docker/internal TLS: spawn extra container for neutron server's TLS proxy
This spawns an extra container that runs httpd to run the TLS proxy that will go in front of neutron server. bp tls-via-certmonger-containers Change-Id: I2529d78e889835f48c51e12d28ecd7c48739b02b
This commit is contained in:
parent
563a900be0
commit
a37debd3df
|
@ -39,6 +39,13 @@ parameters:
|
|||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
conditions:
|
||||
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
resources:
|
||||
|
||||
|
@ -81,6 +88,8 @@ outputs:
|
|||
- path: /var/log/neutron
|
||||
owner: neutron:neutron
|
||||
recurse: true
|
||||
/var/lib/kolla/config_files/neutron_server_tls_proxy.json:
|
||||
command: /usr/sbin/httpd -DFOREGROUND
|
||||
docker_config:
|
||||
# db sync runs before permissions set by kolla_config
|
||||
step_3:
|
||||
|
@ -113,7 +122,8 @@ outputs:
|
|||
- /var/log/containers/neutron:/var/log/neutron
|
||||
command: ['neutron-db-manage', 'upgrade', 'heads']
|
||||
step_4:
|
||||
neutron_api:
|
||||
map_merge:
|
||||
- neutron_api:
|
||||
image: *neutron_api_image
|
||||
net: host
|
||||
privileged: false
|
||||
|
@ -127,6 +137,24 @@ outputs:
|
|||
- /var/log/containers/neutron:/var/log/neutron
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- neutron_server_tls_proxy:
|
||||
image: *neutron_api_image
|
||||
net: host
|
||||
user: root
|
||||
restart: always
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/neutron/etc/httpd/:/etc/httpd/:ro
|
||||
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
||||
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
- {}
|
||||
host_prep_tasks:
|
||||
- name: create persistent logs directory
|
||||
file:
|
||||
|
|
|
@ -12,6 +12,7 @@ resource_registry:
|
|||
OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml
|
||||
OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml
|
||||
OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml
|
||||
OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
|
||||
OS::TripleO::Services::GlanceApi: ../docker/services/glance-api.yaml
|
||||
OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml
|
||||
OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml
|
||||
|
@ -20,6 +21,12 @@ resource_registry:
|
|||
OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml
|
||||
OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml
|
||||
OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
|
||||
OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
|
||||
OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
|
||||
OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
|
||||
OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml
|
||||
OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
|
||||
OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
|
||||
OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml
|
||||
OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
|
||||
OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml
|
||||
|
|
Loading…
Reference in New Issue