Add tls roles for undercloud

Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Ian Main <imain@redhat.com>

Change-Id: Icca382db28e4ea57f3cbf24e9e794b428b824db5

environments/public-tls-undercloud.yaml

@@ -0,0 +1,7 @@
+parameter_defaults:
+  InternalTLSCAFile: '/etc/pki/ca-trust/source/anchors/cm-local-ca.pem'
+  PublicSSLCertificateAutogenerated: true
+
+resource_registry:
+  OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml
+  OS::TripleO::Services::HAProxyPublicTLS: ../puppet/services/haproxy-public-tls-certmonger.yaml

environments/services-docker/undercloud-haproxy.yaml

@@ -0,0 +1,2 @@
+resource_registry:
+  OS::TripleO::Services::UndercloudHAProxy: ../../docker/services/haproxy.yaml

environments/services-docker/undercloud-keepalived.yaml

@@ -0,0 +1,2 @@
+resource_registry:
+  OS::TripleO::Services::UndercloudKeepalived: ../../docker/services/keepalived.yaml

environments/services/undercloud-haproxy.yaml

@@ -0,0 +1,2 @@
+resource_registry:
+  OS::TripleO::Services::UndercloudHAProxy: ../../puppet/services/haproxy.yaml

environments/services/undercloud-keepalived.yaml

@@ -0,0 +1,2 @@
+resource_registry:
+  OS::TripleO::Services::UndercloudKeepalived: ../../puppet/services/keepalived.yaml

network/ports/port_from_pool.j2

@@ -18,6 +18,12 @@ parameters:
     description: Name of the port
     default: ''
     type: string
+  FixedIPs:
+    description: >
+        Control the IP allocation for the VIP port. E.g.
+        [{'ip_address':'1.2.3.4'}]
+    default: []
+    type: json
   ControlPlaneIP: # Here for compatibility with noop.yaml
     description: IP address on the control plane
     default: ''

overcloud-resource-registry-puppet.j2.yaml

@@ -241,8 +241,14 @@ resource_registry:
   OS::TripleO::Services::UndercloudGnocchiApi: OS::Heat::None
   OS::TripleO::Services::UndercloudGnocchiMetricd: OS::Heat::None
   OS::TripleO::Services::UndercloudGnocchiStatsd: OS::Heat::None
+
   # Redis
   OS::TripleO::Services::UndercloudRedis: OS::Heat::None
+
+  # Undercloud HA services
+  OS::TripleO::Services::UndercloudHAProxy: OS::Heat::None
+  OS::TripleO::Services::UndercloudKeepalived: OS::Heat::None
+
   # Services that are disabled by default (use relevant environment files):
   OS::TripleO::Services::Fluentd: OS::Heat::None
   OS::TripleO::Services::Ipsec: OS::Heat::None

roles/Undercloud.yaml

@@ -13,6 +13,8 @@
   ServicesDefault:
     - OS::TripleO::Services::Aide
     - OS::TripleO::Services::Apache
+    - OS::TripleO::Services::CACerts
+    - OS::TripleO::Services::CertmongerUser
     - OS::TripleO::Services::Docker
     - OS::TripleO::Services::DockerRegistry
     - OS::TripleO::Services::GlanceApi
@@ -67,4 +69,6 @@
     - OS::TripleO::Services::UndercloudCinderScheduler
     - OS::TripleO::Services::UndercloudCinderVolume
     - OS::TripleO::Services::UndercloudRedis
+    - OS::TripleO::Services::UndercloudHAProxy
+    - OS::TripleO::Services::UndercloudKeepalived
     - OS::TripleO::Services::Zaqar

roles_data_undercloud.yaml

@@ -16,6 +16,8 @@
   ServicesDefault:
     - OS::TripleO::Services::Aide
     - OS::TripleO::Services::Apache
+    - OS::TripleO::Services::CACerts
+    - OS::TripleO::Services::CertmongerUser
     - OS::TripleO::Services::Docker
     - OS::TripleO::Services::DockerRegistry
     - OS::TripleO::Services::GlanceApi
@@ -70,5 +72,7 @@
     - OS::TripleO::Services::UndercloudCinderScheduler
     - OS::TripleO::Services::UndercloudCinderVolume
     - OS::TripleO::Services::UndercloudRedis
+    - OS::TripleO::Services::UndercloudHAProxy
+    - OS::TripleO::Services::UndercloudKeepalived
     - OS::TripleO::Services::Zaqar