Browse Source

Support config dir for env generator input files

We're not going to want to list every single sample environment in
a single file, so let's also take a directory and just read every
yaml file in it.  This commit adds support for that as well as
some initial environments to demonstrate its use.

Change-Id: If2c608f2a61fc5e16784ab594d23f1fa335e1d3c
changes/47/465647/7
Ben Nemec 5 years ago
parent
commit
f503d1b0e7
  1. 3
      environments/enable-tls.yaml
  2. 41
      environments/ssl/enable-tls.yaml
  3. 131
      environments/ssl/tls-endpoints-public-dns.yaml
  4. 131
      environments/ssl/tls-endpoints-public-ip.yaml
  5. 131
      environments/ssl/tls-everywhere-endpoints-dns.yaml
  6. 4
      environments/tls-endpoints-public-dns.yaml
  7. 4
      environments/tls-endpoints-public-ip.yaml
  8. 4
      sample-env-generator/README.rst
  9. 0
      sample-env-generator/predictable-placement.yaml
  10. 426
      sample-env-generator/ssl.yaml
  11. 13
      tools/yaml-validate.py
  12. 2
      tox.ini
  13. 24
      tripleo_heat_templates/environment_generator.py

3
environments/enable-tls.yaml

@ -1,3 +1,6 @@
# ********************************************************************************
# DEPRECATED: Use tripleo-heat-templates/environments/ssl/enable-tls.yaml instead.
# ********************************************************************************
# Use this environment to pass in certificates for SSL deployments.
# For these values to take effect, one of the tls-endpoints-*.yaml environments
# must also be used.

41
environments/ssl/enable-tls.yaml

@ -0,0 +1,41 @@
# *******************************************************************
# This file was created automatically by the sample environment
# generator. Developers should use `tox -e genconfig` to update it.
# Users are recommended to make changes to a copy of the file instead
# of the original, if any customizations are needed.
# *******************************************************************
# title: Enable SSL on OpenStack Public Endpoints
# description: |
# Use this environment to pass in certificates for SSL deployments.
# For these values to take effect, one of the tls-endpoints-*.yaml environments
# must also be used.
parameter_defaults:
# The content of the SSL certificate (without Key) in PEM format.
# Mandatory. This parameter must be set by the user.
# Type: string
SSLCertificate: |
The contents of your certificate go here
# The content of an SSL intermediate CA certificate in PEM format.
# Type: string
SSLIntermediateCertificate: ''
# The content of the SSL Key in PEM format.
# Mandatory. This parameter must be set by the user.
# Type: string
SSLKey: |
The contents of the private key go here
# ******************************************************
# Static parameters - these are values that must be
# included in the environment but should not be changed.
# ******************************************************
# The filepath of the certificate as it will be stored in the controller.
# Type: string
DeployedSSLCertificatePath: /etc/pki/tls/private/overcloud_endpoint.pem
# *********************
# End static parameters
# *********************
resource_registry:
OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml

131
environments/ssl/tls-endpoints-public-dns.yaml

@ -0,0 +1,131 @@
# *******************************************************************
# This file was created automatically by the sample environment
# generator. Developers should use `tox -e genconfig` to update it.
# Users are recommended to make changes to a copy of the file instead
# of the original, if any customizations are needed.
# *******************************************************************
# title: Deploy Public SSL Endpoints as DNS Names
# description: |
# Use this environment when deploying an SSL-enabled overcloud where the public
# endpoint is a DNS name.
parameter_defaults:
# Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.
# Type: json
EndpointMap:
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}

131
environments/ssl/tls-endpoints-public-ip.yaml

@ -0,0 +1,131 @@
# *******************************************************************
# This file was created automatically by the sample environment
# generator. Developers should use `tox -e genconfig` to update it.
# Users are recommended to make changes to a copy of the file instead
# of the original, if any customizations are needed.
# *******************************************************************
# title: Deploy Public SSL Endpoints as IP Addresses
# description: |
# Use this environment when deploying an SSL-enabled overcloud where the public
# endpoint is an IP address.
parameter_defaults:
# Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.
# Type: json
EndpointMap:
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'}
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'}
CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'}
ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'}
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'}
HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'}
HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'}
HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'}
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'}
MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'}
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'}
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'}
PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'}
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'}
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'}
ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'}

131
environments/ssl/tls-everywhere-endpoints-dns.yaml

@ -0,0 +1,131 @@
# *******************************************************************
# This file was created automatically by the sample environment
# generator. Developers should use `tox -e genconfig` to update it.
# Users are recommended to make changes to a copy of the file instead
# of the original, if any customizations are needed.
# *******************************************************************
# title: Deploy All SSL Endpoints as DNS Names
# description: |
# Use this environment when deploying an overcloud where all the endpoints are
# DNS names and there's TLS in all endpoint types.
parameter_defaults:
# Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.
# Type: json
EndpointMap:
AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'}
KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'}
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'}
NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}

4
environments/tls-endpoints-public-dns.yaml

@ -1,3 +1,7 @@
# *************************************************************************************
# DEPRECATED: Use tripleo-heat-templates/environments/ssl/tls-endpoints-public-dns.yaml
# instead.
# *************************************************************************************
# Use this environment when deploying an SSL-enabled overcloud where the public
# endpoint is a DNS name.
parameter_defaults:

4
environments/tls-endpoints-public-ip.yaml

@ -1,3 +1,7 @@
# *************************************************************************************
# DEPRECATED: Use tripleo-heat-templates/environments/ssl/tls-endpoints-public-ip.yaml
# instead.
# *************************************************************************************
# Use this environment when deploying an SSL-enabled overcloud where the public
# endpoint is an IP address.
parameter_defaults:

4
sample-env-generator/README.rst

@ -19,8 +19,8 @@ target to do this::
``tripleo-heat-templates`` project.
If a new sample environment is needed, it should be added to the
``sample-env-generator/sample-environments.yaml`` file. The existing
entries in the file can be used as examples, and a more detailed
appropriate file in the ``sample-env-generator/`` directory. The existing
entries in the files can be used as examples, and a more detailed
explanation of the different available keys is below:
- **name**: the output file will be this name + .yaml, in the

0
sample-env-generator/sample-environments.yaml → sample-env-generator/predictable-placement.yaml

426
sample-env-generator/ssl.yaml

@ -0,0 +1,426 @@
environments:
-
name: ssl/enable-tls
title: Enable SSL on OpenStack Public Endpoints
description: |
Use this environment to pass in certificates for SSL deployments.
For these values to take effect, one of the tls-endpoints-*.yaml environments
must also be used.
files:
puppet/extraconfig/tls/tls-cert-inject.yaml:
parameters: all
static:
# This should probably be private, but for testing static params I'm
# setting it as such for now.
- DeployedSSLCertificatePath
sample_values:
SSLCertificate: |-
|
The contents of your certificate go here
SSLKey: |-
|
The contents of the private key go here
resource_registry:
OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
-
name: ssl/tls-endpoints-public-ip
title: Deploy Public SSL Endpoints as IP Addresses
description: |
Use this environment when deploying an SSL-enabled overcloud where the public
endpoint is an IP address.
files:
network/endpoints/endpoint_map.yaml:
parameters:
- EndpointMap
sample_values:
# NOTE(bnemec): This is a bit odd, but it's the only way I've found that
# works. The |-2 tells YAML to strip two spaces off the indentation of
# the value, which because it's indented six spaces gets us to the four
# that we actually want. Note that zero is not a valid value here, so
# two seemed like the most sane option.
EndpointMap: |-2
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'}
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'}
CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'}
ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'}
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'}
HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'}
HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'}
HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'}
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'}
MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'}
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'}
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'}
PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'}
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'}
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'}
ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'}
-
name: ssl/tls-endpoints-public-dns
title: Deploy Public SSL Endpoints as DNS Names
description: |
Use this environment when deploying an SSL-enabled overcloud where the public
endpoint is a DNS name.
files:
network/endpoints/endpoint_map.yaml:
parameters:
- EndpointMap
sample_values:
# NOTE(bnemec): This is a bit odd, but it's the only way I've found that
# works. The |-2 tells YAML to strip two spaces off the indentation of
# the value, which because it's indented six spaces gets us to the four
# that we actually want. Note that zero is not a valid value here, so
# two seemed like the most sane option.
EndpointMap: |-2
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
-
name: ssl/tls-everywhere-endpoints-dns
title: Deploy All SSL Endpoints as DNS Names
description: |
Use this environment when deploying an overcloud where all the endpoints are
DNS names and there's TLS in all endpoint types.
files:
network/endpoints/endpoint_map.yaml:
parameters:
- EndpointMap
sample_values:
# NOTE(bnemec): This is a bit odd, but it's the only way I've found that
# works. The |-2 tells YAML to strip two spaces off the indentation of
# the value, which because it's indented six spaces gets us to the four
# that we actually want. Note that zero is not a valid value here, so
# two seemed like the most sane option.
EndpointMap: |-2
AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'}
KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'}
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'}
NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}

13
tools/yaml-validate.py

@ -20,7 +20,14 @@ import yaml
required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords',
'RoleName', 'RoleParameters']
# NOTE(bnemec): The duplication in this list is intentional. For the
# transition to generated environments we have two copies of these files,
# so they need to be listed twice. Once the deprecated version can be removed
# the duplicate entries can be as well.
envs_containing_endpoint_map = ['tls-endpoints-public-dns.yaml',
'tls-endpoints-public-ip.yaml',
'tls-everywhere-endpoints-dns.yaml',
'tls-endpoints-public-dns.yaml',
'tls-endpoints-public-ip.yaml',
'tls-everywhere-endpoints-dns.yaml']
ENDPOINT_MAP_FILE = 'endpoint_map.yaml'
@ -294,9 +301,9 @@ if base_endpoint_map and \
else:
print("%s matches base endpoint map" % env_endpoint_map['file'])
else:
print("ERROR: Can't validate endpoint maps since a file is missing. "
"If you meant to delete one of these files you should update this "
"tool as well.")
print("ERROR: Did not find expected number of environments containing the "
"EndpointMap parameter. If you meant to add or remove one of these "
"environments then you also need to update this tool.")
if not base_endpoint_map:
failed_files.append(ENDPOINT_MAP_FILE)
if len(env_endpoint_maps) != len(envs_containing_endpoint_map):

2
tox.ini

@ -31,4 +31,4 @@ commands = python setup.py test --coverage --coverage-package-name=tripleo_heat_
[testenv:genconfig]
commands =
python ./tools/process-templates.py
python ./tripleo_heat_templates/environment_generator.py sample-env-generator/sample-environments.yaml
python ./tripleo_heat_templates/environment_generator.py sample-env-generator/

24
tripleo_heat_templates/environment_generator.py

@ -165,24 +165,32 @@ def _generate_environment(input_env, parent_env=None):
_generate_environment(e, env)
def generate_environments(config_file):
with open(config_file) as f:
config = yaml.safe_load(f)
for env in config['environments']:
_generate_environment(env)
def generate_environments(config_path):
if os.path.isdir(config_path):
config_files = os.listdir(config_path)
config_files = [os.path.join(config_path, i) for i in config_files
if os.path.splitext(i)[1] == '.yaml']
else:
config_files = [config_path]
for config_file in config_files:
print('Reading environment definitions from %s' % config_file)
with open(config_file) as f:
config = yaml.safe_load(f)
for env in config['environments']:
_generate_environment(env)
def usage(exit_code=1):
print('Usage: %s <filename.yaml>' % sys.argv[0])
print('Usage: %s [<filename.yaml> | <directory>]' % sys.argv[0])
sys.exit(exit_code)
def main():
try:
config_file = sys.argv[1]
config_path = sys.argv[1]
except IndexError:
usage()
generate_environments(config_file)
generate_environments(config_path)
if __name__ == '__main__':

Loading…
Cancel
Save