containers: TLS in the internal network for telemetry services
This covers aodh, gnocchi and panko. cp tls-via-certmonger-containers Change-Id: I6dabb0d82755c28b8940c0baab0e23cfcc587c42
This commit is contained in:
parent
56c8f12077
commit
2fda963fc7
docker/services
environments
@ -26,6 +26,13 @@ parameters:
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
conditions:
|
||||
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
resources:
|
||||
|
||||
@ -104,9 +111,21 @@ outputs:
|
||||
- /var/lib/config-data/aodh/etc/httpd/:/etc/httpd/:ro
|
||||
- /var/lib/config-data/aodh/var/www/:/var/www/:ro
|
||||
- logs:/var/log
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
||||
- ''
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
||||
- ''
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
upgrade_tasks:
|
||||
- name: Stop and disable aodh service (running under httpd)
|
||||
tags: step2
|
||||
service: name=httpd state=stopped enabled=no
|
||||
metadata_settings:
|
||||
get_attr: [AodhApiPuppetBase, role_data, metadata_settings]
|
||||
|
@ -26,6 +26,13 @@ parameters:
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
conditions:
|
||||
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
resources:
|
||||
|
||||
@ -103,9 +110,21 @@ outputs:
|
||||
- /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
|
||||
- /var/lib/config-data/gnocchi/etc/httpd/:/etc/httpd/:ro
|
||||
- /var/lib/config-data/gnocchi/var/www/:/var/www/:ro
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
||||
- ''
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
||||
- ''
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
upgrade_tasks:
|
||||
- name: Stop and disable httpd service
|
||||
tags: step2
|
||||
service: name=httpd state=stopped enabled=no
|
||||
metadata_settings:
|
||||
get_attr: [GnocchiApiPuppetBase, role_data, metadata_settings]
|
||||
|
@ -26,6 +26,13 @@ parameters:
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
conditions:
|
||||
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
resources:
|
||||
|
||||
@ -104,5 +111,17 @@ outputs:
|
||||
- /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro
|
||||
- /var/lib/config-data/panko/etc/httpd/:/etc/httpd/:ro
|
||||
- /var/lib/config-data/panko/var/www/:/var/www/:ro
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
||||
- ''
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
||||
- ''
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
metadata_settings:
|
||||
get_attr: [PankoApiPuppetBase, role_data, metadata_settings]
|
||||
|
@ -9,6 +9,14 @@ resource_registry:
|
||||
|
||||
# NOTE: add roles to be docker enabled as we support them.
|
||||
OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
|
||||
OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml
|
||||
OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml
|
||||
OS::TripleO::Services::GnocchiStatsd: ../docker/services/gnocchi-statsd.yaml
|
||||
OS::TripleO::Services::AodhApi: ../docker/services/aodh-api.yaml
|
||||
OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml
|
||||
OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml
|
||||
OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml
|
||||
OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml
|
||||
|
||||
OS::TripleO::PostDeploySteps: ../docker/post.yaml
|
||||
OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml
|
||||
|
Loading…
x
Reference in New Issue
Block a user