From 7a5d5a8e1be7bde3b1b9abff021b7f436c31efc1 Mon Sep 17 00:00:00 2001 From: Pradeep Kilambi Date: Wed, 1 Nov 2017 14:34:27 -0400 Subject: [PATCH] Add tls roles for undercloud Co-Authored-By: Juan Antonio Osorio Robles Co-Authored-By: Dan Prince Co-Authored-By: Ian Main Change-Id: Icca382db28e4ea57f3cbf24e9e794b428b824db5 --- environments/public-tls-undercloud.yaml | 7 +++++++ environments/services-docker/undercloud-haproxy.yaml | 2 ++ environments/services-docker/undercloud-keepalived.yaml | 2 ++ environments/services/undercloud-haproxy.yaml | 2 ++ environments/services/undercloud-keepalived.yaml | 2 ++ network/ports/port_from_pool.j2 | 6 ++++++ overcloud-resource-registry-puppet.j2.yaml | 6 ++++++ roles/Undercloud.yaml | 4 ++++ roles_data_undercloud.yaml | 4 ++++ 9 files changed, 35 insertions(+) create mode 100644 environments/public-tls-undercloud.yaml create mode 100644 environments/services-docker/undercloud-haproxy.yaml create mode 100644 environments/services-docker/undercloud-keepalived.yaml create mode 100644 environments/services/undercloud-haproxy.yaml create mode 100644 environments/services/undercloud-keepalived.yaml diff --git a/environments/public-tls-undercloud.yaml b/environments/public-tls-undercloud.yaml new file mode 100644 index 0000000000..9542c53f1f --- /dev/null +++ b/environments/public-tls-undercloud.yaml @@ -0,0 +1,7 @@ +parameter_defaults: + InternalTLSCAFile: '/etc/pki/ca-trust/source/anchors/cm-local-ca.pem' + PublicSSLCertificateAutogenerated: true + +resource_registry: + OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml + OS::TripleO::Services::HAProxyPublicTLS: ../puppet/services/haproxy-public-tls-certmonger.yaml diff --git a/environments/services-docker/undercloud-haproxy.yaml b/environments/services-docker/undercloud-haproxy.yaml new file mode 100644 index 0000000000..0f8427d302 --- /dev/null +++ b/environments/services-docker/undercloud-haproxy.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::UndercloudHAProxy: ../../docker/services/haproxy.yaml diff --git a/environments/services-docker/undercloud-keepalived.yaml b/environments/services-docker/undercloud-keepalived.yaml new file mode 100644 index 0000000000..79af8e8db4 --- /dev/null +++ b/environments/services-docker/undercloud-keepalived.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::UndercloudKeepalived: ../../docker/services/keepalived.yaml diff --git a/environments/services/undercloud-haproxy.yaml b/environments/services/undercloud-haproxy.yaml new file mode 100644 index 0000000000..84d447a766 --- /dev/null +++ b/environments/services/undercloud-haproxy.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::UndercloudHAProxy: ../../puppet/services/haproxy.yaml diff --git a/environments/services/undercloud-keepalived.yaml b/environments/services/undercloud-keepalived.yaml new file mode 100644 index 0000000000..5c2baf61ed --- /dev/null +++ b/environments/services/undercloud-keepalived.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::UndercloudKeepalived: ../../puppet/services/keepalived.yaml diff --git a/network/ports/port_from_pool.j2 b/network/ports/port_from_pool.j2 index adb0a07d21..1786971124 100644 --- a/network/ports/port_from_pool.j2 +++ b/network/ports/port_from_pool.j2 @@ -18,6 +18,12 @@ parameters: description: Name of the port default: '' type: string + FixedIPs: + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] + default: [] + type: json ControlPlaneIP: # Here for compatibility with noop.yaml description: IP address on the control plane default: '' diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 274717ee67..26998282f4 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -241,8 +241,14 @@ resource_registry: OS::TripleO::Services::UndercloudGnocchiApi: OS::Heat::None OS::TripleO::Services::UndercloudGnocchiMetricd: OS::Heat::None OS::TripleO::Services::UndercloudGnocchiStatsd: OS::Heat::None + # Redis OS::TripleO::Services::UndercloudRedis: OS::Heat::None + + # Undercloud HA services + OS::TripleO::Services::UndercloudHAProxy: OS::Heat::None + OS::TripleO::Services::UndercloudKeepalived: OS::Heat::None + # Services that are disabled by default (use relevant environment files): OS::TripleO::Services::Fluentd: OS::Heat::None OS::TripleO::Services::Ipsec: OS::Heat::None diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml index 8b2fc3fbd0..b5e527aa8d 100644 --- a/roles/Undercloud.yaml +++ b/roles/Undercloud.yaml @@ -13,6 +13,8 @@ ServicesDefault: - OS::TripleO::Services::Aide - OS::TripleO::Services::Apache + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Docker - OS::TripleO::Services::DockerRegistry - OS::TripleO::Services::GlanceApi @@ -67,4 +69,6 @@ - OS::TripleO::Services::UndercloudCinderScheduler - OS::TripleO::Services::UndercloudCinderVolume - OS::TripleO::Services::UndercloudRedis + - OS::TripleO::Services::UndercloudHAProxy + - OS::TripleO::Services::UndercloudKeepalived - OS::TripleO::Services::Zaqar diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml index bded1ee69f..06e111b996 100644 --- a/roles_data_undercloud.yaml +++ b/roles_data_undercloud.yaml @@ -16,6 +16,8 @@ ServicesDefault: - OS::TripleO::Services::Aide - OS::TripleO::Services::Apache + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Docker - OS::TripleO::Services::DockerRegistry - OS::TripleO::Services::GlanceApi @@ -70,5 +72,7 @@ - OS::TripleO::Services::UndercloudCinderScheduler - OS::TripleO::Services::UndercloudCinderVolume - OS::TripleO::Services::UndercloudRedis + - OS::TripleO::Services::UndercloudHAProxy + - OS::TripleO::Services::UndercloudKeepalived - OS::TripleO::Services::Zaqar