diff options
Diffstat (limited to 'overcloud-source.yaml')
| -rw-r--r-- | overcloud-source.yaml | 50 |
1 files changed, 32 insertions, 18 deletions
diff --git a/overcloud-source.yaml b/overcloud-source.yaml index 0832e7cd..64deb95b 100644 --- a/overcloud-source.yaml +++ b/overcloud-source.yaml @@ -177,6 +177,15 @@ parameters: description: Keystone key for signing tokens. type: string hidden: true + KeystoneSSLCertificate: + default: '' + description: Keystone certificate for verifying token validity. + type: string + KeystoneSSLCertificateKey: + default: '' + description: Keystone key for signing tokens. + type: string + hidden: true LiveUpdateComputeImage: type: string description: The image ID for live-updates to the overcloud compute nodes. @@ -344,6 +353,16 @@ parameters: default: guest description: The username for RabbitMQ type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number SnmpdReadonlyUserName: default: ro_snmp_user description: The user name for SNMPd with readonly rights running on all Overcloud nodes @@ -361,6 +380,7 @@ resources: network_id: {get_param: NeutronControlPlaneID} fixed_ips: get_param: ControlFixedIPs + replacement_policy: AUTO MysqlClusterUniquePart: type: OS::Heat::RandomString properties: @@ -376,6 +396,7 @@ resources: network: {get_param: PublicVirtualNetwork} fixed_ips: get_param: PublicVirtualFixedIPs + replacement_policy: AUTO RabbitCookie: type: OS::Heat::RandomString properties: @@ -568,6 +589,9 @@ resources: ca_certificate: {get_param: KeystoneCACertificate} signing_key: {get_param: KeystoneSigningKey} signing_certificate: {get_param: KeystoneSigningCertificate} + ssl: + certificate: {get_param: KeystoneSSLCertificate} + certificate_key: {get_param: KeystoneSSLCertificateKey} mysql: innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} local_bind: true @@ -656,6 +680,8 @@ resources: get_attr: - RabbitCookie - value + rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} + rabbit_port: {get_param: RabbitClientPort} ntp: servers: - {server: {get_param: NtpServer}, fudge: "stratum 0"} @@ -704,42 +730,33 @@ resources: ip: {get_attr: [controller0, networks, ctlplane, 0]} name: {get_attr: [controller0, name]} net_binds: - - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + - &control_vip {ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}} + - &public_vip {ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}} services: - name: keystone_admin port: 35357 - net_binds: &public_binds - - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} - name: keystone_public port: 5000 - net_binds: *public_binds - name: horizon port: 80 - net_binds: *public_binds - name: neutron port: 9696 - net_binds: *public_binds - name: cinder port: 8776 - net_binds: *public_binds - name: glance_api port: 9292 - net_binds: *public_binds - name: glance_registry port: 9191 - net_binds: *public_binds - name: heat_api port: 8004 - net_binds: *public_binds - name: heat_cloudwatch port: 8003 - net_binds: *public_binds - name: heat_cfn port: 8000 - net_binds: *public_binds - name: mysql port: 3306 + net_binds: + - *control_vip extra_server_params: - backup options: @@ -749,21 +766,18 @@ resources: port: 8773 - name: nova_osapi port: 8774 - net_binds: *public_binds - name: nova_metadata port: 8775 - net_binds: *public_binds - name: nova_novncproxy port: 6080 - net_binds: *public_binds - name: ceilometer port: 8777 - net_binds: *public_binds - name: swift_proxy_server port: 8080 - net_binds: *public_binds - name: rabbitmq port: 5672 + net_binds: + - *control_vip options: - timeout client 0 - timeout server 0 |