aboutsummaryrefslogtreecommitdiffstats
path: root/environments/docker-services-tls-everywhere.yaml
AgeCommit message (Collapse)AuthorFilesLines
2017-05-26Add sshd service to containerized compute roleOliver Walsh1-0/+1
This adds the sshd puppet service to the containerized compute role All other roles already include this service from the defaults roles data, it is only missing from the compute role. As the sshd service runs on the docker host, this must remain as a traditional puppet service. NB the sshd puppet service does not enable sshd, it just enables the management of the sshd config via t-h-t/puppet. Closes-bug: #1693837 Change-Id: I86ff749245ac791e870528ad4b410f3c1fd812e0
2017-05-16docker/internal TLS: spawn extra container for neutron server's TLS proxyJuan Antonio Osorio Robles1-0/+7
This spawns an extra container that runs httpd to run the TLS proxy that will go in front of neutron server. bp tls-via-certmonger-containers Change-Id: I2529d78e889835f48c51e12d28ecd7c48739b02b
2017-05-12docker/internal TLS: spawn extra container for glance API's TLS proxyJuan Antonio Osorio Robles1-1/+2
This spawns an extra container that runs httpd to run the TLS proxy that will go in front of glance-api. bp tls-via-certmonger-containers Change-Id: If902ac732479832b9aa3e4a8d063b5be68a42a9b
2017-05-12docker/internal TLS: spawn extra container for swift's TLS proxyJuan Antonio Osorio Robles1-0/+3
This spawns an extra container that runs httpd to run the TLS proxy that will go in front of swift. bp tls-via-certmonger-containers Depends-On: Ib01137cd0d98e6f5a3e49579c080ab18d8905b0d Change-Id: I9639af8b46b8e865cc1fa7249bf1d8b1b978adfe
2017-05-08Containers: Bind mount directories with the key/certs for heatJuan Antonio Osorio Robles1-5/+8
This is only done when TLS-everywhere is enabled, and depends on those directories being exclusive for services that run over httpd. bp tls-via-certmonger-containers Change-Id: I194c33992c7f3628f7858ecf5e472ecfdee969ed
2017-04-27TLS-everywhere: Add missing profiles to docker compute servicesJuan Antonio Osorio Robles1-0/+2
the CA and certmonger user profiles were needed in the compute services list from the tls-everywhere in containers environment. bp tls-via-certmonger-containers Change-Id: Ib584ac0745d68828467bcfad7f6472ab66adbac3
2017-04-19containers: TLS in the internal network for telemetry servicesJuan Antonio Osorio Robles1-0/+8
This covers aodh, gnocchi and panko. cp tls-via-certmonger-containers Change-Id: I6dabb0d82755c28b8940c0baab0e23cfcc587c42
2017-04-12Bind mount directories that contain the key/certs for keystoneJuan Antonio Osorio Robles1-0/+28
This is only done when TLS-everywhere is enabled, and depends on those directories being exclusive for services that run over httpd. Which is the commit this is on top of. Also, an environment file was added that's similar to environments/docker.yaml. The difference is that this one will contain the services that can run containerized with TLS-everywhere. This file will be updated as more services get support for this. bp tls-via-certmonger-containers Change-Id: I87bf59f2c33de6cf2d4ce0679a5e0e22bc24bf78