diff options
Diffstat (limited to 'environments')
| -rw-r--r-- | environments/debug.yaml | 5 | ||||
| -rw-r--r-- | environments/enable-internal-tls.yaml | 2 | ||||
| -rw-r--r-- | environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml | 7 | ||||
| -rw-r--r-- | environments/manage-firewall.yaml | 2 | ||||
| -rw-r--r-- | environments/manila-cephfsnative-config.yaml | 3 | ||||
| -rw-r--r-- | environments/manila-generic-config.yaml | 1 | ||||
| -rw-r--r-- | environments/manila-netapp-config.yaml | 1 | ||||
| -rw-r--r-- | environments/neutron-opendaylight-l3.yaml | 2 | ||||
| -rw-r--r-- | environments/neutron-opendaylight.yaml | 2 | ||||
| -rw-r--r-- | environments/services/haproxy-internal-tls-certmonger.yaml | 4 | ||||
| -rw-r--r-- | environments/services/haproxy-public-tls-certmonger.yaml | 4 | ||||
| -rw-r--r-- | environments/tls-everywhere-endpoints-dns.yaml | 52 |
12 files changed, 77 insertions, 8 deletions
diff --git a/environments/debug.yaml b/environments/debug.yaml new file mode 100644 index 00000000..b938555c --- /dev/null +++ b/environments/debug.yaml @@ -0,0 +1,5 @@ +# A Heat environment file which can be used to enable the debug +# setting in the overcloud openstack services configuration. + +parameter_defaults: + Debug: true diff --git a/environments/enable-internal-tls.yaml b/environments/enable-internal-tls.yaml new file mode 100644 index 00000000..801dcde9 --- /dev/null +++ b/environments/enable-internal-tls.yaml @@ -0,0 +1,2 @@ +parameter_defaults: + EnableInternalTLS: true diff --git a/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml b/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml new file mode 100644 index 00000000..6798c255 --- /dev/null +++ b/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml @@ -0,0 +1,7 @@ +resource_registry: + + # This initiates the upgrades for ceilometer api to run under apache wsgi + OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml + + # no-op the rest + OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/manage-firewall.yaml b/environments/manage-firewall.yaml deleted file mode 100644 index 5d48698e..00000000 --- a/environments/manage-firewall.yaml +++ /dev/null @@ -1,2 +0,0 @@ -parameter_defaults: - ManageFirewall: true diff --git a/environments/manila-cephfsnative-config.yaml b/environments/manila-cephfsnative-config.yaml index 4115d8b2..825a5066 100644 --- a/environments/manila-cephfsnative-config.yaml +++ b/environments/manila-cephfsnative-config.yaml @@ -9,10 +9,9 @@ resource_registry: parameter_defaults: - ManilaCephFSNativeEnableBackend: true ManilaCephFSNativeBackendName: cephfsnative ManilaCephFSNativeDriverHandlesShareServers: false - ManilaCephFSNativeCephFSConfPath: '/etc/ceph/cephfs.conf' + ManilaCephFSNativeCephFSConfPath: '/etc/ceph/ceph.conf' ManilaCephFSNativeCephFSAuthId: 'manila' ManilaCephFSNativeCephFSClusterName: 'ceph' ManilaCephFSNativeCephFSEnableSnapshots: true diff --git a/environments/manila-generic-config.yaml b/environments/manila-generic-config.yaml index a847a02b..9344bc6e 100644 --- a/environments/manila-generic-config.yaml +++ b/environments/manila-generic-config.yaml @@ -11,7 +11,6 @@ parameter_defaults: ManilaServiceInstancePassword: '' ManilaServiceInstanceFlavorId: 2 ManilaServiceNetworkCidr: '172.16.0.0/16' - ManilaGenericEnableBackend: true ManilaGenericBackendName: tripleo_generic ManilaGenericDriverHandlesShareServers: true ManilaGenericSmbTemplateConfigPath: '$state_path/smb.conf' diff --git a/environments/manila-netapp-config.yaml b/environments/manila-netapp-config.yaml index 98de6adf..3dadfe5d 100644 --- a/environments/manila-netapp-config.yaml +++ b/environments/manila-netapp-config.yaml @@ -7,7 +7,6 @@ resource_registry: OS::Tripleo::Services::ManilaBackendNetapp: ../puppet/services/manila-backend-netapp.yaml parameter_defaults: - ManilaNetappEnableBackend: true ManilaNetappBackendName: tripleo_netapp ManilaNetappDriverHandlesShareServers: true ManilaNetappLogin: '' diff --git a/environments/neutron-opendaylight-l3.yaml b/environments/neutron-opendaylight-l3.yaml index da915bd8..0e8fb9aa 100644 --- a/environments/neutron-opendaylight-l3.yaml +++ b/environments/neutron-opendaylight-l3.yaml @@ -2,7 +2,7 @@ resource_registry: OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None - OS::TripleO::Services::OpenDaylight: ../puppet/services/opendaylight-api.yaml + OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml OS::TripleO::Services::NeutronL3Agent: OS::Heat::None diff --git a/environments/neutron-opendaylight.yaml b/environments/neutron-opendaylight.yaml index 88240ed2..a0fe4514 100644 --- a/environments/neutron-opendaylight.yaml +++ b/environments/neutron-opendaylight.yaml @@ -2,7 +2,7 @@ resource_registry: OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None - OS::TripleO::Services::OpenDaylight: ../puppet/services/opendaylight-api.yaml + OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml parameter_defaults: diff --git a/environments/services/haproxy-internal-tls-certmonger.yaml b/environments/services/haproxy-internal-tls-certmonger.yaml new file mode 100644 index 00000000..074fec4d --- /dev/null +++ b/environments/services/haproxy-internal-tls-certmonger.yaml @@ -0,0 +1,4 @@ +# A Heat environment file which can be used to enable a +# a TLS for HAProxy via certmonger +resource_registry: + OS::TripleO::Services::HAProxyInternalTLS: ../../puppet/services/haproxy-internal-tls-certmonger.yaml diff --git a/environments/services/haproxy-public-tls-certmonger.yaml b/environments/services/haproxy-public-tls-certmonger.yaml new file mode 100644 index 00000000..d3ad3ad4 --- /dev/null +++ b/environments/services/haproxy-public-tls-certmonger.yaml @@ -0,0 +1,4 @@ +# A Heat environment file which can be used to enable a +# a TLS for HAProxy via certmonger +resource_registry: + OS::TripleO::Services::HAProxyPublicTLS: ../../puppet/services/haproxy-public-tls-certmonger.yaml diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml new file mode 100644 index 00000000..88a108a6 --- /dev/null +++ b/environments/tls-everywhere-endpoints-dns.yaml @@ -0,0 +1,52 @@ +# Use this environment when deploying an overcloud where all the endpoints are +# DNS names and there's TLS in all endpoint types. +parameter_defaults: + EndpointMap: + AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'} + AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'} + AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} + CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'} + CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'} + CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} + CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} + CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} + CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} + GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} + GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} + GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} + GlanceRegistryInternal: {protocol: 'https', port: '9191', host: 'CLOUDNAME'} + GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} + GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} + GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} + HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'} + HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'} + HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} + HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'} + HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'} + HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'} + HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} + IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'} + IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'} + IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'} + KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'} + KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'} + KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} + ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'} + ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'} + ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} + MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'} + NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'} + NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'} + NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} + NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} + NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} + NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} + NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} + NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} + NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} + SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} + SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} + SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} + SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} |