Merge "Bind mount directories that contain the key/certs for keystone"

This commit is contained in:
Jenkins 2017-04-12 14:18:57 +00:00 committed by Gerrit Code Review
commit 4df0fcdffb
2 changed files with 45 additions and 0 deletions

View File

@ -36,6 +36,9 @@ parameters:
default: 'fernet' default: 'fernet'
constraints: constraints:
- allowed_values: ['uuid', 'fernet'] - allowed_values: ['uuid', 'fernet']
EnableInternalTLS:
type: boolean
default: false
resources: resources:
@ -46,6 +49,10 @@ resources:
ServiceNetMap: {get_param: ServiceNetMap} ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords} DefaultPasswords: {get_param: DefaultPasswords}
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
outputs: outputs:
role_data: role_data:
description: Role data for the Keystone API role. description: Role data for the Keystone API role.
@ -96,6 +103,16 @@ outputs:
- /etc/hosts:/etc/hosts:ro - /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
- logs:/var/log - logs:/var/log
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment: environment:
- KOLLA_BOOTSTRAP=True - KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS

View File

@ -0,0 +1,28 @@
# This environment contains the services that can work with TLS-everywhere.
resource_registry:
# This can be used when you don't want to run puppet on the host,
# e.g atomic, but it has been replaced with OS::TripleO::Services::Docker
# OS::TripleO::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
OS::TripleO::Services::Docker: ../puppet/services/docker.yaml
# The compute node still needs extra initialization steps
OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
# NOTE: add roles to be docker enabled as we support them.
OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
OS::TripleO::PostDeploySteps: ../docker/post.yaml
OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml
OS::TripleO::Services: ../docker/services/services.yaml
parameter_defaults:
# Defaults to 'tripleoupstream'. Specify a local docker registry
# Example: 192.168.24.1:8787/tripleoupstream
DockerNamespace: tripleoupstream
DockerNamespaceIsRegistry: false
ComputeServices:
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::ComputeNeutronOvsAgent
- OS::TripleO::Services::Docker