summaryrefslogtreecommitdiffstats
path: root/environments/enable-tls.yaml
AgeCommit message (Collapse)AuthorFilesLines
2016-04-21The Sahara SSL endpoint was announced on the wrong portGiulio Fidente1-1/+1
Change-Id: I0cab3cdb2189dab3844f2eda52b8697d05ad3447
2016-04-14Add GlanceRegistry to the endpoint mapDan Prince1-0/+1
This patch adds GlanceRegistry to the endpoint map. This will make accessing Glance registry setings via the endpoint map possible. Change-Id: I9186e56cd4746a60e65dc5ac12e6595ac56505f0
2016-04-11Deploy Gnocchi as a Ceilometer metrics storage backendPradeep Kilambi1-0/+3
* Deploy Gnocchi API. * Storage backends: swift, rbd and file. * Indexer backend default to mysql * Configure Ceilometer to send metrics datas to Gnocchi * Pacemaker config Depends-On: Ic8778a3104e0ed0460423e4bf857682220dc5802 Depends-On: I7d2eb9405e0171fc54fa0b616122f69db5f51ce2 Co-Authored-By: Pradeep Kilambi <pkilambi@redhat.com> Change-Id: Ifde17b1ab8fa2b30544633e455e1c7eb475705aa
2016-04-11Don't have separate protocols/ports for Keystone v3Zane Bitter1-3/+0
The change in ab068a824ed51e78bf111387223e58e885ec5c84 is described as temporary, so it would be better if it did not affect the EndpointMap parameter (which is effectively a public interface, since it may be overridden in an environment file). No configuration should end up with different ports/protocols/hosts for Keystone v2 and v3, and somebody customising them should not have to account for them separately. Nor should things break when the need to distinguish between v2 and v3 endpoints goes away. This change removes the KeystoneV3* keys from the EndpointMap input and uses the Keystone* keys instead, so that any change to the internal organisation becomes transparent to the user. Change-Id: If4cdd9232f4dbc9f2af651bbdfe68f09dc26ed2e
2016-03-24Merge "Deploy Aodh services, replacing Ceilometer Alarm"Jenkins1-0/+3
2016-03-20Deploy Aodh services, replacing Ceilometer AlarmPradeep Kilambi1-0/+3
Ceilometer Alarm is deprecated in Liberty by Aodh. This patch: * manage Aodh Keystone resources * deploy Aodh API under WSGI, Notifier, Listener and Evaluator * manage new parameters to customize Aodh deployment * uses ceilometer DB for the upgrade path * pacemaker config * Add migration logic to remove pcs resources Depends-On: I5333faa72e52d2aa2a622ac2d4b60825aadc52b5 Depends-On: Ib6c9c4c35da3fb55e0ca8e2d5a58ebaf4204d792 Co-Authored-By: Emilien Macchi <emilien@redhat.com> Change-Id: Ib47a22884afb032ebc1655e1a4a06bfe70249134
2016-03-18Remove GlanceRegistry from EndpointMapGiulio Fidente1-3/+0
We don't need an endpoint for the glance-registry service, that is used by glance-api when needed and is not meant to be user-facing. Change-Id: Ia6c9dd6164d3b91adbc937d70fa74d5fbbfb28a3
2016-03-08Update enable-tls.yaml with new endpointsBen Nemec1-0/+6
A couple of new endpoints have been added, and if they're not in the configured value for EndpointMap it will cause problems. Sahara is not added as ssl-enabled because I don't believe it has been added to the loadbalancer yet. Note that there is work underway to CI overcloud SSL, which should catch problems like this in the future. Change-Id: Ia8a106fd94da7be8675ea84f5fbb9ac959771d10
2016-03-04Revert "Deploy Aodh services, replacing Ceilometer Alarm"James Slagle1-3/+0
This just a revert to see if reverting this gets back to a normal CI run time. This reverts commit f72aed85594f223b6f888e6d0af3c880ea581a66. Change-Id: I04a0893f6cf69f547a4db26261005e580e1fc90b
2016-03-03Deploy Aodh services, replacing Ceilometer AlarmEmilien Macchi1-0/+3
Ceilometer Alarm is deprecated in Liberty by Aodh. This patch: * manage Aodh Keystone resources * deploy Aodh API under WSGI, Notifier, Listener and Evaluator * manage new parameters to customize Aodh deployment * uses ceilometer DB for the upgrade path * pacemaker config Depends-On: I9e34485285829884d9c954b804e3bdd5d6e31635 Depends-On: I891985da9248a88c6ce2df1dd186881f582605ee Depends-On: Ied8ba5985f43a5c5b3be5b35a091aef6ed86572f Co-Authored-By: Pradeep Kilambi <pkilambi@redhat.com> Change-Id: I58d419173e80d2462accf7324c987c71420fd5f6
2016-01-15Allow vncproxy to work with ssl enabledBen Nemec1-0/+3
Right now our vncproxy settings are hard-coded to http and the non-ssl port. This change adds a vncproxy entry to the endpoint map and uses those values to configure the proxy correctly on compute nodes. This is sufficient to get it working in my environment with ssl enabled. Change-Id: I9d69b088eef4700959b33c7e0eb44932949d7b71
2015-12-08Enable TLS in loadbalancer if cert path is detectedJuan Antonio Osorio Robles1-0/+32
If there is a value for the certificate path (which should only happen if the environment for enabling TLS is used) then the loadbalancer will detect it and configure it's front ends correctly. On the other hand a proper override for the example environment was given, since this will be needed because we want to pass the hosts and protocols correctly so the tripleoclient will catch it and pass it to os-cloud-config Change-Id: Ifba51495f0c99398291cfd29d10c04ec33b8fc34 Depends-On: Ie2428093b270ab8bc19fcb2130bb16a41ca0ce09
2015-11-23Inject TLS certificate and keys for the OvercloudJuan Antonio Osorio Robles1-0/+9
This is a first implementation of adding TLS termination to the load balancer in the controllers. The implementation was made so that the appropriate certificate/private key in PEM format is copied to the appropriate controller(s) via a software deployment resource. And the path is then referenced on the HAProxy configuration, but this part was left commented out because we need to be able to configure the keystone endpoints in order for this to work properly. Change-Id: I0ba8e38d75a0c628d8132a66dc25a30fc5183c79