From 9be5b8fce37f2f6112ee8a8761c65c5ddba80859 Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Tue, 8 May 2018 18:15:53 +0300 Subject: [PATCH] Add no-tls environment to env-generator It was missed from the commit that introduced the environment. Change-Id: I7e370f5b16ba8b29cd1af36fec6da436f70843a6 --- environments/no-tls-endpoints-public-ip.yaml | 11 +- environments/ssl/no-tls-endpoints-public.yaml | 117 ++++++++++++++++ sample-env-generator/ssl.yaml | 127 ++++++++++++++++++ 3 files changed, 250 insertions(+), 5 deletions(-) create mode 100644 environments/ssl/no-tls-endpoints-public.yaml diff --git a/environments/no-tls-endpoints-public-ip.yaml b/environments/no-tls-endpoints-public-ip.yaml index 84091980a9..57c4738313 100644 --- a/environments/no-tls-endpoints-public-ip.yaml +++ b/environments/no-tls-endpoints-public-ip.yaml @@ -4,13 +4,14 @@ # Users are recommended to make changes to a copy of the file instead # of the original, if any customizations are needed. # ******************************************************************* -# title: Deploy Public SSL Endpoints as IP Addresses +# title: Deploy All Endpoints without TLS and with IP addresses # description: | -# Use this environment when deploying an SSL-enabled overcloud where the public -# endpoint is an IP address. +# Use this environment when deploying an overcloud where all the endpoints not +# using TLS and are using IP addresses. parameter_defaults: - - EnablePublicTLS: false + # Whether to enable TLS on the public interface or not. + # Type: boolean + EnablePublicTLS: False # Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. # Type: json diff --git a/environments/ssl/no-tls-endpoints-public.yaml b/environments/ssl/no-tls-endpoints-public.yaml new file mode 100644 index 0000000000..57c4738313 --- /dev/null +++ b/environments/ssl/no-tls-endpoints-public.yaml @@ -0,0 +1,117 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Deploy All Endpoints without TLS and with IP addresses +# description: | +# Use this environment when deploying an overcloud where all the endpoints not +# using TLS and are using IP addresses. +parameter_defaults: + # Whether to enable TLS on the public interface or not. + # Type: boolean + EnablePublicTLS: False + + # Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. + # Type: json + EndpointMap: + AodhAdmin: {protocol: http, port: '8042', host: IP_ADDRESS} + AodhInternal: {protocol: http, port: '8042', host: IP_ADDRESS} + AodhPublic: {protocol: http, port: '8042', host: IP_ADDRESS} + BarbicanAdmin: {protocol: http, port: '9311', host: IP_ADDRESS} + BarbicanInternal: {protocol: http, port: '9311', host: IP_ADDRESS} + BarbicanPublic: {protocol: http, port: '9311', host: IP_ADDRESS} + CeilometerAdmin: {protocol: http, port: '8777', host: IP_ADDRESS} + CeilometerInternal: {protocol: http, port: '8777', host: IP_ADDRESS} + CeilometerPublic: {protocol: http, port: '8777', host: IP_ADDRESS} + CephRgwAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} + CephRgwInternal: {protocol: http, port: '8080', host: IP_ADDRESS} + CephRgwPublic: {protocol: http, port: '8080', host: IP_ADDRESS} + CinderAdmin: {protocol: http, port: '8776', host: IP_ADDRESS} + CinderInternal: {protocol: http, port: '8776', host: IP_ADDRESS} + CinderPublic: {protocol: http, port: '8776', host: IP_ADDRESS} + CongressAdmin: {protocol: http, port: '1789', host: IP_ADDRESS} + CongressInternal: {protocol: http, port: '1789', host: IP_ADDRESS} + CongressPublic: {protocol: http, port: '1789', host: IP_ADDRESS} + DesignateAdmin: {protocol: 'http', port: '9001', host: IP_ADDRESS} + DesignateInternal: {protocol: 'http', port: '9001', host: IP_ADDRESS} + DesignatePublic: {protocol: 'http', port: '9001', host: IP_ADDRESS} + DockerRegistryInternal: {protocol: http, port: '8787', host: IP_ADDRESS} + Ec2ApiAdmin: {protocol: http, port: '8788', host: IP_ADDRESS} + Ec2ApiInternal: {protocol: http, port: '8788', host: IP_ADDRESS} + Ec2ApiPublic: {protocol: http, port: '8788', host: IP_ADDRESS} + GaneshaInternal: {protocol: nfs, port: '2049', host: IP_ADDRESS} + GlanceAdmin: {protocol: http, port: '9292', host: IP_ADDRESS} + GlanceInternal: {protocol: http, port: '9292', host: IP_ADDRESS} + GlancePublic: {protocol: http, port: '9292', host: IP_ADDRESS} + GnocchiAdmin: {protocol: http, port: '8041', host: IP_ADDRESS} + GnocchiInternal: {protocol: http, port: '8041', host: IP_ADDRESS} + GnocchiPublic: {protocol: http, port: '8041', host: IP_ADDRESS} + HeatAdmin: {protocol: http, port: '8004', host: IP_ADDRESS} + HeatInternal: {protocol: http, port: '8004', host: IP_ADDRESS} + HeatPublic: {protocol: http, port: '8004', host: IP_ADDRESS} + HeatUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} + HeatCfnAdmin: {protocol: http, port: '8000', host: IP_ADDRESS} + HeatCfnInternal: {protocol: http, port: '8000', host: IP_ADDRESS} + HeatCfnPublic: {protocol: http, port: '8000', host: IP_ADDRESS} + HorizonPublic: {protocol: http, port: '80', host: IP_ADDRESS} + IronicAdmin: {protocol: http, port: '6385', host: IP_ADDRESS} + IronicInternal: {protocol: http, port: '6385', host: IP_ADDRESS} + IronicPublic: {protocol: http, port: '6385', host: IP_ADDRESS} + IronicUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} + IronicInspectorAdmin: {protocol: http, port: '5050', host: IP_ADDRESS} + IronicInspectorInternal: {protocol: http, port: '5050', host: IP_ADDRESS} + IronicInspectorPublic: {protocol: http, port: '5050', host: IP_ADDRESS} + IronicInspectorUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} + KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS} + KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS} + KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS} + KeystoneUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} + ManilaAdmin: {protocol: http, port: '8786', host: IP_ADDRESS} + ManilaInternal: {protocol: http, port: '8786', host: IP_ADDRESS} + ManilaPublic: {protocol: http, port: '8786', host: IP_ADDRESS} + MistralAdmin: {protocol: http, port: '8989', host: IP_ADDRESS} + MistralInternal: {protocol: http, port: '8989', host: IP_ADDRESS} + MistralPublic: {protocol: http, port: '8989', host: IP_ADDRESS} + MistralUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} + MysqlInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS} + NeutronAdmin: {protocol: http, port: '9696', host: IP_ADDRESS} + NeutronInternal: {protocol: http, port: '9696', host: IP_ADDRESS} + NeutronPublic: {protocol: http, port: '9696', host: IP_ADDRESS} + NovaAdmin: {protocol: http, port: '8774', host: IP_ADDRESS} + NovaInternal: {protocol: http, port: '8774', host: IP_ADDRESS} + NovaPublic: {protocol: http, port: '8774', host: IP_ADDRESS} + NovaUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} + NovaPlacementAdmin: {protocol: http, port: '8778', host: IP_ADDRESS} + NovaPlacementInternal: {protocol: http, port: '8778', host: IP_ADDRESS} + NovaPlacementPublic: {protocol: http, port: '8778', host: IP_ADDRESS} + NovaVNCProxyAdmin: {protocol: http, port: '6080', host: IP_ADDRESS} + NovaVNCProxyInternal: {protocol: http, port: '6080', host: IP_ADDRESS} + NovaVNCProxyPublic: {protocol: http, port: '6080', host: IP_ADDRESS} + OctaviaAdmin: {protocol: http, port: '9876', host: IP_ADDRESS} + OctaviaInternal: {protocol: http, port: '9876', host: IP_ADDRESS} + OctaviaPublic: {protocol: http, port: '9876', host: IP_ADDRESS} + OpenDaylightAdmin: {protocol: http, port: '8081', host: IP_ADDRESS} + OpenDaylightInternal: {protocol: http, port: '8081', host: IP_ADDRESS} + PankoAdmin: {protocol: http, port: '8977', host: IP_ADDRESS} + PankoInternal: {protocol: http, port: '8977', host: IP_ADDRESS} + PankoPublic: {protocol: http, port: '8977', host: IP_ADDRESS} + SaharaAdmin: {protocol: http, port: '8386', host: IP_ADDRESS} + SaharaInternal: {protocol: http, port: '8386', host: IP_ADDRESS} + SaharaPublic: {protocol: http, port: '8386', host: IP_ADDRESS} + SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} + SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS} + SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS} + SwiftUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} + TackerAdmin: {protocol: http, port: '9890', host: IP_ADDRESS} + TackerInternal: {protocol: http, port: '9890', host: IP_ADDRESS} + TackerPublic: {protocol: http, port: '9890', host: IP_ADDRESS} + ZaqarAdmin: {protocol: http, port: '8888', host: IP_ADDRESS} + ZaqarInternal: {protocol: http, port: '8888', host: IP_ADDRESS} + ZaqarPublic: {protocol: http, port: '8888', host: IP_ADDRESS} + ZaqarWebSocketAdmin: {protocol: ws, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketInternal: {protocol: ws, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketPublic: {protocol: ws, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketUIConfig: {protocol: ws, port: '3000', host: IP_ADDRESS} + diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml index 94d4c0772b..c1ef36b64d 100644 --- a/sample-env-generator/ssl.yaml +++ b/sample-env-generator/ssl.yaml @@ -439,3 +439,130 @@ environments: ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} ZaqarWebSocketUIConfig: {protocol: 'wss', port: '443', host: 'CLOUDNAME'} + - + name: ssl/no-tls-endpoints-public + title: Deploy All Endpoints without TLS and with IP addresses + description: | + Use this environment when deploying an overcloud where all the endpoints not + using TLS and are using IP addresses. + files: + network/endpoints/endpoint_map.yaml: + parameters: + - EndpointMap + docker/services/haproxy.yaml: + parameters: + - EnablePublicTLS + docker/services/pacemaker/haproxy.yaml: + parameters: + - EnablePublicTLS + puppet/services/haproxy.yaml: + parameters: + - EnablePublicTLS + sample_values: + EnablePublicTLS: false + # NOTE(bnemec): This is a bit odd, but it's the only way I've found that + # works. The |-2 tells YAML to strip two spaces off the indentation of + # the value, which because it's indented six spaces gets us to the four + # that we actually want. Note that zero is not a valid value here, so + # two seemed like the most sane option. + EndpointMap: |-2 + + AodhAdmin: {protocol: http, port: '8042', host: IP_ADDRESS} + AodhInternal: {protocol: http, port: '8042', host: IP_ADDRESS} + AodhPublic: {protocol: http, port: '8042', host: IP_ADDRESS} + BarbicanAdmin: {protocol: http, port: '9311', host: IP_ADDRESS} + BarbicanInternal: {protocol: http, port: '9311', host: IP_ADDRESS} + BarbicanPublic: {protocol: http, port: '9311', host: IP_ADDRESS} + CeilometerAdmin: {protocol: http, port: '8777', host: IP_ADDRESS} + CeilometerInternal: {protocol: http, port: '8777', host: IP_ADDRESS} + CeilometerPublic: {protocol: http, port: '8777', host: IP_ADDRESS} + CephRgwAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} + CephRgwInternal: {protocol: http, port: '8080', host: IP_ADDRESS} + CephRgwPublic: {protocol: http, port: '8080', host: IP_ADDRESS} + CinderAdmin: {protocol: http, port: '8776', host: IP_ADDRESS} + CinderInternal: {protocol: http, port: '8776', host: IP_ADDRESS} + CinderPublic: {protocol: http, port: '8776', host: IP_ADDRESS} + CongressAdmin: {protocol: http, port: '1789', host: IP_ADDRESS} + CongressInternal: {protocol: http, port: '1789', host: IP_ADDRESS} + CongressPublic: {protocol: http, port: '1789', host: IP_ADDRESS} + DesignateAdmin: {protocol: 'http', port: '9001', host: IP_ADDRESS} + DesignateInternal: {protocol: 'http', port: '9001', host: IP_ADDRESS} + DesignatePublic: {protocol: 'http', port: '9001', host: IP_ADDRESS} + DockerRegistryInternal: {protocol: http, port: '8787', host: IP_ADDRESS} + Ec2ApiAdmin: {protocol: http, port: '8788', host: IP_ADDRESS} + Ec2ApiInternal: {protocol: http, port: '8788', host: IP_ADDRESS} + Ec2ApiPublic: {protocol: http, port: '8788', host: IP_ADDRESS} + GaneshaInternal: {protocol: nfs, port: '2049', host: IP_ADDRESS} + GlanceAdmin: {protocol: http, port: '9292', host: IP_ADDRESS} + GlanceInternal: {protocol: http, port: '9292', host: IP_ADDRESS} + GlancePublic: {protocol: http, port: '9292', host: IP_ADDRESS} + GnocchiAdmin: {protocol: http, port: '8041', host: IP_ADDRESS} + GnocchiInternal: {protocol: http, port: '8041', host: IP_ADDRESS} + GnocchiPublic: {protocol: http, port: '8041', host: IP_ADDRESS} + HeatAdmin: {protocol: http, port: '8004', host: IP_ADDRESS} + HeatInternal: {protocol: http, port: '8004', host: IP_ADDRESS} + HeatPublic: {protocol: http, port: '8004', host: IP_ADDRESS} + HeatUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} + HeatCfnAdmin: {protocol: http, port: '8000', host: IP_ADDRESS} + HeatCfnInternal: {protocol: http, port: '8000', host: IP_ADDRESS} + HeatCfnPublic: {protocol: http, port: '8000', host: IP_ADDRESS} + HorizonPublic: {protocol: http, port: '80', host: IP_ADDRESS} + IronicAdmin: {protocol: http, port: '6385', host: IP_ADDRESS} + IronicInternal: {protocol: http, port: '6385', host: IP_ADDRESS} + IronicPublic: {protocol: http, port: '6385', host: IP_ADDRESS} + IronicUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} + IronicInspectorAdmin: {protocol: http, port: '5050', host: IP_ADDRESS} + IronicInspectorInternal: {protocol: http, port: '5050', host: IP_ADDRESS} + IronicInspectorPublic: {protocol: http, port: '5050', host: IP_ADDRESS} + IronicInspectorUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} + KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS} + KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS} + KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS} + KeystoneUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} + ManilaAdmin: {protocol: http, port: '8786', host: IP_ADDRESS} + ManilaInternal: {protocol: http, port: '8786', host: IP_ADDRESS} + ManilaPublic: {protocol: http, port: '8786', host: IP_ADDRESS} + MistralAdmin: {protocol: http, port: '8989', host: IP_ADDRESS} + MistralInternal: {protocol: http, port: '8989', host: IP_ADDRESS} + MistralPublic: {protocol: http, port: '8989', host: IP_ADDRESS} + MistralUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} + MysqlInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS} + NeutronAdmin: {protocol: http, port: '9696', host: IP_ADDRESS} + NeutronInternal: {protocol: http, port: '9696', host: IP_ADDRESS} + NeutronPublic: {protocol: http, port: '9696', host: IP_ADDRESS} + NovaAdmin: {protocol: http, port: '8774', host: IP_ADDRESS} + NovaInternal: {protocol: http, port: '8774', host: IP_ADDRESS} + NovaPublic: {protocol: http, port: '8774', host: IP_ADDRESS} + NovaUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} + NovaPlacementAdmin: {protocol: http, port: '8778', host: IP_ADDRESS} + NovaPlacementInternal: {protocol: http, port: '8778', host: IP_ADDRESS} + NovaPlacementPublic: {protocol: http, port: '8778', host: IP_ADDRESS} + NovaVNCProxyAdmin: {protocol: http, port: '6080', host: IP_ADDRESS} + NovaVNCProxyInternal: {protocol: http, port: '6080', host: IP_ADDRESS} + NovaVNCProxyPublic: {protocol: http, port: '6080', host: IP_ADDRESS} + OctaviaAdmin: {protocol: http, port: '9876', host: IP_ADDRESS} + OctaviaInternal: {protocol: http, port: '9876', host: IP_ADDRESS} + OctaviaPublic: {protocol: http, port: '9876', host: IP_ADDRESS} + OpenDaylightAdmin: {protocol: http, port: '8081', host: IP_ADDRESS} + OpenDaylightInternal: {protocol: http, port: '8081', host: IP_ADDRESS} + PankoAdmin: {protocol: http, port: '8977', host: IP_ADDRESS} + PankoInternal: {protocol: http, port: '8977', host: IP_ADDRESS} + PankoPublic: {protocol: http, port: '8977', host: IP_ADDRESS} + SaharaAdmin: {protocol: http, port: '8386', host: IP_ADDRESS} + SaharaInternal: {protocol: http, port: '8386', host: IP_ADDRESS} + SaharaPublic: {protocol: http, port: '8386', host: IP_ADDRESS} + SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} + SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS} + SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS} + SwiftUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} + TackerAdmin: {protocol: http, port: '9890', host: IP_ADDRESS} + TackerInternal: {protocol: http, port: '9890', host: IP_ADDRESS} + TackerPublic: {protocol: http, port: '9890', host: IP_ADDRESS} + ZaqarAdmin: {protocol: http, port: '8888', host: IP_ADDRESS} + ZaqarInternal: {protocol: http, port: '8888', host: IP_ADDRESS} + ZaqarPublic: {protocol: http, port: '8888', host: IP_ADDRESS} + ZaqarWebSocketAdmin: {protocol: ws, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketInternal: {protocol: ws, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketPublic: {protocol: ws, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketUIConfig: {protocol: ws, port: '3000', host: IP_ADDRESS} +