Merge "Enable TLS in loadbalancer if cert path is detected"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
d85635ba68
|
|
@ -4,6 +4,38 @@ parameter_defaults:
|
|||
SSLIntermediateCertificate: ''
|
||||
SSLKey: |
|
||||
The contents of the private key go here
|
||||
EndpointMap:
|
||||
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
||||
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
||||
CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
|
||||
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
||||
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
||||
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
|
||||
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
||||
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
||||
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
|
||||
GlanceRegistryAdmin: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'}
|
||||
GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'}
|
||||
GlanceRegistryPublic: {protocol: 'https', port: '9191', host: 'IP_ADDRESS'} # Not set on the loadbalancer yet.
|
||||
HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
||||
HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
||||
HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
|
||||
HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
|
||||
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
|
||||
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
|
||||
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
|
||||
NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
||||
NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
||||
NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
|
||||
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
|
||||
NovaEC2Admin: {protocol: 'http', port: '8773', host: 'IP_ADDRESS'}
|
||||
NovaEC2Internal: {protocol: 'http', port: '8773', host: 'IP_ADDRESS'}
|
||||
NovaEC2Public: {protocol: 'https', port: '13773', host: 'CLOUDNAME'}
|
||||
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
|
||||
|
||||
resource_registry:
|
||||
OS::TripleO::NodeTLSData: ../puppet/extraconfig/tls/tls-cert-inject.yaml
|
||||
|
|
|
|||
|
|
@ -1437,12 +1437,7 @@ resources:
|
|||
tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
|
||||
tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
|
||||
tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address}
|
||||
# NOTE(jaosorior): The service certificate configuration for
|
||||
# HAProxy was left commented because to properly use this, we
|
||||
# need to be able to set up the keystone endpoints. And
|
||||
# currently that is not possible, but is being addressed by
|
||||
# other commits. A subsequent commit will uncomment this.
|
||||
#tripleo::loadbalancer::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
|
||||
tripleo::loadbalancer::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
|
||||
tripleo::packages::enable_install: {get_input: enable_package_install}
|
||||
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue