environments:
  -
    name: ssl/enable-tls
    title: Enable SSL on OpenStack Public Endpoints
    description: |
      Use this environment to pass in certificates for SSL deployments.
      For these values to take effect, one of the tls-endpoints-*.yaml environments
      must also be used.
    files:
      puppet/extraconfig/tls/tls-cert-inject.yaml:
        parameters: all
    static:
      # This should probably be private, but for testing static params I'm
      # setting it as such for now.
      - DeployedSSLCertificatePath
    sample_values:
      SSLCertificate: |-
        |
            The contents of your certificate go here
      SSLKey: |-
        |
            The contents of the private key go here
    resource_registry:
      OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
  - name: ssl/inject-trust-anchor
    title: Inject SSL Trust Anchor on Overcloud Nodes
    description: |
      When using an SSL certificate signed by a CA that is not in the default
      list of CAs, this environment allows adding a custom CA certificate to
      the overcloud nodes.
    files:
      puppet/extraconfig/tls/ca-inject.yaml:
        parameters:
          - SSLRootCertificate
    sample_values:
      SSLRootCertificate: |-
        |
            The contents of your certificate go here
    resource_registry:
      OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml
    children:
      - name: ssl/inject-trust-anchor-hiera
        files:
          puppet/services/ca-certs.yaml:
            parameters:
              - CAMap
        # Need to clear this so we don't inherit the parent registry
        resource_registry: {}
        sample_values:
          CAMap:  |-2

                first-ca-name:
                  content: |
                    The content of the CA cert goes here
                second-ca-name:
                  content: |
                    The content of the CA cert goes here
  -
    name: ssl/tls-endpoints-public-ip
    title: Deploy Public SSL Endpoints as IP Addresses
    description: |
      Use this environment when deploying an SSL-enabled overcloud where the public
      endpoint is an IP address.
    files:
      network/endpoints/endpoint_map.yaml:
        parameters:
          - EndpointMap
    sample_values:
      # NOTE(bnemec): This is a bit odd, but it's the only way I've found that
      # works.  The |-2 tells YAML to strip two spaces off the indentation of
      # the value, which because it's indented six spaces gets us to the four
      # that we actually want.  Note that zero is not a valid value here, so
      # two seemed like the most sane option.
      EndpointMap: |-2

            AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
            AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
            AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
            BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
            BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
            BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'}
            CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
            CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
            CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'}
            CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
            CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
            CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
            CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
            CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
            CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
            CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
            CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
            CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'}
            ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
            ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
            ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
            ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
            host: 'IP_ADDRESS'}
            ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
            host: 'IP_ADDRESS'}
            ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
            host: 'IP_ADDRESS'}
            ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
            host: 'IP_ADDRESS'}
            ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
            host: 'IP_ADDRESS'}
            ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
            host: 'IP_ADDRESS'}
            ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
            ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
            ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
            ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
            ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
            ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
            ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
            ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
            ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
            ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
            ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
            ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
            ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
            ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
            ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
            ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
            ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
            ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
            Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
            Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
            Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'}
            GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
            GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
            GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
            GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
            GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
            GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'}
            HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
            HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
            HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'}
            HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
            HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
            HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'}
            HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
            IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
            IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
            IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
            IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
            IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
            IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'}
            KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
            KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
            KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
            ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
            ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
            ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'}
            MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
            MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
            MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
            MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
            NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
            NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
            NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'}
            NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
            NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
            NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
            NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
            NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
            NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'}
            NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
            NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
            NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
            OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
            OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
            OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'}
            PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
            PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
            PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'}
            SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
            SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
            SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'}
            SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
            SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
            SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
            TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
            TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
            TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
            ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
            ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
            ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'}
            ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
            ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
            ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'}
  -
    name: ssl/tls-endpoints-public-dns
    title: Deploy Public SSL Endpoints as DNS Names
    description: |
      Use this environment when deploying an SSL-enabled overcloud where the public
      endpoint is a DNS name.
    files:
      network/endpoints/endpoint_map.yaml:
        parameters:
          - EndpointMap
    sample_values:
      # NOTE(bnemec): This is a bit odd, but it's the only way I've found that
      # works.  The |-2 tells YAML to strip two spaces off the indentation of
      # the value, which because it's indented six spaces gets us to the four
      # that we actually want.  Note that zero is not a valid value here, so
      # two seemed like the most sane option.
      EndpointMap: |-2

            AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
            AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
            AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
            BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
            BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
            BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
            CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
            CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
            CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
            CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
            CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
            CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
            CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
            CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
            CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
            CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
            CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
            CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
            ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
            ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
            ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
            ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
            host: 'IP_ADDRESS'}
            ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
            host: 'IP_ADDRESS'}
            ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
            host: 'IP_ADDRESS'}
            ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
            host: 'IP_ADDRESS'}
            ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
            host: 'IP_ADDRESS'}
            ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
            host: 'IP_ADDRESS'}
            ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
            ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
            ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
            ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
            ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
            ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
            ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
            ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
            ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
            ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
            ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
            ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
            ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
            ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
            ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
            ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
            ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
            ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
            Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
            Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
            Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
            GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
            GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
            GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
            GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
            GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
            GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
            HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
            HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
            HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
            HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
            HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
            HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
            HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
            IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
            IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
            IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
            IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
            IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
            IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
            KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
            KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
            KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
            ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
            ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
            ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
            MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
            MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
            MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
            MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
            NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
            NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
            NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
            NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
            NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
            NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
            NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
            NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
            NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
            NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
            NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
            NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
            OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
            OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
            OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
            PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
            PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
            PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
            SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
            SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
            SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
            SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
            SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
            SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
            TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
            TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
            TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
            ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
            ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
            ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
            ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
            ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
            ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
  -
    name: ssl/tls-everywhere-endpoints-dns
    title: Deploy All SSL Endpoints as DNS Names
    description: |
      Use this environment when deploying an overcloud where all the endpoints are
      DNS names and there's TLS in all endpoint types.
    files:
      network/endpoints/endpoint_map.yaml:
        parameters:
          - EndpointMap
    sample_values:
      # NOTE(bnemec): This is a bit odd, but it's the only way I've found that
      # works.  The |-2 tells YAML to strip two spaces off the indentation of
      # the value, which because it's indented six spaces gets us to the four
      # that we actually want.  Note that zero is not a valid value here, so
      # two seemed like the most sane option.
      EndpointMap: |-2

            AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
            AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
            AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
            BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
            BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
            BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
            CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
            CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
            CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
            CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
            CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
            CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
            CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
            CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
            CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
            CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
            CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
            CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
            ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
            ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
            ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
            ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
            host: 'IP_ADDRESS'}
            ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
            host: 'IP_ADDRESS'}
            ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
            host: 'IP_ADDRESS'}
            ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
            host: 'IP_ADDRESS'}
            ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
            host: 'IP_ADDRESS'}
            ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
            host: 'IP_ADDRESS'}
            ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
            ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
            ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
            ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
            ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
            ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
            ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
            ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
            ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
            ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
            ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
            ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
            ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
            ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
            ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
            ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
            ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
            ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
            Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
            Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
            Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
            GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
            GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
            GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
            GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
            GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
            GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
            HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
            HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
            HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
            HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
            HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
            HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
            HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
            IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
            IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
            IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
            IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
            IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
            IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
            KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'}
            KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'}
            KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
            ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
            ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
            ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
            MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
            MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
            MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
            MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'}
            NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
            NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
            NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
            NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
            NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
            NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
            NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
            NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
            NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
            NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
            NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
            NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
            OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
            OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
            OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
            PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
            PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
            PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
            SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
            SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
            SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
            SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
            SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
            SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
            TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
            TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
            TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
            ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
            ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
            ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
            ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
            ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
            ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}