From a72f8d4ae99e17cffe52cb94a90e33e1e4ea16fe Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Wed, 3 Oct 2018 15:53:12 +0300 Subject: [PATCH] Remove deprecated TLS-related environment files The ones in environments/ssl/ are preferred instead. These have been available since pike. Change-Id: I84a7b354ede46d6ec88964e5dcbd5678d89c8c0f Depends-On: I5a905ec7499a6faa08cbcacfccb19a6e424e4a80 --- environments/enable-internal-tls.yaml | 27 ---- environments/enable-tls.yaml | 19 --- environments/inject-trust-anchor-hiera.yaml | 12 -- environments/inject-trust-anchor.yaml | 10 -- environments/no-tls-endpoints-public-ip.yaml | 120 ------------------ environments/tls-endpoints-public-dns.yaml | 109 ---------------- environments/tls-endpoints-public-ip.yaml | 109 ---------------- .../tls-everywhere-endpoints-dns.yaml | 105 --------------- .../remove-old-tls-envs-137cf19b55526a81.yaml | 9 ++ tools/yaml-validate.py | 4 - 10 files changed, 9 insertions(+), 515 deletions(-) delete mode 100644 environments/enable-internal-tls.yaml delete mode 100644 environments/enable-tls.yaml delete mode 100644 environments/inject-trust-anchor-hiera.yaml delete mode 100644 environments/inject-trust-anchor.yaml delete mode 100644 environments/no-tls-endpoints-public-ip.yaml delete mode 100644 environments/tls-endpoints-public-dns.yaml delete mode 100644 environments/tls-endpoints-public-ip.yaml delete mode 100644 environments/tls-everywhere-endpoints-dns.yaml create mode 100644 releasenotes/notes/remove-old-tls-envs-137cf19b55526a81.yaml diff --git a/environments/enable-internal-tls.yaml b/environments/enable-internal-tls.yaml deleted file mode 100644 index 9a9e565a9c..0000000000 --- a/environments/enable-internal-tls.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# ******************************************************************************** -# DEPRECATED: Use tripleo-heat-templates/environments/ssl/enable-internal-tls.yaml -# instead. -# ******************************************************************************** -# A Heat environment file which can be used to enable a -# a TLS for in the internal network via certmonger -parameter_defaults: - EnableInternalTLS: true - RabbitClientUseSSL: true - - # Required for novajoin to enroll the overcloud nodes - ServerMetadata: - ipa_enroll: True - -resource_registry: - # FIXME(bogdando): switch it, once it is containerized - OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml - - OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml - - # We use apache as a TLS proxy - # FIXME(bogdando): switch it, once it is containerized - OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml - - # Creates nova metadata that will create the extra service principals per - # node. - OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml deleted file mode 100644 index 968f8980a2..0000000000 --- a/environments/enable-tls.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# ******************************************************************************** -# DEPRECATED: Use tripleo-heat-templates/environments/ssl/enable-tls.yaml instead. -# ******************************************************************************** -# Use this environment to pass in certificates for SSL deployments. -# For these values to take effect, one of the tls-endpoints-*.yaml environments -# must also be used. -parameter_defaults: - HorizonSecureCookies: True - SSLCertificate: | - The contents of your certificate go here - SSLIntermediateCertificate: '' - SSLKey: | - The contents of the private key go here - - # Disable Gnocchi Incoming redis storage driver when using tls - GnocchiIncomingStorageDriver: '' - -resource_registry: - OS::TripleO::NodeTLSData: OS::Heat::None diff --git a/environments/inject-trust-anchor-hiera.yaml b/environments/inject-trust-anchor-hiera.yaml deleted file mode 100644 index 95d2de953c..0000000000 --- a/environments/inject-trust-anchor-hiera.yaml +++ /dev/null @@ -1,12 +0,0 @@ -# ************************************************************************************** -# DEPRECATED: Use tripleo-heat-templates/environments/ssl/inject-trust-anchor-hiera.yaml -# instead. -# ************************************************************************************** -parameter_defaults: - CAMap: - first-ca-name: - content: | - The content of the CA cert goes here - second-ca-name: - content: | - The content of the CA cert goes here diff --git a/environments/inject-trust-anchor.yaml b/environments/inject-trust-anchor.yaml deleted file mode 100644 index 1b0f7066b6..0000000000 --- a/environments/inject-trust-anchor.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# ******************************************************************************** -# DEPRECATED: Use tripleo-heat-templates/environments/ssl/inject-trust-anchor.yaml -# instead. -# ******************************************************************************** -parameter_defaults: - SSLRootCertificate: | - The contents of your root CA certificate go here - -resource_registry: - OS::TripleO::NodeTLSCAData: ../puppet/extraconfig/tls/ca-inject.yaml diff --git a/environments/no-tls-endpoints-public-ip.yaml b/environments/no-tls-endpoints-public-ip.yaml deleted file mode 100644 index 1bca0197e2..0000000000 --- a/environments/no-tls-endpoints-public-ip.yaml +++ /dev/null @@ -1,120 +0,0 @@ -# ******************************************************************* -# This file was created automatically by the sample environment -# generator. Developers should use `tox -e genconfig` to update it. -# Users are recommended to make changes to a copy of the file instead -# of the original, if any customizations are needed. -# ******************************************************************* -# title: Deploy All Endpoints without TLS and with IP addresses -# description: | -# Use this environment when deploying an overcloud where all the endpoints not -# using TLS and are using IP addresses. -parameter_defaults: - # Whether to enable TLS on the public interface or not. - # Type: boolean - EnablePublicTLS: False - - # Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. - # Type: json - EndpointMap: - AodhAdmin: {protocol: http, port: '8042', host: IP_ADDRESS} - AodhInternal: {protocol: http, port: '8042', host: IP_ADDRESS} - AodhPublic: {protocol: http, port: '8042', host: IP_ADDRESS} - BarbicanAdmin: {protocol: http, port: '9311', host: IP_ADDRESS} - BarbicanInternal: {protocol: http, port: '9311', host: IP_ADDRESS} - BarbicanPublic: {protocol: http, port: '9311', host: IP_ADDRESS} - CephRgwAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} - CephRgwInternal: {protocol: http, port: '8080', host: IP_ADDRESS} - CephRgwPublic: {protocol: http, port: '8080', host: IP_ADDRESS} - CinderAdmin: {protocol: http, port: '8776', host: IP_ADDRESS} - CinderInternal: {protocol: http, port: '8776', host: IP_ADDRESS} - CinderPublic: {protocol: http, port: '8776', host: IP_ADDRESS} - CongressAdmin: {protocol: http, port: '1789', host: IP_ADDRESS} - CongressInternal: {protocol: http, port: '1789', host: IP_ADDRESS} - CongressPublic: {protocol: http, port: '1789', host: IP_ADDRESS} - DesignateAdmin: {protocol: 'http', port: '9001', host: IP_ADDRESS} - DesignateInternal: {protocol: 'http', port: '9001', host: IP_ADDRESS} - DesignatePublic: {protocol: 'http', port: '9001', host: IP_ADDRESS} - DockerRegistryInternal: {protocol: http, port: '8787', host: IP_ADDRESS} - Ec2ApiAdmin: {protocol: http, port: '8788', host: IP_ADDRESS} - Ec2ApiInternal: {protocol: http, port: '8788', host: IP_ADDRESS} - Ec2ApiPublic: {protocol: http, port: '8788', host: IP_ADDRESS} - GaneshaInternal: {protocol: nfs, port: '2049', host: IP_ADDRESS} - GlanceAdmin: {protocol: http, port: '9292', host: IP_ADDRESS} - GlanceInternal: {protocol: http, port: '9292', host: IP_ADDRESS} - GlancePublic: {protocol: http, port: '9292', host: IP_ADDRESS} - GnocchiAdmin: {protocol: http, port: '8041', host: IP_ADDRESS} - GnocchiInternal: {protocol: http, port: '8041', host: IP_ADDRESS} - GnocchiPublic: {protocol: http, port: '8041', host: IP_ADDRESS} - HeatAdmin: {protocol: http, port: '8004', host: IP_ADDRESS} - HeatInternal: {protocol: http, port: '8004', host: IP_ADDRESS} - HeatPublic: {protocol: http, port: '8004', host: IP_ADDRESS} - HeatUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} - HeatCfnAdmin: {protocol: http, port: '8000', host: IP_ADDRESS} - HeatCfnInternal: {protocol: http, port: '8000', host: IP_ADDRESS} - HeatCfnPublic: {protocol: http, port: '8000', host: IP_ADDRESS} - HorizonPublic: {protocol: http, port: '80', host: IP_ADDRESS} - IronicAdmin: {protocol: http, port: '6385', host: IP_ADDRESS} - IronicInternal: {protocol: http, port: '6385', host: IP_ADDRESS} - IronicPublic: {protocol: http, port: '6385', host: IP_ADDRESS} - IronicUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} - IronicInspectorAdmin: {protocol: http, port: '5050', host: IP_ADDRESS} - IronicInspectorInternal: {protocol: http, port: '5050', host: IP_ADDRESS} - IronicInspectorPublic: {protocol: http, port: '5050', host: IP_ADDRESS} - IronicInspectorUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} - KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS} - KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS} - KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS} - KeystoneUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} - ManilaAdmin: {protocol: http, port: '8786', host: IP_ADDRESS} - ManilaInternal: {protocol: http, port: '8786', host: IP_ADDRESS} - ManilaPublic: {protocol: http, port: '8786', host: IP_ADDRESS} - MistralAdmin: {protocol: http, port: '8989', host: IP_ADDRESS} - MistralInternal: {protocol: http, port: '8989', host: IP_ADDRESS} - MistralPublic: {protocol: http, port: '8989', host: IP_ADDRESS} - MistralUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} - MysqlInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS} - NeutronAdmin: {protocol: http, port: '9696', host: IP_ADDRESS} - NeutronInternal: {protocol: http, port: '9696', host: IP_ADDRESS} - NeutronPublic: {protocol: http, port: '9696', host: IP_ADDRESS} - NovaAdmin: {protocol: http, port: '8774', host: IP_ADDRESS} - NovaInternal: {protocol: http, port: '8774', host: IP_ADDRESS} - NovaPublic: {protocol: http, port: '8774', host: IP_ADDRESS} - NovaUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} - NovaPlacementAdmin: {protocol: http, port: '8778', host: IP_ADDRESS} - NovaPlacementInternal: {protocol: http, port: '8778', host: IP_ADDRESS} - NovaPlacementPublic: {protocol: http, port: '8778', host: IP_ADDRESS} - NovaVNCProxyAdmin: {protocol: http, port: '6080', host: IP_ADDRESS} - NovaVNCProxyInternal: {protocol: http, port: '6080', host: IP_ADDRESS} - NovaVNCProxyPublic: {protocol: http, port: '6080', host: IP_ADDRESS} - OctaviaAdmin: {protocol: http, port: '9876', host: IP_ADDRESS} - OctaviaInternal: {protocol: http, port: '9876', host: IP_ADDRESS} - OctaviaPublic: {protocol: http, port: '9876', host: IP_ADDRESS} - OpenDaylightAdmin: {protocol: http, port: '8081', host: IP_ADDRESS} - OpenDaylightInternal: {protocol: http, port: '8081', host: IP_ADDRESS} - OpenshiftAdmin: {protocol: http, port: '8443', host: IP_ADDRESS} - OpenshiftInternal: {protocol: http, port: '8443', host: IP_ADDRESS} - OpenshiftPublic: {protocol: http, port: '8443', host: IP_ADDRESS} - OpenshiftRouterAdmin: {protocol: http, port: '80', host: IP_ADDRESS} - OpenshiftRouterInternal: {protocol: http, port: '80', host: IP_ADDRESS} - OpenshiftRouterPublic: {protocol: http, port: '80', host: IP_ADDRESS} - PankoAdmin: {protocol: http, port: '8977', host: IP_ADDRESS} - PankoInternal: {protocol: http, port: '8977', host: IP_ADDRESS} - PankoPublic: {protocol: http, port: '8977', host: IP_ADDRESS} - SaharaAdmin: {protocol: http, port: '8386', host: IP_ADDRESS} - SaharaInternal: {protocol: http, port: '8386', host: IP_ADDRESS} - SaharaPublic: {protocol: http, port: '8386', host: IP_ADDRESS} - SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} - SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS} - SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS} - SwiftUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} - TackerAdmin: {protocol: http, port: '9890', host: IP_ADDRESS} - TackerInternal: {protocol: http, port: '9890', host: IP_ADDRESS} - TackerPublic: {protocol: http, port: '9890', host: IP_ADDRESS} - ZaqarAdmin: {protocol: http, port: '8888', host: IP_ADDRESS} - ZaqarInternal: {protocol: http, port: '8888', host: IP_ADDRESS} - ZaqarPublic: {protocol: http, port: '8888', host: IP_ADDRESS} - ZaqarWebSocketAdmin: {protocol: ws, port: '9000', host: IP_ADDRESS} - ZaqarWebSocketInternal: {protocol: ws, port: '9000', host: IP_ADDRESS} - ZaqarWebSocketPublic: {protocol: ws, port: '9000', host: IP_ADDRESS} - ZaqarWebSocketUIConfig: {protocol: ws, port: '3000', host: IP_ADDRESS} - diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml deleted file mode 100644 index e68a45a041..0000000000 --- a/environments/tls-endpoints-public-dns.yaml +++ /dev/null @@ -1,109 +0,0 @@ -# ************************************************************************************* -# DEPRECATED: Use tripleo-heat-templates/environments/ssl/tls-endpoints-public-dns.yaml -# instead. -# ************************************************************************************* -# Use this environment when deploying an SSL-enabled overcloud where the public -# endpoint is a DNS name. -parameter_defaults: - EndpointMap: - AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} - AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} - AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} - BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} - BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} - BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'} - CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} - CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} - CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} - CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} - CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} - CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} - CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} - DesignateAdmin: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} - DesignateInternal: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} - DesignatePublic: {protocol: 'https', port: '13001', host: 'CLOUDNAME'} - DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'} - Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} - Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} - Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} - GaneshaInternal: {protocol: 'nfs', port: '2049', host: 'IP_ADDRESS'} - GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} - GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} - GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} - GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} - GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} - GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} - HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} - HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} - HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} - HeatUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'} - HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} - HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} - HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'} - HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} - IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} - IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} - IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'} - IronicUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'} - IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} - IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} - IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'} - IronicInspectorUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'} - KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} - KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} - KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} - KeystoneUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'} - ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} - ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} - ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} - MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} - MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} - MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} - MistralUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'} - MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} - NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} - NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} - NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} - NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} - NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} - NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} - NovaUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'} - NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} - NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} - NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'} - NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} - NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} - NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} - OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} - OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} - OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'} - OpenDaylightAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - OpenDaylightInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - OpenshiftAdmin: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'} - OpenshiftInternal: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'} - OpenshiftPublic: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'} - OpenshiftRouterAdmin: {protocol: 'http', port: '80', host: 'IP_ADDRESS'} - OpenshiftRouterInternal: {protocol: 'http', port: '80', host: 'IP_ADDRESS'} - OpenshiftRouterPublic: {protocol: 'http', port: '80', host: 'IP_ADDRESS'} - PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'} - PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'} - PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'} - SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} - SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} - SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} - SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} - SwiftUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'} - TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} - TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} - TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} - ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} - ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} - ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} - ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} - ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} - ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} - ZaqarWebSocketUIConfig: {protocol: 'ws', port: '3000', host: 'IP_ADDRESS'} diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml deleted file mode 100644 index fb853cd619..0000000000 --- a/environments/tls-endpoints-public-ip.yaml +++ /dev/null @@ -1,109 +0,0 @@ -# ************************************************************************************* -# DEPRECATED: Use tripleo-heat-templates/environments/ssl/tls-endpoints-public-ip.yaml -# instead. -# ************************************************************************************* -# Use this environment when deploying an SSL-enabled overcloud where the public -# endpoint is an IP address. -parameter_defaults: - EndpointMap: - AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} - AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} - AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'} - BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} - BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} - BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'} - CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} - CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} - CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} - CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'} - CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} - CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} - CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'} - DesignateAdmin: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} - DesignateInternal: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} - DesignatePublic: {protocol: 'https', port: '13001', host: 'IP_ADDRESS'} - DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'IP_ADDRESS'} - Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} - Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} - Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'} - GaneshaInternal: {protocol: 'nfs', port: '2049', host: 'IP_ADDRESS'} - GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} - GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} - GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'} - GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} - GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} - GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'} - HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} - HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} - HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'} - HeatUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'} - HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} - HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} - HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'} - HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} - IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} - IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} - IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'} - IronicUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'} - IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} - IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} - IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'} - IronicInspectorUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'} - KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} - KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} - KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'} - KeystoneUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'} - ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} - ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} - ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'} - MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} - MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} - MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'} - MistralUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'} - MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} - NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} - NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} - NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'} - NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} - NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} - NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'} - NovaUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'} - NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} - NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} - NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'} - NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} - NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} - NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'} - OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} - OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} - OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'} - OpenDaylightAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - OpenDaylightInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - OpenshiftAdmin: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'} - OpenshiftInternal: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'} - OpenshiftPublic: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'} - OpenshiftRouterAdmin: {protocol: 'http', port: '80', host: 'IP_ADDRESS'} - OpenshiftRouterInternal: {protocol: 'http', port: '80', host: 'IP_ADDRESS'} - OpenshiftRouterPublic: {protocol: 'http', port: '80', host: 'IP_ADDRESS'} - PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'} - PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'} - PankoPublic: {protocol: 'https', port: '13977', host: 'IP_ADDRESS'} - SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} - SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} - SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'} - SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} - SwiftUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'} - TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} - TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} - TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'} - ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} - ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} - ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'} - ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} - ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} - ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'} - ZaqarWebSocketUIConfig: {protocol: 'ws', port: '3000', host: 'IP_ADDRESS'} diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml deleted file mode 100644 index b50586afaa..0000000000 --- a/environments/tls-everywhere-endpoints-dns.yaml +++ /dev/null @@ -1,105 +0,0 @@ -# Use this environment when deploying an overcloud where all the endpoints are -# DNS names and there's TLS in all endpoint types. -parameter_defaults: - EndpointMap: - AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'} - AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'} - AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} - BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'} - BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'} - BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'} - CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} - CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} - CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} - CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} - CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} - CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} - CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} - CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} - CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} - DesignateAdmin: {protocol: 'https', port: '9001', host: 'CLOUDNAME'} - DesignateInternal: {protocol: 'https', port: '9001', host: 'CLOUDNAME'} - DesignatePublic: {protocol: 'https', port: '13001', host: 'CLOUDNAME'} - DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'} - Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} - Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} - Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} - GaneshaInternal: {protocol: 'nfs', port: '2049', host: 'CLOUDNAME'} - GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} - GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} - GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} - GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} - GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} - GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} - HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'} - HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'} - HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} - HeatUIConfig: {protocol: 'http', port: '3000', host: 'CLOUDNAME'} - HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'} - HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'} - HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'} - HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} - IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'} - IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'} - IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'} - IronicUIConfig: {protocol: 'http', port: '3000', host: 'CLOUDNAME'} - IronicInspectorAdmin: {protocol: 'https', port: '5050', host: 'CLOUDNAME'} - IronicInspectorInternal: {protocol: 'https', port: '5050', host: 'CLOUDNAME'} - IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'} - IronicInspectorUIConfig: {protocol: 'http', port: '3000', host: 'CLOUDNAME'} - KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'} - KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'} - KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} - KeystoneUIConfig: {protocol: 'http', port: '3000', host: 'CLOUDNAME'} - ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'} - ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'} - ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} - MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'} - MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'} - MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} - MistralUIConfig: {protocol: 'http', port: '3000', host: 'CLOUDNAME'} - MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'} - NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'} - NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'} - NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} - NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} - NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} - NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} - NovaUIConfig: {protocol: 'http', port: '3000', host: 'CLOUDNAME'} - NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'} - NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'} - NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'} - NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} - NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} - NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} - OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'} - OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'} - OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'} - OpenDaylightAdmin: {protocol: 'https', port: '8081', host: 'CLOUDNAME'} - OpenDaylightInternal: {protocol: 'https', port: '8081', host: 'CLOUDNAME'} - OpenshiftAdmin: {protocol: 'https', port: '8443', host: 'CLOUDNAME'} - OpenshiftInternal: {protocol: 'https', port: '8443', host: 'CLOUDNAME'} - OpenshiftPublic: {protocol: 'https', port: '8443', host: 'CLOUDNAME'} - OpenshiftRouterAdmin: {protocol: 'https', port: '443', host: 'CLOUDNAME'} - OpenshiftRouterInternal: {protocol: 'https', port: '443', host: 'CLOUDNAME'} - OpenshiftRouterPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} - PankoAdmin: {protocol: 'https', port: '8977', host: 'CLOUDNAME'} - PankoInternal: {protocol: 'https', port: '8977', host: 'CLOUDNAME'} - PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'} - SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} - SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} - SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} - SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} - SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} - SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} - SwiftUIConfig: {protocol: 'http', port: '3000', host: 'CLOUDNAME'} - TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'} - TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'} - TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} - ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} - ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} - ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} - ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} - ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} - ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} - ZaqarWebSocketUIConfig: {protocol: ws, port: '3000', host: 'CLOUDNAME'} diff --git a/releasenotes/notes/remove-old-tls-envs-137cf19b55526a81.yaml b/releasenotes/notes/remove-old-tls-envs-137cf19b55526a81.yaml new file mode 100644 index 0000000000..be9690e7f8 --- /dev/null +++ b/releasenotes/notes/remove-old-tls-envs-137cf19b55526a81.yaml @@ -0,0 +1,9 @@ +--- +deprecations: + - | + The TLS-related environment files in the environments/ directory were + deleted. The ones in the environments/ssl/ are preferred instead. Namely, + the following files:: enable-internal-tls.yaml, enable-tls.yaml, + inject-trust-anchor-hiera.yaml, inject-trust-anchor.yaml, + no-tls-endpoints-public-ip.yaml, tls-endpoints-public-dns.yaml + tls-endpoints-public-ip.yaml, tls-everywhere-endpoints-dns.yaml. diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index c84e415cb0..f66322f35e 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -48,10 +48,6 @@ required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords', # so they need to be listed twice. Once the deprecated version can be removed # the duplicate entries can be as well. envs_containing_endpoint_map = ['no-tls-endpoints-public-ip.yaml', - 'tls-endpoints-public-dns.yaml', - 'tls-endpoints-public-ip.yaml', - 'tls-everywhere-endpoints-dns.yaml', - 'no-tls-endpoints-public-ip.yaml', 'tls-endpoints-public-dns.yaml', 'tls-endpoints-public-ip.yaml', 'tls-everywhere-endpoints-dns.yaml']