airship/treasuremap
Code Issues Proposed changes

Enable https for airship-seaworthy ingress endpoints

Browse Source 
Change-Id: I0e04e896e537facc4a992c9efc8d7f12c6c14352
This commit is contained in:
Kaspars Skels 2018-10-09 15:21:01 -05:00
parent 68a1cc973e
commit a292a70695
4 changed files with 181 additions and 460 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

632
site/airship-seaworthy/software/config/endpoints.yaml
View File

@ -26,79 +26,33 @@ metadata:
pattern: DOMAIN pattern: DOMAIN
- path: .ceph.ceph_object_store.host_fqdn_override.public.host - path: .ceph.ceph_object_store.host_fqdn_override.public.host
pattern: DOMAIN pattern: DOMAIN
- src:
# - src: schema: deckhand/Certificate/v1
# schema: deckhand/Certificate/v1 name: ingress-crt
# name: ingress-crt path: .
# path: . dest:
# dest: - path: .ucp.identity.host_fqdn_override.public.tls.crt
# path: .ceph.object_store.host_fqdn_override.public.tls.crt - path: .ucp.shipyard.host_fqdn_override.public.tls.crt
# - src: - path: .ceph.object_store.host_fqdn_override.public.tls.crt
# schema: deckhand/CertificateAuthority/v1 - path: .ceph.ceph_object_store.host_fqdn_override.public.tls.crt
# name: ingress-ca - src:
# path: . schema: deckhand/CertificateAuthority/v1
# dest: name: ingress-ca
# path: .ceph.object_store.host_fqdn_override.public.tls.ca path: .
# - src: dest:
# schema: deckhand/CertificateKey/v1 - path: .ucp.identity.host_fqdn_override.public.tls.ca
# name: ingress-key - path: .ucp.shipyard.host_fqdn_override.public.tls.ca
# path: . - path: .ceph.object_store.host_fqdn_override.public.tls.ca
# dest: - path: .ceph.ceph_object_store.host_fqdn_override.public.tls.ca
# path: .ceph.object_store.host_fqdn_override.public.tls.key - src:
# - src: schema: deckhand/CertificateKey/v1
# schema: deckhand/Certificate/v1 name: ingress-key
# name: ingress-crt path: .
# path: . dest:
# dest: - path: .ucp.identity.host_fqdn_override.public.tls.key
# path: .ceph.ceph_object_store.host_fqdn_override.public.tls.crt - path: .ucp.shipyard.host_fqdn_override.public.tls.key
# - src: - path: .ceph.object_store.host_fqdn_override.public.tls.key
# schema: deckhand/CertificateAuthority/v1 - path: .ceph.ceph_object_store.host_fqdn_override.public.tls.key
# name: ingress-ca
# path: .
# dest:
# path: .ceph.ceph_object_store.host_fqdn_override.public.tls.ca
# - src:
# schema: deckhand/CertificateKey/v1
# name: ingress-key
# path: .
# dest:
# path: .ceph.ceph_object_store.host_fqdn_override.public.tls.key
# - src:
# schema: deckhand/Certificate/v1
# name: ingress-crt
# path: .
# dest:
# path: .ucp.identity.host_fqdn_override.public.tls.crt
# - src:
# schema: deckhand/CertificateAuthority/v1
# name: ingress-ca
# path: .
# dest:
# path: .ucp.identity.host_fqdn_override.public.tls.ca
# - src:
# schema: deckhand/CertificateKey/v1
# name: ingress-key
# path: .
# dest:
# path: .ucp.identity.host_fqdn_override.public.tls.key
# - src:
# schema: deckhand/Certificate/v1
# name: ingress-crt
# path: .
# dest:
# path: .ucp.shipyard.host_fqdn_override.public.tls.crt
# - src:
# schema: deckhand/CertificateAuthority/v1
# name: ingress-ca
# path: .
# dest:
# path: .ucp.shipyard.host_fqdn_override.public.tls.ca
# - src:
# schema: deckhand/CertificateKey/v1
# name: ingress-key
# path: .
# dest:
# path: .ucp.shipyard.host_fqdn_override.public.tls.key
data: data:
ucp: ucp:
identity: identity:
@ -116,12 +70,11 @@ data:
path: path:
default: /v3 default: /v3
scheme: scheme:
default: http default: "https"
# public: https internal: "http"
port: port:
api: api:
default: 80 default: 443
# public: 443
internal: 5000 internal: 5000
armada: armada:
name: armada name: armada
@ -134,7 +87,7 @@ data:
path: path:
default: /api/v1.0 default: /api/v1.0
scheme: scheme:
default: http default: "http"
host_fqdn_override: host_fqdn_override:
default: null default: null
deckhand: deckhand:
@ -148,7 +101,7 @@ data:
path: path:
default: /api/v1.0 default: /api/v1.0
scheme: scheme:
default: http default: "http"
host_fqdn_override: host_fqdn_override:
default: null default: null
postgresql: postgresql:
@ -196,7 +149,7 @@ data:
path: path:
default: /v1 default: /v1
scheme: scheme:
default: http default: "http"
port: port:
api: api:
default: 9311 default: 9311
@ -231,7 +184,7 @@ data:
path: path:
default: /api/v1.0 default: /api/v1.0
scheme: scheme:
default: http default: "http"
host_fqdn_override: host_fqdn_override:
default: null default: null
maas_region_ui: maas_region_ui:
@ -259,7 +212,7 @@ data:
path: path:
default: /api/v1.0 default: /api/v1.0
scheme: scheme:
default: http default: "http"
host_fqdn_override: host_fqdn_override:
default: null default: null
shipyard: shipyard:
@ -270,12 +223,12 @@ data:
port: port:
api: api:
default: 9000 default: 9000
public: 80 public: 443
path: path:
default: /api/v1.0 default: /api/v1.0
scheme: scheme:
default: http default: "http"
# public: https public: "https"
host_fqdn_override: host_fqdn_override:
default: null default: null
public: public:
@ -291,7 +244,7 @@ data:
path: path:
default: / default: /
scheme: scheme:
default: http default: "http"
host_fqdn_override: host_fqdn_override:
default: null default: null
airflow_flower: airflow_flower:
@ -304,7 +257,7 @@ data:
path: path:
default: / default: /
scheme: scheme:
default: http default: "http"
host_fqdn_override: host_fqdn_override:
default: null default: null
ceph: ceph:
@ -321,12 +274,12 @@ data:
path: path:
default: /swift/v1 default: /swift/v1
scheme: scheme:
default: http default: "http"
# public: "https" public: "https"
port: port:
api: api:
default: 8088 default: 8088
# public: 443 public: 443
ceph_object_store: ceph_object_store:
name: radosgw name: radosgw
namespace: ceph namespace: ceph
@ -341,11 +294,11 @@ data:
default: /auth/v1.0 default: /auth/v1.0
scheme: scheme:
default: "http" default: "http"
# public: "https" public: "https"
port: port:
api: api:
default: 8088 default: 8088
# public: 443 public: 443
ceph_mon: ceph_mon:
namespace: ceph namespace: ceph
hosts: hosts:
@ -366,7 +319,7 @@ data:
mgr: mgr:
default: 7000 default: 7000
scheme: scheme:
default: http default: "http"
... ...
--- ---
schema: pegleg/EndpointCatalogue/v1 schema: pegleg/EndpointCatalogue/v1
@ -413,259 +366,63 @@ metadata:
pattern: DOMAIN pattern: DOMAIN
- path: .osh.volumev3.host_fqdn_override.public.host - path: .osh.volumev3.host_fqdn_override.public.host
pattern: DOMAIN pattern: DOMAIN
- src:
# - src: schema: deckhand/Certificate/v1
# schema: deckhand/Certificate/v1 name: ingress-crt
# name: ingress-crt path: .
# path: . dest:
# dest: - path: .osh.object_store.host_fqdn_override.public.tls.crt
# path: .osh.object_store.host_fqdn_override.public.tls.crt - path: .osh.ceph_object_store.host_fqdn_override.public.tls.crt
# - src: - path: .osh.identity.host_fqdn_override.public.tls.crt
# schema: deckhand/CertificateAuthority/v1 - path: .osh.orchestration.host_fqdn_override.public.tls.crt
# name: ingress-ca - path: .osh.cloudformation.host_fqdn_override.public.tls.crt
# path: . - path: .osh.dashboard.host_fqdn_override.public.tls.crt
# dest: - path: .osh.image.host_fqdn_override.public.tls.crt
# path: .osh.object_store.host_fqdn_override.public.tls.ca - path: .osh.volume.host_fqdn_override.public.tls.crt
# - src: - path: .osh.volumev2.host_fqdn_override.public.tls.crt
# schema: deckhand/CertificateKey/v1 - path: .osh.volumev3.host_fqdn_override.public.tls.crt
# name: ingress-key - path: .osh.compute.host_fqdn_override.public.tls.crt
# path: . - path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.crt
# dest: - path: .osh.placement.host_fqdn_override.public.tls.crt
# path: .osh.object_store.host_fqdn_override.public.tls.key - path: .osh.network.host_fqdn_override.public.tls.crt
# - src: - src:
# schema: deckhand/Certificate/v1 schema: deckhand/CertificateAuthority/v1
# name: ingress-crt name: ingress-ca
# path: . path: .
# dest: dest:
# path: .osh.ceph_object_store.host_fqdn_override.public.tls.crt - path: .osh.object_store.host_fqdn_override.public.tls.ca
# - src: - path: .osh.ceph_object_store.host_fqdn_override.public.tls.ca
# schema: deckhand/CertificateAuthority/v1 - path: .osh.identity.host_fqdn_override.public.tls.ca
# name: ingress-ca - path: .osh.orchestration.host_fqdn_override.public.tls.ca
# path: . - path: .osh.cloudformation.host_fqdn_override.public.tls.ca
# dest: - path: .osh.dashboard.host_fqdn_override.public.tls.ca
# path: .osh.ceph_object_store.host_fqdn_override.public.tls.ca - path: .osh.image.host_fqdn_override.public.tls.ca
# - src: - path: .osh.volume.host_fqdn_override.public.tls.ca
# schema: deckhand/CertificateKey/v1 - path: .osh.volumev2.host_fqdn_override.public.tls.ca
# name: ingress-key - path: .osh.volumev3.host_fqdn_override.public.tls.ca
# path: . - path: .osh.compute.host_fqdn_override.public.tls.ca
# dest: - path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.ca
# path: .osh.ceph_object_store.host_fqdn_override.public.tls.key - path: .osh.placement.host_fqdn_override.public.tls.ca
# - src: - path: .osh.network.host_fqdn_override.public.tls.ca
# schema: deckhand/Certificate/v1 - src:
# name: ingress-crt schema: deckhand/CertificateKey/v1
# path: . name: ingress-key
# dest: path: .
# path: .osh.identity.host_fqdn_override.public.tls.crt dest:
# - src: - path: .osh.object_store.host_fqdn_override.public.tls.key
# schema: deckhand/CertificateAuthority/v1 - path: .osh.ceph_object_store.host_fqdn_override.public.tls.key
# name: ingress-ca - path: .osh.identity.host_fqdn_override.public.tls.key
# path: . - path: .osh.orchestration.host_fqdn_override.public.tls.key
# dest: - path: .osh.cloudformation.host_fqdn_override.public.tls.key
# path: .osh.identity.host_fqdn_override.public.tls.ca - path: .osh.dashboard.host_fqdn_override.public.tls.key
# - src: - path: .osh.image.host_fqdn_override.public.tls.key
# schema: deckhand/CertificateKey/v1 - path: .osh.volume.host_fqdn_override.public.tls.key
# name: ingress-key - path: .osh.volumev2.host_fqdn_override.public.tls.key
# path: . - path: .osh.volumev3.host_fqdn_override.public.tls.key
# dest: - path: .osh.compute.host_fqdn_override.public.tls.key
# path: .osh.identity.host_fqdn_override.public.tls.key - path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.key
# - src: - path: .osh.placement.host_fqdn_override.public.tls.key
# schema: deckhand/Certificate/v1 - path: .osh.network.host_fqdn_override.public.tls.key
# name: ingress-crt
# path: .
# dest:
# path: .osh.orchestration.host_fqdn_override.public.tls.crt
# - src:
# schema: deckhand/CertificateAuthority/v1
# name: ingress-ca
# path: .
# dest:
# path: .osh.orchestration.host_fqdn_override.public.tls.ca
# - src:
# schema: deckhand/CertificateKey/v1
# name: ingress-key
# path: .
# dest:
# path: .osh.orchestration.host_fqdn_override.public.tls.key
# - src:
# schema: deckhand/Certificate/v1
# name: ingress-crt
# path: .
# dest:
# path: .osh.cloudformation.host_fqdn_override.public.tls.crt
# - src:
# schema: deckhand/CertificateAuthority/v1
# name: ingress-ca
# path: .
# dest:
# path: .osh.cloudformation.host_fqdn_override.public.tls.ca
# - src:
# schema: deckhand/CertificateKey/v1
# name: ingress-key
# path: .
# dest:
# path: .osh.cloudformation.host_fqdn_override.public.tls.key
# - src:
# schema: deckhand/Certificate/v1
# name: ingress-crt
# path: .
# dest:
# path: .osh.dashboard.host_fqdn_override.public.tls.crt
# - src:
# schema: deckhand/CertificateAuthority/v1
# name: ingress-ca
# path: .
# dest:
# path: .osh.dashboard.host_fqdn_override.public.tls.ca
# - src:
# schema: deckhand/CertificateKey/v1
# name: ingress-key
# path: .
# dest:
# path: .osh.dashboard.host_fqdn_override.public.tls.key
# - src:
# schema: deckhand/Certificate/v1
# name: ingress-crt
# path: .
# dest:
# path: .osh.image.host_fqdn_override.public.tls.crt
# - src:
# schema: deckhand/CertificateAuthority/v1
# name: ingress-ca
# path: .
# dest:
# path: .osh.image.host_fqdn_override.public.tls.ca
# - src:
# schema: deckhand/CertificateKey/v1
# name: ingress-key
# path: .
# dest:
# path: .osh.image.host_fqdn_override.public.tls.key
# - src:
# schema: deckhand/Certificate/v1
# name: ingress-crt
# path: .
# dest:
# path: .osh.volume.host_fqdn_override.public.tls.crt
# - src:
# schema: deckhand/CertificateAuthority/v1
# name: ingress-ca
# path: .
# dest:
# path: .osh.volume.host_fqdn_override.public.tls.ca
# - src:
# schema: deckhand/CertificateKey/v1
# name: ingress-key
# path: .
# dest:
# path: .osh.volume.host_fqdn_override.public.tls.key
# - src:
# schema: deckhand/Certificate/v1
# name: ingress-crt
# path: .
# dest:
# path: .osh.volumev2.host_fqdn_override.public.tls.crt
# - src:
# schema: deckhand/CertificateAuthority/v1
# name: ingress-ca
# path: .
# dest:
# path: .osh.volumev2.host_fqdn_override.public.tls.ca
# - src:
# schema: deckhand/CertificateKey/v1
# name: ingress-key
# path: .
# dest:
# path: .osh.volumev2.host_fqdn_override.public.tls.key
# - src:
# schema: deckhand/Certificate/v1
# name: ingress-crt
# path: .
# dest:
# path: .osh.volumev3.host_fqdn_override.public.tls.crt
# - src:
# schema: deckhand/CertificateAuthority/v1
# name: ingress-ca
# path: .
# dest:
# path: .osh.volumev3.host_fqdn_override.public.tls.ca
# - src:
# schema: deckhand/CertificateKey/v1
# name: ingress-key
# path: .
# dest:
# path: .osh.volumev3.host_fqdn_override.public.tls.key
# - src:
# schema: deckhand/Certificate/v1
# name: ingress-crt
# path: .
# dest:
# path: .osh.compute.host_fqdn_override.public.tls.crt
# - src:
# schema: deckhand/CertificateAuthority/v1
# name: ingress-ca
# path: .
# dest:
# path: .osh.compute.host_fqdn_override.public.tls.ca
# - src:
# schema: deckhand/CertificateKey/v1
# name: ingress-key
# path: .
# dest:
# path: .osh.compute.host_fqdn_override.public.tls.key
# - src:
# schema: deckhand/Certificate/v1
# name: ingress-crt
# path: .
# dest:
# path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.crt
# - src:
# schema: deckhand/CertificateAuthority/v1
# name: ingress-ca
# path: .
# dest:
# path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.ca
# - src:
# schema: deckhand/CertificateKey/v1
# name: ingress-key
# path: .
# dest:
# path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.key
# - src:
# schema: deckhand/Certificate/v1
# name: ingress-crt
# path: .
# dest:
# path: .osh.placement.host_fqdn_override.public.tls.crt
# - src:
# schema: deckhand/CertificateAuthority/v1
# name: ingress-ca
# path: .
# dest:
# path: .osh.placement.host_fqdn_override.public.tls.ca
# - src:
# schema: deckhand/CertificateKey/v1
# name: ingress-key
# path: .
# dest:
# path: .osh.placement.host_fqdn_override.public.tls.key
# - src:
# schema: deckhand/Certificate/v1
# name: ingress-crt
# path: .
# dest:
# path: .osh.network.host_fqdn_override.public.tls.crt
# - src:
# schema: deckhand/CertificateAuthority/v1
# name: ingress-ca
# path: .
# dest:
# path: .osh.network.host_fqdn_override.public.tls.ca
# - src:
# schema: deckhand/CertificateKey/v1
# name: ingress-key
# path: .
# dest:
# path: .osh.network.host_fqdn_override.public.tls.key
data: data:
osh: osh:
object_store: object_store:
@ -681,12 +438,12 @@ data:
path: path:
default: /swift/v1/KEY_$(tenant_id)s default: /swift/v1/KEY_$(tenant_id)s
scheme: scheme:
default: http default: "http"
# public: "https" public: "https"
port: port:
api: api:
default: 8088 default: 8088
# public: 443 public: 443
ceph_object_store: ceph_object_store:
name: radosgw name: radosgw
namespace: ceph namespace: ceph
@ -701,11 +458,11 @@ data:
default: /auth/v1.0 default: /auth/v1.0
scheme: scheme:
default: "http" default: "http"
# public: "https" public: "https"
port: port:
api: api:
default: 8088 default: 8088
# public: 443 public: 443
oslo_db: oslo_db:
hosts: hosts:
default: mariadb default: mariadb
@ -771,12 +528,11 @@ data:
path: path:
default: /v3 default: /v3
scheme: scheme:
default: "http" default: "https"
# public: "https" internal: "http"
port: port:
api: api:
default: 80 default: 443
# public: 443
internal: 5000 internal: 5000
glance_oslo_messaging: glance_oslo_messaging:
namespace: openstack namespace: openstack
@ -817,11 +573,11 @@ data:
default: null default: null
scheme: scheme:
default: "http" default: "http"
# public: "https" public: "https"
port: port:
api: api:
default: 9292 default: 9292
# public: 443 public: 443
image_registry: image_registry:
name: glance-registry name: glance-registry
hosts: hosts:
@ -876,11 +632,11 @@ data:
default: "/v1/%(tenant_id)s" default: "/v1/%(tenant_id)s"
scheme: scheme:
default: "http" default: "http"
# public: "https" public: "https"
port: port:
api: api:
default: 8776 default: 8776
# public: 443 public: 443
volumev2: volumev2:
name: cinderv2 name: cinderv2
hosts: hosts:
@ -894,11 +650,11 @@ data:
default: "/v2/%(tenant_id)s" default: "/v2/%(tenant_id)s"
scheme: scheme:
default: "http" default: "http"
# public: "https" public: "https"
port: port:
api: api:
default: 8776 default: 8776
# public: 443 public: 443
volumev3: volumev3:
name: cinderv3 name: cinderv3
hosts: hosts:
@ -912,11 +668,11 @@ data:
default: "/v3/%(tenant_id)s" default: "/v3/%(tenant_id)s"
scheme: scheme:
default: "http" default: "http"
# public: "https" public: "https"
port: port:
api: api:
default: 8776 default: 8776
# public: 443 public: 443
heat_oslo_messaging: heat_oslo_messaging:
namespace: openstack namespace: openstack
hosts: hosts:
@ -956,11 +712,11 @@ data:
default: "/v1/%(project_id)s" default: "/v1/%(project_id)s"
scheme: scheme:
default: "http" default: "http"
# public: "https" public: "https"
port: port:
api: api:
default: 8004 default: 8004
# public: 443 public: 443
cloudformation: cloudformation:
name: heat-cfn name: heat-cfn
hosts: hosts:
@ -974,11 +730,11 @@ data:
default: /v1 default: /v1
scheme: scheme:
default: "http" default: "http"
# public: "https" public: "https"
port: port:
api: api:
default: 8000 default: 8000
# public: 443 public: 443
cloudwatch: cloudwatch:
name: heat-cloudwatch name: heat-cloudwatch
hosts: hosts:
@ -1034,11 +790,11 @@ data:
default: null default: null
scheme: scheme:
default: "http" default: "http"
# public: "https" public: "https"
port: port:
api: api:
default: 9696 default: 9696
# public: 443 public: 443
nova_oslo_messaging: nova_oslo_messaging:
namespace: openstack namespace: openstack
hosts: hosts:
@ -1078,11 +834,11 @@ data:
default: "/v2/%(tenant_id)s" default: "/v2/%(tenant_id)s"
scheme: scheme:
default: "http" default: "http"
# public: "https" public: "https"
port: port:
api: api:
default: 8774 default: 8774
# public: 443 public: 443
novncproxy: novncproxy:
default: 443 default: 443
compute_metadata: compute_metadata:
@ -1113,11 +869,11 @@ data:
default: /vnc_auto.html default: /vnc_auto.html
scheme: scheme:
default: "http" default: "http"
# public: "https" public: "https"
port: port:
novnc_proxy: novnc_proxy:
default: 6080 default: 6080
# public: 443 public: 443
compute_spice_proxy: compute_spice_proxy:
name: nova name: nova
hosts: hosts:
@ -1144,11 +900,11 @@ data:
default: / default: /
scheme: scheme:
default: "http" default: "http"
# public: "https" public: "https"
port: port:
api: api:
default: 8778 default: 8778
# public: 443 public: 443
dashboard: dashboard:
name: horizon name: horizon
hosts: hosts:
@ -1162,11 +918,11 @@ data:
default: null default: null
scheme: scheme:
default: "http" default: "http"
# public: "https" public: "https"
port: port:
web: web:
default: 80 default: 80
# public: 443 public: 443
... ...
--- ---
schema: pegleg/EndpointCatalogue/v1 schema: pegleg/EndpointCatalogue/v1
@ -1189,76 +945,44 @@ metadata:
pattern: DOMAIN pattern: DOMAIN
- path: .osh_infra.nagios.host_fqdn_override.public.host - path: .osh_infra.nagios.host_fqdn_override.public.host
pattern: DOMAIN pattern: DOMAIN
- src:
# - src: schema: deckhand/Certificate/v1
# schema: deckhand/Certificate/v1 name: ingress-crt
# name: ingress-crt path: .
# path: . dest:
# dest: - path: .osh_infra.kibana.host_fqdn_override.public.tls.crt
# path: .osh_infra.kibana.host_fqdn_override.public.tls.crt - path: .osh_infra.grafana.host_fqdn_override.public.tls.crt
# - src: - path: .osh_infra.nagios.host_fqdn_override.public.tls.crt
# schema: deckhand/CertificateAuthority/v1 - src:
# name: ingress-ca schema: deckhand/CertificateAuthority/v1
# path: . name: ingress-ca
# dest: path: .
# path: .osh_infra.kibana.host_fqdn_override.public.tls.ca dest:
# - src: - path: .osh_infra.kibana.host_fqdn_override.public.tls.ca
# schema: deckhand/CertificateKey/v1 - path: .osh_infra.grafana.host_fqdn_override.public.tls.ca
# name: ingress-key - path: .osh_infra.nagios.host_fqdn_override.public.tls.ca
# path: . - src:
# dest: schema: deckhand/CertificateKey/v1
# path: .osh_infra.kibana.host_fqdn_override.public.tls.key name: ingress-key
# - src: path: .
# schema: deckhand/Certificate/v1 dest:
# name: ingress-crt - path: .osh_infra.kibana.host_fqdn_override.public.tls.key
# path: . - path: .osh_infra.grafana.host_fqdn_override.public.tls.key
# dest: - path: .osh_infra.nagios.host_fqdn_override.public.tls.key
# path: .osh_infra.grafana.host_fqdn_override.public.tls.crt - src:
# - src: schema: pegleg/CommonAddresses/v1
# schema: deckhand/CertificateAuthority/v1 name: common-addresses
# name: ingress-ca path: .ldap.base_url
# path: . dest:
# dest: path: .osh_infra.ldap.host_fqdn_override.public.host
# path: .osh_infra.grafana.host_fqdn_override.public.tls.ca pattern: DOMAIN
# - src: - src:
# schema: deckhand/CertificateKey/v1 schema: pegleg/CommonAddresses/v1
# name: ingress-key name: common-addresses
# path: . path: .ldap.auth_path
# dest: dest:
# path: .osh_infra.grafana.host_fqdn_override.public.tls.key path: .osh_infra.ldap.path.default
# - src: pattern: AUTH_PATH
# schema: deckhand/Certificate/v1
# name: ingress-crt
# path: .
# dest:
# path: .osh_infra.nagios.host_fqdn_override.public.tls.crt
# - src:
# schema: deckhand/CertificateAuthority/v1
# name: ingress-ca
# path: .
# dest:
# path: .osh_infra.nagios.host_fqdn_override.public.tls.ca
# - src:
# schema: deckhand/CertificateKey/v1
# name: ingress-key
# path: .
# dest:
# path: .osh_infra.nagios.host_fqdn_override.public.tls.key
# path: .osh_infra.nagios.host_fqdn_override.public.tls.key
# - src:
# schema: pegleg/CommonAddresses/v1
# name: common-addresses
# path: .ldap.base_url
# dest:
# path: .osh_infra.ldap.host_fqdn_override.public.host
# pattern: DOMAIN
# - src:
# schema: pegleg/CommonAddresses/v1
# name: common-addresses
# path: .ldap.auth_path
# dest:
# path: .osh_infra.ldap.path.default
# pattern: AUTH_PATH
data: data:
osh_infra: osh_infra:
elasticsearch: elasticsearch:
@ -1345,11 +1069,11 @@ data:
default: null default: null
scheme: scheme:
default: "http" default: "http"
# public: "https" public: "https"
port: port:
grafana: grafana:
default: 3000 default: 3000
# public: 443 public: 443
monitoring: monitoring:
name: prometheus name: prometheus
namespace: osh-infra namespace: osh-infra
@ -1380,11 +1104,11 @@ data:
default: null default: null
scheme: scheme:
default: "http" default: "http"
# public: "https" public: "https"
port: port:
kibana: kibana:
default: 5601 default: 5601
# public: 443 public: 443
alerts: alerts:
name: alertmanager name: alertmanager
namespace: osh-infra namespace: osh-infra
@ -1468,12 +1192,12 @@ data:
path: path:
default: null default: null
scheme: scheme:
default: http default: "http"
# public: https public: "https"
port: port:
http: http:
default: 80 default: 80
# public: 443 public: 443
ldap: ldap:
hosts: hosts:
default: ldap default: ldap

4
tools/gate/Jenkinsfile vendored
View File

@ -14,8 +14,8 @@ import groovy.json.JsonOutput
PEGLEG_IMAGE = 'quay.io/airshipit/pegleg:73fbf264ca99b1a80c9e29e21048451716b630e7' PEGLEG_IMAGE = 'quay.io/airshipit/pegleg:73fbf264ca99b1a80c9e29e21048451716b630e7'
KEYSTONE_URL = 'http://iam.atlantafoundry.com/v3/auth/tokens' KEYSTONE_URL = 'https://iam.atlantafoundry.com/v3/auth/tokens'
SHIPYARD_URL = 'http://shipyard.atlantafoundry.com/api/v1.0' SHIPYARD_URL = 'https://shipyard.atlantafoundry.com/api/v1.0'
SITE_NAME='airship-seaworthy' SITE_NAME='airship-seaworthy'
IPMI_CREDS = 'airship-seaworthy-ipmi' IPMI_CREDS = 'airship-seaworthy-ipmi'

2
tools/openstack
View File

@ -26,7 +26,7 @@ clouds:
project_name: 'admin' project_name: 'admin'
project_domain_name: 'default' project_domain_name: 'default'
user_domain_name: 'default' user_domain_name: 'default'
auth_url: 'http://identity.atlantafoundry.com/v3' auth_url: 'https://identity.atlantafoundry.com/v3'
EOF EOF
fi fi

3
tools/tests.sh
View File

@ -96,9 +96,6 @@ ssh -i ${OSH_VM_KEY_STACK} cirros@${FLOATING_IP} ping -q -c 1 -W 2 ${OSH_EXT_GAT
# Check the VM can reach the metadata server # Check the VM can reach the metadata server
ssh -i ${OSH_VM_KEY_STACK} cirros@${FLOATING_IP} curl --verbose --connect-timeout 5 169.254.169.254 ssh -i ${OSH_VM_KEY_STACK} cirros@${FLOATING_IP} curl --verbose --connect-timeout 5 169.254.169.254
# Check the VM can reach the keystone server
ssh -i ${OSH_VM_KEY_STACK} cirros@${FLOATING_IP} curl --verbose --connect-timeout 5 identity.atlantafoundry.com
# Check to see if cinder has been deployed, if it has then perform a volume attach. # Check to see if cinder has been deployed, if it has then perform a volume attach.
if tools/openstack service list -f value -c Type | grep -q "^volume"; then if tools/openstack service list -f value -c Type | grep -q "^volume"; then
INSTANCE_ID=$(tools/openstack stack output show \ INSTANCE_ID=$(tools/openstack stack output show \