openstack/tripleo-heat-templates
Code Issues Proposed changes

Merge "Docker: Enable TLS in the internal network for libvirt"

Browse Source
This commit is contained in:
Jenkins 2017-08-24 17:56:50 +00:00 committed by Gerrit Code Review
commit adff7d36f9
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
docker/services/nova-libvirt.yaml
View File

@ -113,7 +113,10 @@ outputs:
value: value:
service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]} service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]}
config_settings: config_settings:
get_attr: [NovaLibvirtBase, role_data, config_settings] map_merge:
- get_attr: [NovaLibvirtBase, role_data, config_settings]
- tripleo::profile::base::certmonger_user::libvirt_postsave_cmd: "true" # TODO: restart the libvirt container here
step_config: &step_config step_config: &step_config
list_join: list_join:
- "\n" - "\n"
@ -201,6 +204,16 @@ outputs:
- /var/lib/libvirt:/var/lib/libvirt - /var/lib/libvirt:/var/lib/libvirt
- /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro - /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
- /var/log/containers/nova:/var/log/nova - /var/log/containers/nova:/var/log/nova
-
if:
- use_tls_for_live_migration
-
- /etc/ipa/ca.crt:/etc/pki/CA/cacert.pem:ro
- /etc/pki/libvirt/servercert.pem:/etc/pki/libvirt/servercert.pem:ro
- /etc/pki/libvirt/private/serverkey.pem:/etc/pki/libvirt/private/serverkey.pem:ro
- /etc/pki/libvirt/clientcert.pem:/etc/pki/libvirt/clientcert.pem:ro
- /etc/pki/libvirt/private/clientkey.pem:/etc/pki/libvirt/private/clientkey.pem:ro
- null
environment: environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_4: step_4:
@ -256,6 +269,8 @@ outputs:
- libvirtd.service - libvirtd.service
- virtlogd.socket - virtlogd.socket
when: libvirt_installed.rc == 0 when: libvirt_installed.rc == 0
metadata_settings:
get_attr: [NovaLibvirtBase, role_data, metadata_settings]
upgrade_tasks: upgrade_tasks:
- name: Stop and disable libvirtd service - name: Stop and disable libvirtd service
tags: step2 tags: step2

5
environments/docker-services-tls-everywhere.yaml
View File

@ -14,6 +14,7 @@ resource_registry:
OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml
OS::TripleO::Services::ComputeCeilometerAgent: ../docker/services/ceilometer-agent-compute.yaml OS::TripleO::Services::ComputeCeilometerAgent: ../docker/services/ceilometer-agent-compute.yaml
OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
OS::TripleO::Services::ContainersLogrotateCrond: ../docker/services/logrotate-crond.yaml
OS::TripleO::Services::GlanceApi: ../docker/services/glance-api.yaml OS::TripleO::Services::GlanceApi: ../docker/services/glance-api.yaml
OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml
OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml
@ -23,8 +24,10 @@ resource_registry:
OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml
OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml
OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml
OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml
OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml
OS::TripleO::Services::Multipathd: ../docker/services/multipathd.yaml
OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml
OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
@ -34,8 +37,10 @@ resource_registry:
OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
OS::TripleO::Services::NovaApi: ../docker/services/nova-api.yaml OS::TripleO::Services::NovaApi: ../docker/services/nova-api.yaml
OS::TripleO::Services::NovaCompute: ../docker/services/nova-compute.yaml
OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml
OS::TripleO::Services::NovaConsoleauth: ../docker/services/nova-consoleauth.yaml OS::TripleO::Services::NovaConsoleauth: ../docker/services/nova-consoleauth.yaml
OS::TripleO::Services::NovaLibvirt: ../docker/services/nova-libvirt.yaml
OS::TripleO::Services::NovaMetadata: ../docker/services/nova-metadata.yaml OS::TripleO::Services::NovaMetadata: ../docker/services/nova-metadata.yaml
OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml
OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml