Merge "Convert enable-internal-tls.yaml to be generated" into stable/pike

2017-09-02 08:53:30 +00:00 · 2017-09-02 08:53:30 +00:00 · 79bd4a5c57
parent 878d236f7b ca4b08bb6d
commit 79bd4a5c57
4 changed files with 75 additions and 1 deletions
--- a/environments/enable-internal-tls.yaml
+++ b/environments/enable-internal-tls.yaml
@ -1,3 +1,7 @@
+# ********************************************************************************
+# DEPRECATED: Use tripleo-heat-templates/environments/ssl/enable-internal-tls.yaml
+# instead.
+# ********************************************************************************
 # A Heat environment file which can be used to enable a
 # a TLS for in the internal network via certmonger
 parameter_defaults:
--- a/environments/ssl/enable-internal-tls.yaml
+++ b/environments/ssl/enable-internal-tls.yaml
@ -0,0 +1,36 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Enable SSL on OpenStack Internal Endpoints
+# description: |
+#   A Heat environment file which can be used to enable TLS for the internal
+#   network via certmonger
+parameter_defaults:
+  # ******************************************************
+  # Static parameters - these are values that must be
+  # included in the environment but should not be changed.
+  # ******************************************************
+  # 
+  # Type: boolean
+  EnableInternalTLS: True
+
+  # Rabbit client subscriber parameter to specify an SSL connection to the RabbitMQ host.
+  # Type: string
+  RabbitClientUseSSL: True
+
+  # Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API.
+  # Type: json
+  ServerMetadata:
+    ipa_enroll: True
+
+  # *********************
+  # End static parameters
+  # *********************
+resource_registry:
+  OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml
+  OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml
+  OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml
+  OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml
--- a/sample-env-generator/ssl.yaml
+++ b/sample-env-generator/ssl.yaml
@ -22,6 +22,40 @@ environments:
            The contents of the private key go here
    resource_registry:
      OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
+  -
+    name: ssl/enable-internal-tls
+    title: Enable SSL on OpenStack Internal Endpoints
+    description: |
+      A Heat environment file which can be used to enable TLS for the internal
+      network via certmonger
+    files:
+      puppet/all-nodes-config.yaml:
+        parameters:
+          - EnableInternalTLS
+      puppet/services/nova-base.yaml:
+        parameters:
+          - RabbitClientUseSSL
+      overcloud.yaml:
+        parameters:
+          - ServerMetadata
+    static:
+      - EnableInternalTLS
+      - RabbitClientUseSSL
+      - ServerMetadata
+    sample_values:
+      EnableInternalTLS: True
+      RabbitClientUseSSL: True
+      ServerMetadata: |-2
+
+            ipa_enroll: True
+    resource_registry:
+      OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml
+      OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml
+      # We use apache as a TLS proxy
+      OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml
+      # Creates nova metadata that will create the extra service principals per
+      # node.
+      OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml
  - name: ssl/inject-trust-anchor
    title: Inject SSL Trust Anchor on Overcloud Nodes
    description: |
--- a/tripleo_heat_templates/environment_generator.py
+++ b/tripleo_heat_templates/environment_generator.py
@ -159,7 +159,7 @@ def _generate_environment(input_env, parent_env=None):
        for line in env_desc.splitlines():
            env_file.write(u'#   %s\n' % line)

-        if parameter_defaults:
+        if parameter_defaults or static_defaults:
            env_file.write(u'parameter_defaults:\n')
        for name, value in sorted(parameter_defaults.items()):
            write_sample_entry(env_file, name, value)