Browse Source

Add tls roles for undercloud

Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Ian Main <imain@redhat.com>

Change-Id: Icca382db28e4ea57f3cbf24e9e794b428b824db5
changes/79/517079/15
Pradeep Kilambi 4 years ago
committed by Emilien Macchi
parent
commit
7a5d5a8e1b
  1. 7
      environments/public-tls-undercloud.yaml
  2. 2
      environments/services-docker/undercloud-haproxy.yaml
  3. 2
      environments/services-docker/undercloud-keepalived.yaml
  4. 2
      environments/services/undercloud-haproxy.yaml
  5. 2
      environments/services/undercloud-keepalived.yaml
  6. 6
      network/ports/port_from_pool.j2
  7. 6
      overcloud-resource-registry-puppet.j2.yaml
  8. 4
      roles/Undercloud.yaml
  9. 4
      roles_data_undercloud.yaml

7
environments/public-tls-undercloud.yaml

@ -0,0 +1,7 @@
parameter_defaults:
InternalTLSCAFile: '/etc/pki/ca-trust/source/anchors/cm-local-ca.pem'
PublicSSLCertificateAutogenerated: true
resource_registry:
OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml
OS::TripleO::Services::HAProxyPublicTLS: ../puppet/services/haproxy-public-tls-certmonger.yaml

2
environments/services-docker/undercloud-haproxy.yaml

@ -0,0 +1,2 @@
resource_registry:
OS::TripleO::Services::UndercloudHAProxy: ../../docker/services/haproxy.yaml

2
environments/services-docker/undercloud-keepalived.yaml

@ -0,0 +1,2 @@
resource_registry:
OS::TripleO::Services::UndercloudKeepalived: ../../docker/services/keepalived.yaml

2
environments/services/undercloud-haproxy.yaml

@ -0,0 +1,2 @@
resource_registry:
OS::TripleO::Services::UndercloudHAProxy: ../../puppet/services/haproxy.yaml

2
environments/services/undercloud-keepalived.yaml

@ -0,0 +1,2 @@
resource_registry:
OS::TripleO::Services::UndercloudKeepalived: ../../puppet/services/keepalived.yaml

6
network/ports/port_from_pool.j2

@ -18,6 +18,12 @@ parameters:
description: Name of the port
default: ''
type: string
FixedIPs:
description: >
Control the IP allocation for the VIP port. E.g.
[{'ip_address':'1.2.3.4'}]
default: []
type: json
ControlPlaneIP: # Here for compatibility with noop.yaml
description: IP address on the control plane
default: ''

6
overcloud-resource-registry-puppet.j2.yaml

@ -241,8 +241,14 @@ resource_registry:
OS::TripleO::Services::UndercloudGnocchiApi: OS::Heat::None
OS::TripleO::Services::UndercloudGnocchiMetricd: OS::Heat::None
OS::TripleO::Services::UndercloudGnocchiStatsd: OS::Heat::None
# Redis
OS::TripleO::Services::UndercloudRedis: OS::Heat::None
# Undercloud HA services
OS::TripleO::Services::UndercloudHAProxy: OS::Heat::None
OS::TripleO::Services::UndercloudKeepalived: OS::Heat::None
# Services that are disabled by default (use relevant environment files):
OS::TripleO::Services::Fluentd: OS::Heat::None
OS::TripleO::Services::Ipsec: OS::Heat::None

4
roles/Undercloud.yaml

@ -13,6 +13,8 @@
ServicesDefault:
- OS::TripleO::Services::Aide
- OS::TripleO::Services::Apache
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::Docker
- OS::TripleO::Services::DockerRegistry
- OS::TripleO::Services::GlanceApi
@ -67,4 +69,6 @@
- OS::TripleO::Services::UndercloudCinderScheduler
- OS::TripleO::Services::UndercloudCinderVolume
- OS::TripleO::Services::UndercloudRedis
- OS::TripleO::Services::UndercloudHAProxy
- OS::TripleO::Services::UndercloudKeepalived
- OS::TripleO::Services::Zaqar

4
roles_data_undercloud.yaml

@ -16,6 +16,8 @@
ServicesDefault:
- OS::TripleO::Services::Aide
- OS::TripleO::Services::Apache
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::Docker
- OS::TripleO::Services::DockerRegistry
- OS::TripleO::Services::GlanceApi
@ -70,5 +72,7 @@
- OS::TripleO::Services::UndercloudCinderScheduler
- OS::TripleO::Services::UndercloudCinderVolume
- OS::TripleO::Services::UndercloudRedis
- OS::TripleO::Services::UndercloudHAProxy
- OS::TripleO::Services::UndercloudKeepalived
- OS::TripleO::Services::Zaqar
Loading…
Cancel
Save