docker/internal TLS: spawn extra container for neutron server's TLS proxy
This spawns an extra container that runs httpd to run the TLS proxy that will go in front of neutron server. bp tls-via-certmonger-containers Change-Id: I2529d78e889835f48c51e12d28ecd7c48739b02b
This commit is contained in:
parent
563a900be0
commit
a37debd3df
|
@ -39,6 +39,13 @@ parameters:
|
||||||
default: {}
|
default: {}
|
||||||
description: Parameters specific to the role
|
description: Parameters specific to the role
|
||||||
type: json
|
type: json
|
||||||
|
EnableInternalTLS:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
|
||||||
|
conditions:
|
||||||
|
|
||||||
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
|
@ -81,6 +88,8 @@ outputs:
|
||||||
- path: /var/log/neutron
|
- path: /var/log/neutron
|
||||||
owner: neutron:neutron
|
owner: neutron:neutron
|
||||||
recurse: true
|
recurse: true
|
||||||
|
/var/lib/kolla/config_files/neutron_server_tls_proxy.json:
|
||||||
|
command: /usr/sbin/httpd -DFOREGROUND
|
||||||
docker_config:
|
docker_config:
|
||||||
# db sync runs before permissions set by kolla_config
|
# db sync runs before permissions set by kolla_config
|
||||||
step_3:
|
step_3:
|
||||||
|
@ -113,20 +122,39 @@ outputs:
|
||||||
- /var/log/containers/neutron:/var/log/neutron
|
- /var/log/containers/neutron:/var/log/neutron
|
||||||
command: ['neutron-db-manage', 'upgrade', 'heads']
|
command: ['neutron-db-manage', 'upgrade', 'heads']
|
||||||
step_4:
|
step_4:
|
||||||
neutron_api:
|
map_merge:
|
||||||
image: *neutron_api_image
|
- neutron_api:
|
||||||
net: host
|
image: *neutron_api_image
|
||||||
privileged: false
|
net: host
|
||||||
restart: always
|
privileged: false
|
||||||
volumes:
|
restart: always
|
||||||
list_concat:
|
volumes:
|
||||||
- {get_attr: [ContainersCommon, volumes]}
|
list_concat:
|
||||||
-
|
- {get_attr: [ContainersCommon, volumes]}
|
||||||
- /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
|
-
|
||||||
- /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
|
- /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
|
||||||
- /var/log/containers/neutron:/var/log/neutron
|
- /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
|
||||||
environment:
|
- /var/log/containers/neutron:/var/log/neutron
|
||||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
environment:
|
||||||
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||||
|
- if:
|
||||||
|
- internal_tls_enabled
|
||||||
|
- neutron_server_tls_proxy:
|
||||||
|
image: *neutron_api_image
|
||||||
|
net: host
|
||||||
|
user: root
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
list_concat:
|
||||||
|
- {get_attr: [ContainersCommon, volumes]}
|
||||||
|
-
|
||||||
|
- /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
|
||||||
|
- /var/lib/config-data/neutron/etc/httpd/:/etc/httpd/:ro
|
||||||
|
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
||||||
|
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
||||||
|
environment:
|
||||||
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||||
|
- {}
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
- name: create persistent logs directory
|
- name: create persistent logs directory
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -12,6 +12,7 @@ resource_registry:
|
||||||
OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml
|
OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml
|
||||||
OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml
|
OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml
|
||||||
OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml
|
OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml
|
||||||
|
OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
|
||||||
OS::TripleO::Services::GlanceApi: ../docker/services/glance-api.yaml
|
OS::TripleO::Services::GlanceApi: ../docker/services/glance-api.yaml
|
||||||
OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml
|
OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml
|
||||||
OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml
|
OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml
|
||||||
|
@ -20,6 +21,12 @@ resource_registry:
|
||||||
OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml
|
OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml
|
||||||
OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml
|
OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml
|
||||||
OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
|
OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
|
||||||
|
OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
|
||||||
|
OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
|
||||||
|
OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
|
||||||
|
OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml
|
||||||
|
OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
|
||||||
|
OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
|
||||||
OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml
|
OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml
|
||||||
OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
|
OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
|
||||||
OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml
|
OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml
|
||||||
|
|
Loading…
Reference in New Issue