lib/config-data/heat_api_cfn/var/www/:/var/www/:ro
- /var/log/containers/heat:/var/log/heat
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml
index fe565411..886a0d80 100644
--- a/docker/services/heat-api.yaml
+++ b/docker/services/heat-api.yaml
@@ -31,7 +31,13 @@ parameters:
DefaultPasswords:
default: {}
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -95,6 +101,16 @@ outputs:
- /var/lib/config-data/heat_api/etc/httpd/:/etc/httpd/:ro
- /var/lib/config-data/heat_api/var/www/:/var/www/:ro
- /var/log/containers/heat:/var/log/heat
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml
index 73b91727..7b27663f 100644
--- a/environments/docker-services-tls-everywhere.yaml
+++ b/environments/docker-services-tls-everywhere.yaml
@@ -8,14 +8,17 @@ resource_registry:
OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
# NOTE: add roles to be docker enabled as we support them.
- OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
- OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml
- OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml
- OS::TripleO::Services::GnocchiStatsd: ../docker/services/gnocchi-statsd.yaml
OS::TripleO::Services::AodhApi: ../docker/services/aodh-api.yaml
OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml
- OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml
OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml
+ OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml
+ OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml
+ OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml
+ OS::TripleO::Services::GnocchiStatsd: ../docker/services/gnocchi-statsd.yaml
+ OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml
+ OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml
+ OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml
+ OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml
OS::TripleO::PostDeploySteps: ../docker/post.yaml