Browse Source

Convert enable-internal-tls.yaml to be generated

All of the other SSL environments were converted, but this one was
missed.  That's an inconsistent user experience and should be
cleaned up.

This environment also exposed a bug in the tool where it did not
include the parameter_defaults section key if all the parameters
were marked static.

Change-Id: I19bc422c22b9f60f781e696ce703b026dc317786
Closes-Bug: 1713761
changes/46/493246/2
Ben Nemec 5 years ago
parent
commit
7c06db3d1c
  1. 4
      environments/enable-internal-tls.yaml
  2. 36
      environments/ssl/enable-internal-tls.yaml
  3. 34
      sample-env-generator/ssl.yaml
  4. 2
      tripleo_heat_templates/environment_generator.py

4
environments/enable-internal-tls.yaml

@ -1,3 +1,7 @@
# ********************************************************************************
# DEPRECATED: Use tripleo-heat-templates/environments/ssl/enable-internal-tls.yaml
# instead.
# ********************************************************************************
# A Heat environment file which can be used to enable a
# a TLS for in the internal network via certmonger
parameter_defaults:

36
environments/ssl/enable-internal-tls.yaml

@ -0,0 +1,36 @@
# *******************************************************************
# This file was created automatically by the sample environment
# generator. Developers should use `tox -e genconfig` to update it.
# Users are recommended to make changes to a copy of the file instead
# of the original, if any customizations are needed.
# *******************************************************************
# title: Enable SSL on OpenStack Internal Endpoints
# description: |
# A Heat environment file which can be used to enable TLS for the internal
# network via certmonger
parameter_defaults:
# ******************************************************
# Static parameters - these are values that must be
# included in the environment but should not be changed.
# ******************************************************
#
# Type: boolean
EnableInternalTLS: True
# Rabbit client subscriber parameter to specify an SSL connection to the RabbitMQ host.
# Type: string
RabbitClientUseSSL: True
# Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API.
# Type: json
ServerMetadata:
ipa_enroll: True
# *********************
# End static parameters
# *********************
resource_registry:
OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml
OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml
OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml
OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml

34
sample-env-generator/ssl.yaml

@ -22,6 +22,40 @@ environments:
The contents of the private key go here
resource_registry:
OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
-
name: ssl/enable-internal-tls
title: Enable SSL on OpenStack Internal Endpoints
description: |
A Heat environment file which can be used to enable TLS for the internal
network via certmonger
files:
puppet/all-nodes-config.yaml:
parameters:
- EnableInternalTLS
puppet/services/nova-base.yaml:
parameters:
- RabbitClientUseSSL
overcloud.yaml:
parameters:
- ServerMetadata
static:
- EnableInternalTLS
- RabbitClientUseSSL
- ServerMetadata
sample_values:
EnableInternalTLS: True
RabbitClientUseSSL: True
ServerMetadata: |-2
ipa_enroll: True
resource_registry:
OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml
OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml
# We use apache as a TLS proxy
OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml
# Creates nova metadata that will create the extra service principals per
# node.
OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml
- name: ssl/inject-trust-anchor
title: Inject SSL Trust Anchor on Overcloud Nodes
description: |

2
tripleo_heat_templates/environment_generator.py

@ -159,7 +159,7 @@ def _generate_environment(input_env, parent_env=None):
for line in env_desc.splitlines():
env_file.write(u'# %s\n' % line)
if parameter_defaults:
if parameter_defaults or static_defaults:
env_file.write(u'parameter_defaults:\n')
for name, value in sorted(parameter_defaults.items()):
write_sample_entry(env_file, name, value)

Loading…
Cancel
Save