Decouple EndpointMap from SSL certificate params
Having the endpoint map in the same environment as the SSL certificate parameters means that every time a service is added to the overcloud, the user must remember to update their copy of enable-tls.yaml to reflect the new service. To avoid this, let's separate the SSL EndpointMap from the SSL certificates so users can simply pass the shipped list of SSL endpoints and only have to customize the certificate env file. As and added bonus, this means they won't have to put the certificates in enable-tls.yaml specifically. The parameters can be set anywhere, and will be used as long as one of the tls-endpoints envs is also specified. inject-trust-anchor.yaml is not changed, but it could already be used in the same fashion. The root certificate param could be set in any env passed after inject-trust-anchor.yaml, and then inject-trust-anchor.yaml would only be responsible for setting the appropriate resource_registry entry. This way there is no need to customize the in-tree inject-trust-anchor.yaml either. Change-Id: I38eabb903b8382e6577ccc97e21fbb9d09c382b3
This commit is contained in:
parent
0eb70014a3
commit
8cd7861a26
|
@ -1,58 +1,9 @@
|
|||
# Use this environment to pass in certificates for SSL deployments.
|
||||
# For these values to take effect, one of the tls-endpoints-*.yaml environments
|
||||
# must also be used.
|
||||
parameter_defaults:
|
||||
SSLCertificate: |
|
||||
The contents of your certificate go here
|
||||
SSLIntermediateCertificate: ''
|
||||
SSLKey: |
|
||||
The contents of the private key go here
|
||||
EndpointMap:
|
||||
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
|
||||
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
|
||||
AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
|
||||
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
||||
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
||||
CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
|
||||
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
||||
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
||||
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
|
||||
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
||||
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
||||
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
|
||||
GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'}
|
||||
GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
|
||||
GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
|
||||
GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
|
||||
HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
||||
HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
||||
HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
|
||||
HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
|
||||
HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
|
||||
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
|
||||
HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
|
||||
IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
|
||||
IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
|
||||
IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
|
||||
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
|
||||
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
|
||||
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
|
||||
ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
|
||||
ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
|
||||
ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
|
||||
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
|
||||
NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
||||
NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
||||
NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
|
||||
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
|
||||
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
|
||||
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
|
||||
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
|
||||
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
|
||||
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
|
||||
SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
|
||||
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
|
||||
|
||||
resource_registry:
|
||||
OS::TripleO::NodeTLSData: ../puppet/extraconfig/tls/tls-cert-inject.yaml
|
||||
|
|
|
@ -0,0 +1,55 @@
|
|||
# Use this environment when deploying an SSL-enabled overcloud where the public
|
||||
# endpoint is a DNS name.
|
||||
parameter_defaults:
|
||||
EndpointMap:
|
||||
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
|
||||
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
|
||||
AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
|
||||
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
||||
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
||||
CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
|
||||
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
||||
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
||||
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
|
||||
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
||||
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
||||
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
|
||||
GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'}
|
||||
GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
|
||||
GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
|
||||
GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
|
||||
HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
||||
HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
||||
HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
|
||||
HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
|
||||
HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
|
||||
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
|
||||
HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
|
||||
IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
|
||||
IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
|
||||
IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
|
||||
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
|
||||
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
|
||||
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
|
||||
ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
|
||||
ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
|
||||
ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
|
||||
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
|
||||
NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
||||
NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
||||
NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
|
||||
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
|
||||
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
|
||||
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
|
||||
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
|
||||
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
|
||||
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
|
||||
SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
|
||||
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
|
||||
|
||||
resource_registry:
|
||||
OS::TripleO::NodeTLSData: ../puppet/extraconfig/tls/tls-cert-inject.yaml
|
|
@ -0,0 +1,55 @@
|
|||
# Use this environment when deploying an SSL-enabled overcloud where the public
|
||||
# endpoint is an IP address.
|
||||
parameter_defaults:
|
||||
EndpointMap:
|
||||
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
|
||||
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
|
||||
AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
|
||||
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
||||
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
||||
CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'}
|
||||
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
||||
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
||||
CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
|
||||
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
||||
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
||||
GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
|
||||
GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'}
|
||||
GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
|
||||
GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
|
||||
GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'}
|
||||
HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
||||
HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
||||
HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'}
|
||||
HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
|
||||
HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
|
||||
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'}
|
||||
HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
||||
IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
|
||||
IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
|
||||
IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
|
||||
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
|
||||
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
|
||||
KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
|
||||
ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
|
||||
ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
|
||||
ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'}
|
||||
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
|
||||
NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
||||
NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
||||
NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'}
|
||||
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||
NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
|
||||
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
|
||||
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
|
||||
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
|
||||
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
|
||||
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
|
||||
SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'}
|
||||
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||
SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
|
||||
|
||||
resource_registry:
|
||||
OS::TripleO::NodeTLSData: ../puppet/extraconfig/tls/tls-cert-inject.yaml
|
Loading…
Reference in New Issue