summaryrefslogtreecommitdiffstats
path: root/sample-env-generator
diff options
context:
space:
mode:
Diffstat (limited to 'sample-env-generator')
-rw-r--r--sample-env-generator/README.rst11
-rw-r--r--sample-env-generator/ssl.yaml33
2 files changed, 44 insertions, 0 deletions
diff --git a/sample-env-generator/README.rst b/sample-env-generator/README.rst
index 55f3bacf..32e94f98 100644
--- a/sample-env-generator/README.rst
+++ b/sample-env-generator/README.rst
@@ -23,6 +23,11 @@ appropriate file in the ``sample-env-generator/`` directory. The existing
entries in the files can be used as examples, and a more detailed
explanation of the different available keys is below:
+Top-level:
+- **environments**: This is the top-level key in the file. All other keys
+ below should appear in a list of dictionaries that define environments.
+
+Environment-specific:
- **name**: the output file will be this name + .yaml, in the
``environments`` directory.
- **title**: a human-readable title for the environment.
@@ -52,6 +57,12 @@ explanation of the different available keys is below:
- **resource_registry**: Many environments also need to pass
resource_registry entries when they are used. This can be used
to specify that in the configuration file.
+- **children**: For environments that share a lot of common values but may
+ need minor variations for different use cases, sample environment entries
+ can be nested. ``children`` takes a list of environments with the same
+ structure as the top-level ``environments`` key. The main difference is
+ that all keys are optional, and any that are omitted will be inherited from
+ the parent environment definition.
Some behavioral notes:
diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml
index 2f379f30..6963e842 100644
--- a/sample-env-generator/ssl.yaml
+++ b/sample-env-generator/ssl.yaml
@@ -22,6 +22,39 @@ environments:
The contents of the private key go here
resource_registry:
OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
+ - name: ssl/inject-trust-anchor
+ title: Inject SSL Trust Anchor on Overcloud Nodes
+ description: |
+ When using an SSL certificate signed by a CA that is not in the default
+ list of CAs, this environment allows adding a custom CA certificate to
+ the overcloud nodes.
+ files:
+ puppet/extraconfig/tls/ca-inject.yaml:
+ parameters:
+ - SSLRootCertificate
+ sample_values:
+ SSLRootCertificate: |-
+ |
+ The contents of your certificate go here
+ resource_registry:
+ OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml
+ children:
+ - name: ssl/inject-trust-anchor-hiera
+ files:
+ puppet/services/ca-certs.yaml:
+ parameters:
+ - CAMap
+ # Need to clear this so we don't inherit the parent registry
+ resource_registry: {}
+ sample_values:
+ CAMap: |-2
+
+ first-ca-name:
+ content: |
+ The content of the CA cert goes here
+ second-ca-name:
+ content: |
+ The content of the CA cert goes here
-
name: ssl/tls-endpoints-public-ip
title: Deploy Public SSL Endpoints as IP Addresses