Merge "Bind mount internal CA file to all containers"
This commit is contained in:
commit
0354927a11
|
@ -3,19 +3,64 @@ heat_template_version: pike
|
||||||
description: >
|
description: >
|
||||||
Contains a static list of common things necessary for containers
|
Contains a static list of common things necessary for containers
|
||||||
|
|
||||||
|
parameters:
|
||||||
|
|
||||||
|
# Required parameters
|
||||||
|
EndpointMap:
|
||||||
|
default: {}
|
||||||
|
description: Mapping of service endpoint -> protocol. Typically set
|
||||||
|
via parameter_defaults in the resource registry.
|
||||||
|
type: json
|
||||||
|
ServiceNetMap:
|
||||||
|
default: {}
|
||||||
|
description: Mapping of service_name -> network name. Typically set
|
||||||
|
via parameter_defaults in the resource registry. This
|
||||||
|
mapping overrides those in ServiceNetMapDefaults.
|
||||||
|
type: json
|
||||||
|
DefaultPasswords:
|
||||||
|
default: {}
|
||||||
|
type: json
|
||||||
|
RoleName:
|
||||||
|
default: ''
|
||||||
|
description: Role name on which the service is applied
|
||||||
|
type: string
|
||||||
|
RoleParameters:
|
||||||
|
default: {}
|
||||||
|
description: Parameters specific to the role
|
||||||
|
type: json
|
||||||
|
|
||||||
|
|
||||||
|
EnableInternalTLS:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
InternalTLSCAFile:
|
||||||
|
default: '/etc/ipa/ca.crt'
|
||||||
|
type: string
|
||||||
|
description: Specifies the default CA cert to use if TLS is used for
|
||||||
|
services in the internal network.
|
||||||
|
|
||||||
|
conditions:
|
||||||
|
|
||||||
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
volumes:
|
volumes:
|
||||||
description: Common volumes for the containers.
|
description: Common volumes for the containers.
|
||||||
value:
|
value:
|
||||||
- /etc/hosts:/etc/hosts:ro
|
list_concat:
|
||||||
- /etc/localtime:/etc/localtime:ro
|
- - /etc/hosts:/etc/hosts:ro
|
||||||
# required for bootstrap_host_exec
|
- /etc/localtime:/etc/localtime:ro
|
||||||
- /etc/puppet:/etc/puppet:ro
|
# required for bootstrap_host_exec
|
||||||
# OpenSSL trusted CAs
|
- /etc/puppet:/etc/puppet:ro
|
||||||
- /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro
|
# OpenSSL trusted CAs
|
||||||
- /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro
|
- /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro
|
||||||
- /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro
|
- /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro
|
||||||
- /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro
|
- /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro
|
||||||
# Syslog socket
|
- /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro
|
||||||
- /dev/log:/dev/log
|
# Syslog socket
|
||||||
- /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
|
- /dev/log:/dev/log
|
||||||
|
- /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
|
||||||
|
- if:
|
||||||
|
- internal_tls_enabled
|
||||||
|
- - {get_param: InternalTLSCAFile}
|
||||||
|
- null
|
||||||
|
|
Loading…
Reference in New Issue