tripleo-common/tripleo_common/constants.py
Juan Antonio Osorio Robles 6fa7a0974a TLS by default for the overcloud
This gets a TLS certificate for the overcloud when necessary:

* If no incoming cert/key is provided and we don't expect the
  overcloud's certmonger instances to request the certificates,
  we request one to the undercloud's certmonger local CA.

* If a certificate was provided, we verify if it's user-provided
  or if it was autogenerated.

  - If it was user-provided we pass through that certificate

  - If it was autogenerated, we request or resubmit the request
    if it's needed.

* We also accept the EnableTLS flag, which the deployer can
  explicitly turn off if they decide not to use TLS.

Depends-On: Ic70dd323b33596eaa3fc18bdc69a7c011ccd7fa1
Change-Id: I3d3cad0eb1396e7bee146794b29badad302efdf3
2018-05-08 10:45:29 +00:00

181 lines
5.5 KiB
Python

# Copyright 2015 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#: The names of the root template in a standard tripleo-heat-template layout.
OVERCLOUD_YAML_NAME = "overcloud.yaml"
#: The name of the overcloud root template in jinja2 format.
OVERCLOUD_J2_NAME = "overcloud.j2.yaml"
#: The name of custom roles data file used when rendering the jinja template.
OVERCLOUD_J2_ROLES_NAME = "roles_data.yaml"
#: The name of custom roles network data file used when rendering j2 templates.
OVERCLOUD_J2_NETWORKS_NAME = "network_data.yaml"
#: The name of custom roles excl file used when rendering the jinja template.
OVERCLOUD_J2_EXCLUDES = "j2_excludes.yaml"
#: The name of the type for resource groups.
RESOURCE_GROUP_TYPE = 'OS::Heat::ResourceGroup'
#: The resource name used for package updates
UPDATE_RESOURCE_NAME = 'UpdateDeployment'
#: The default timeout to pass to Heat stacks
STACK_TIMEOUT_DEFAULT = 240
#: The default name to use for a plan container
DEFAULT_CONTAINER_NAME = 'overcloud'
#: The default name to use for the config files of the container
CONFIG_CONTAINER_NAME = 'overcloud-config'
#: The default key to use for updating parameters in plan environment.
DEFAULT_PLAN_ENV_KEY = 'parameter_defaults'
#: The path to the tripleo heat templates installed on the undercloud
DEFAULT_TEMPLATES_PATH = '/usr/share/openstack-tripleo-heat-templates/'
# The path to the tripleo validations installed on the undercloud
DEFAULT_VALIDATIONS_PATH = \
'/usr/share/openstack-tripleo-validations/validations/'
# The path to the local CA certificate installed on the undercloud
LOCAL_CACERT_PATH = '/etc/pki/ca-trust/source/anchors/cm-local-ca.pem'
# The path to the locally generated overcloud certificate and key
OVERCLOUD_CERT_PATH = '/etc/pki/tls/certs/overcloud-{container}-cert.pem'
OVERCLOUD_KEY_PATH = '/etc/pki/tls/private/overcloud-{container}-key.pem'
# TRIPLEO_META_USAGE_KEY is inserted into metadata for containers created in
# Swift via SwiftPlanStorageBackend to identify them from other containers
TRIPLEO_META_USAGE_KEY = 'x-container-meta-usage-tripleo'
#: List of names of parameters that contain passwords
PASSWORD_PARAMETER_NAMES = (
'AdminPassword',
'AdminToken',
'AodhPassword',
'BarbicanPassword',
'BarbicanSimpleCryptoKek',
'CeilometerMeteringSecret',
'CeilometerPassword',
'CephAdminKey',
'CephClientKey',
'CephClusterFSID',
'CephMdsKey',
'CephManilaClientKey',
'CephMonKey',
'CephRgwKey',
'CinderPassword',
'CongressPassword',
'DesignatePassword',
'Ec2ApiPassword',
'EtcdInitialClusterToken',
'GlancePassword',
'GnocchiPassword',
'HAProxyStatsPassword',
'HeatAuthEncryptionKey',
'HeatPassword',
'HeatStackDomainAdminPassword',
'HorizonSecret',
'IronicPassword',
'LibvirtTLSPassword',
'KeystoneCredential0',
'KeystoneCredential1',
'KeystoneFernetKey0',
'KeystoneFernetKey1',
'KeystoneFernetKeys',
'ManilaPassword',
'MistralPassword',
'MysqlClustercheckPassword',
'MysqlRootPassword',
'NeutronMetadataProxySharedSecret',
'NeutronPassword',
'NovaPassword',
'NovajoinPassword',
'MigrationSshKey',
'OctaviaCaKeyPassphrase',
'OctaviaHeartbeatKey',
'OctaviaPassword',
'PacemakerRemoteAuthkey',
'PankoPassword',
'PcsdPassword',
'RpcPassword',
'NotifyPassword',
'RabbitCookie',
'RabbitPassword',
'RedisPassword',
'SaharaPassword',
'SnmpdReadonlyUserPassword',
'SwiftHashSuffix',
'SwiftPassword',
'TackerPassword',
'TrovePassword',
'ZaqarPassword',
)
# List of legacy resource names from overcloud.yaml
LEGACY_HEAT_PASSWORD_RESOURCE_NAMES = (
'HeatAuthEncryptionKey',
'HorizonSecret',
'MysqlRootPassword',
'PcsdPassword',
'RabbitCookie',
)
PLAN_NAME_PATTERN = '^[a-zA-Z0-9-]+$'
# The default version of the Image API to set in overcloudrc.
DEFAULT_IMAGE_API_VERSION = '2'
# The default version of the Volume API to set in overcloudrc.
DEFAULT_VOLUME_API_VERSION = '3'
# The name of the file which holds the Mistral environment contents for plan
# import/export
PLAN_ENVIRONMENT = 'plan-environment.yaml'
# Name of the environment with merged parameters from CLI
USER_ENVIRONMENT = 'user-environment.yaml'
# The name of the file which holds container image default parameters
CONTAINER_DEFAULTS_ENVIRONMENT = ('environments/'
'containers-default-parameters.yaml')
DEFAULT_DEPLOY_KERNEL_NAME = 'bm-deploy-kernel'
DEFAULT_DEPLOY_RAMDISK_NAME = 'bm-deploy-ramdisk'
# The name for the swift container to host the cache for tripleo
TRIPLEO_CACHE_CONTAINER = "__cache__"
TRIPLEO_UI_LOG_FILE_SIZE = 1e7 # 10MB
TRIPLEO_UI_LOG_FILENAME = 'tripleo-ui.logs'
API_NETWORK = 'InternalApi'
LEGACY_API_NETWORK = 'Internal'
# Default nested depth when recursing Heat stacks
NESTED_DEPTH = 7
# Resource name for deployment resources when using config download
TRIPLEO_DEPLOYMENT_RESOURCE = 'TripleODeployment'
HOST_NETWORK = 'ctlplane'
EXTERNAL_TASKS = ['external_deploy_tasks']