diff options
Diffstat (limited to 'sample-env-generator')
-rw-r--r-- | sample-env-generator/README.rst | 11 | ||||
-rw-r--r-- | sample-env-generator/ssl.yaml | 33 |
2 files changed, 44 insertions, 0 deletions
diff --git a/sample-env-generator/README.rst b/sample-env-generator/README.rst index 55f3bacf..32e94f98 100644 --- a/sample-env-generator/README.rst +++ b/sample-env-generator/README.rst @@ -23,6 +23,11 @@ appropriate file in the ``sample-env-generator/`` directory. The existing entries in the files can be used as examples, and a more detailed explanation of the different available keys is below: +Top-level: +- **environments**: This is the top-level key in the file. All other keys + below should appear in a list of dictionaries that define environments. + +Environment-specific: - **name**: the output file will be this name + .yaml, in the ``environments`` directory. - **title**: a human-readable title for the environment. @@ -52,6 +57,12 @@ explanation of the different available keys is below: - **resource_registry**: Many environments also need to pass resource_registry entries when they are used. This can be used to specify that in the configuration file. +- **children**: For environments that share a lot of common values but may + need minor variations for different use cases, sample environment entries + can be nested. ``children`` takes a list of environments with the same + structure as the top-level ``environments`` key. The main difference is + that all keys are optional, and any that are omitted will be inherited from + the parent environment definition. Some behavioral notes: diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml index 2f379f30..6963e842 100644 --- a/sample-env-generator/ssl.yaml +++ b/sample-env-generator/ssl.yaml @@ -22,6 +22,39 @@ environments: The contents of the private key go here resource_registry: OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml + - name: ssl/inject-trust-anchor + title: Inject SSL Trust Anchor on Overcloud Nodes + description: | + When using an SSL certificate signed by a CA that is not in the default + list of CAs, this environment allows adding a custom CA certificate to + the overcloud nodes. + files: + puppet/extraconfig/tls/ca-inject.yaml: + parameters: + - SSLRootCertificate + sample_values: + SSLRootCertificate: |- + | + The contents of your certificate go here + resource_registry: + OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml + children: + - name: ssl/inject-trust-anchor-hiera + files: + puppet/services/ca-certs.yaml: + parameters: + - CAMap + # Need to clear this so we don't inherit the parent registry + resource_registry: {} + sample_values: + CAMap: |-2 + + first-ca-name: + content: | + The content of the CA cert goes here + second-ca-name: + content: | + The content of the CA cert goes here - name: ssl/tls-endpoints-public-ip title: Deploy Public SSL Endpoints as IP Addresses |