Support config dir for env generator input files

We're not going to want to list every single sample environment in a single file, so let's also take a directory and just read every yaml file in it. This commit adds support for that as well as some initial environments to demonstrate its use. Change-Id: If2c608f2a61fc5e16784ab594d23f1fa335e1d3c
2016-05-31 11:47:10 -05:00
parent 4e24c8cb6a
commit f503d1b0e7
13 changed files with 900 additions and 14 deletions
--- a/environments/ssl/enable-tls.yaml
+++ b/environments/ssl/enable-tls.yaml
@@ -0,0 +1,41 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Enable SSL on OpenStack Public Endpoints
+# description: |
+#   Use this environment to pass in certificates for SSL deployments.
+#   For these values to take effect, one of the tls-endpoints-*.yaml environments
+#   must also be used.
+parameter_defaults:
+  # The content of the SSL certificate (without Key) in PEM format.
+  # Mandatory. This parameter must be set by the user.
+  # Type: string
+  SSLCertificate: |
+    The contents of your certificate go here
+
+  # The content of an SSL intermediate CA certificate in PEM format.
+  # Type: string
+  SSLIntermediateCertificate: ''
+
+  # The content of the SSL Key in PEM format.
+  # Mandatory. This parameter must be set by the user.
+  # Type: string
+  SSLKey: |
+    The contents of the private key go here
+
+  # ******************************************************
+  # Static parameters - these are values that must be
+  # included in the environment but should not be changed.
+  # ******************************************************
+  # The filepath of the certificate as it will be stored in the controller.
+  # Type: string
+  DeployedSSLCertificatePath: /etc/pki/tls/private/overcloud_endpoint.pem
+
+  # *********************
+  # End static parameters
+  # *********************
+resource_registry:
+  OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
--- a/environments/ssl/tls-endpoints-public-dns.yaml
+++ b/environments/ssl/tls-endpoints-public-dns.yaml
@@ -0,0 +1,131 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Deploy Public SSL Endpoints as DNS Names
+# description: |
+#   Use this environment when deploying an SSL-enabled overcloud where the public
+#   endpoint is a DNS name.
+parameter_defaults:
+  # Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.
+  # Type: json
+  EndpointMap: 
+    AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+    AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+    AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
+    BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
+    BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
+    BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
+    CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+    CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+    CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
+    CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+    CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+    CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
+    CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+    CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+    CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
+    CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+    CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+    CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
+    ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+    ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+    ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+    ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
+    host: 'IP_ADDRESS'}
+    ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
+    host: 'IP_ADDRESS'}
+    ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
+    host: 'IP_ADDRESS'}
+    ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
+    host: 'IP_ADDRESS'}
+    ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
+    host: 'IP_ADDRESS'}
+    ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
+    host: 'IP_ADDRESS'}
+    ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+    ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+    ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+    ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+    ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+    ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+    ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+    ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+    ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+    ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+    ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+    ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+    ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+    ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+    ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+    ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+    ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+    ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+    Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
+    Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
+    Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
+    GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+    GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+    GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
+    GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+    GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+    GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
+    HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+    HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+    HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
+    HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+    HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+    HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
+    HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
+    IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+    IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+    IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
+    IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+    IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+    IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
+    KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
+    KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
+    KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
+    ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+    ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+    ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
+    MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
+    MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
+    MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
+    MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
+    NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+    NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+    NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
+    NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+    NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+    NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
+    NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
+    NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
+    NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
+    NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+    NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+    NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
+    OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
+    OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
+    OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
+    PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
+    PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
+    PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
+    SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+    SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+    SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
+    SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+    SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+    SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
+    TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
+    TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
+    TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
+    ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
+    ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
+    ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
+    ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
+    ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
+    ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
+
--- a/environments/ssl/tls-endpoints-public-ip.yaml
+++ b/environments/ssl/tls-endpoints-public-ip.yaml
@@ -0,0 +1,131 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Deploy Public SSL Endpoints as IP Addresses
+# description: |
+#   Use this environment when deploying an SSL-enabled overcloud where the public
+#   endpoint is an IP address.
+parameter_defaults:
+  # Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.
+  # Type: json
+  EndpointMap: 
+    AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+    AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+    AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
+    BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
+    BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
+    BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'}
+    CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+    CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+    CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'}
+    CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+    CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+    CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
+    CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+    CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+    CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
+    CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+    CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+    CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'}
+    ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+    ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+    ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+    ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
+    host: 'IP_ADDRESS'}
+    ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
+    host: 'IP_ADDRESS'}
+    ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
+    host: 'IP_ADDRESS'}
+    ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
+    host: 'IP_ADDRESS'}
+    ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
+    host: 'IP_ADDRESS'}
+    ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
+    host: 'IP_ADDRESS'}
+    ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+    ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+    ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+    ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+    ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+    ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+    ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+    ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+    ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+    ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+    ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+    ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+    ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+    ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+    ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+    ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+    ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+    ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+    Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
+    Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
+    Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'}
+    GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+    GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+    GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
+    GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+    GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+    GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'}
+    HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+    HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+    HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'}
+    HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+    HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+    HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'}
+    HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
+    IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+    IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+    IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
+    IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+    IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+    IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'}
+    KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
+    KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
+    KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
+    ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+    ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+    ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'}
+    MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
+    MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
+    MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
+    MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
+    NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+    NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+    NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'}
+    NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+    NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+    NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
+    NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
+    NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
+    NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'}
+    NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+    NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+    NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
+    OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
+    OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
+    OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'}
+    PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
+    PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
+    PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'}
+    SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+    SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+    SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'}
+    SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+    SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+    SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
+    TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
+    TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
+    TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
+    ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
+    ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
+    ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'}
+    ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
+    ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
+    ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'}
+
--- a/environments/ssl/tls-everywhere-endpoints-dns.yaml
+++ b/environments/ssl/tls-everywhere-endpoints-dns.yaml
@@ -0,0 +1,131 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Deploy All SSL Endpoints as DNS Names
+# description: |
+#   Use this environment when deploying an overcloud where all the endpoints are
+#   DNS names and there's TLS in all endpoint types.
+parameter_defaults:
+  # Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.
+  # Type: json
+  EndpointMap: 
+    AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
+    AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
+    AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
+    BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
+    BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
+    BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
+    CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
+    CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
+    CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
+    CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
+    CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
+    CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
+    CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
+    CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
+    CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
+    CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
+    CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
+    CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
+    ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+    ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+    ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+    ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
+    host: 'IP_ADDRESS'}
+    ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
+    host: 'IP_ADDRESS'}
+    ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
+    host: 'IP_ADDRESS'}
+    ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
+    host: 'IP_ADDRESS'}
+    ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
+    host: 'IP_ADDRESS'}
+    ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
+    host: 'IP_ADDRESS'}
+    ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+    ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+    ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+    ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+    ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+    ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+    ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+    ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+    ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+    ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+    ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+    ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+    ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+    ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+    ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+    ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+    ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+    ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+    Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
+    Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
+    Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
+    GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
+    GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
+    GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
+    GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
+    GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
+    GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
+    HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
+    HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
+    HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
+    HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
+    HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
+    HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
+    HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
+    IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
+    IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
+    IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
+    IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
+    IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
+    IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
+    KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'}
+    KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'}
+    KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
+    ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
+    ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
+    ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
+    MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
+    MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
+    MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
+    MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'}
+    NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
+    NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
+    NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
+    NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
+    NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
+    NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
+    NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
+    NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
+    NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
+    NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
+    NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
+    NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
+    OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
+    OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
+    OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
+    PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
+    PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
+    PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
+    SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
+    SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
+    SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
+    SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
+    SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
+    SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
+    TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
+    TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
+    TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
+    ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
+    ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
+    ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
+    ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
+    ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
+    ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
+