Support config dir for env generator input files
We're not going to want to list every single sample environment in a single file, so let's also take a directory and just read every yaml file in it. This commit adds support for that as well as some initial environments to demonstrate its use. Change-Id: If2c608f2a61fc5e16784ab594d23f1fa335e1d3c
This commit is contained in:
parent
4e24c8cb6a
commit
f503d1b0e7
@ -1,3 +1,6 @@
|
|||||||
|
# ********************************************************************************
|
||||||
|
# DEPRECATED: Use tripleo-heat-templates/environments/ssl/enable-tls.yaml instead.
|
||||||
|
# ********************************************************************************
|
||||||
# Use this environment to pass in certificates for SSL deployments.
|
# Use this environment to pass in certificates for SSL deployments.
|
||||||
# For these values to take effect, one of the tls-endpoints-*.yaml environments
|
# For these values to take effect, one of the tls-endpoints-*.yaml environments
|
||||||
# must also be used.
|
# must also be used.
|
||||||
|
41
environments/ssl/enable-tls.yaml
Normal file
41
environments/ssl/enable-tls.yaml
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
# *******************************************************************
|
||||||
|
# This file was created automatically by the sample environment
|
||||||
|
# generator. Developers should use `tox -e genconfig` to update it.
|
||||||
|
# Users are recommended to make changes to a copy of the file instead
|
||||||
|
# of the original, if any customizations are needed.
|
||||||
|
# *******************************************************************
|
||||||
|
# title: Enable SSL on OpenStack Public Endpoints
|
||||||
|
# description: |
|
||||||
|
# Use this environment to pass in certificates for SSL deployments.
|
||||||
|
# For these values to take effect, one of the tls-endpoints-*.yaml environments
|
||||||
|
# must also be used.
|
||||||
|
parameter_defaults:
|
||||||
|
# The content of the SSL certificate (without Key) in PEM format.
|
||||||
|
# Mandatory. This parameter must be set by the user.
|
||||||
|
# Type: string
|
||||||
|
SSLCertificate: |
|
||||||
|
The contents of your certificate go here
|
||||||
|
|
||||||
|
# The content of an SSL intermediate CA certificate in PEM format.
|
||||||
|
# Type: string
|
||||||
|
SSLIntermediateCertificate: ''
|
||||||
|
|
||||||
|
# The content of the SSL Key in PEM format.
|
||||||
|
# Mandatory. This parameter must be set by the user.
|
||||||
|
# Type: string
|
||||||
|
SSLKey: |
|
||||||
|
The contents of the private key go here
|
||||||
|
|
||||||
|
# ******************************************************
|
||||||
|
# Static parameters - these are values that must be
|
||||||
|
# included in the environment but should not be changed.
|
||||||
|
# ******************************************************
|
||||||
|
# The filepath of the certificate as it will be stored in the controller.
|
||||||
|
# Type: string
|
||||||
|
DeployedSSLCertificatePath: /etc/pki/tls/private/overcloud_endpoint.pem
|
||||||
|
|
||||||
|
# *********************
|
||||||
|
# End static parameters
|
||||||
|
# *********************
|
||||||
|
resource_registry:
|
||||||
|
OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
|
131
environments/ssl/tls-endpoints-public-dns.yaml
Normal file
131
environments/ssl/tls-endpoints-public-dns.yaml
Normal file
@ -0,0 +1,131 @@
|
|||||||
|
# *******************************************************************
|
||||||
|
# This file was created automatically by the sample environment
|
||||||
|
# generator. Developers should use `tox -e genconfig` to update it.
|
||||||
|
# Users are recommended to make changes to a copy of the file instead
|
||||||
|
# of the original, if any customizations are needed.
|
||||||
|
# *******************************************************************
|
||||||
|
# title: Deploy Public SSL Endpoints as DNS Names
|
||||||
|
# description: |
|
||||||
|
# Use this environment when deploying an SSL-enabled overcloud where the public
|
||||||
|
# endpoint is a DNS name.
|
||||||
|
parameter_defaults:
|
||||||
|
# Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.
|
||||||
|
# Type: json
|
||||||
|
EndpointMap:
|
||||||
|
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
|
||||||
|
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
|
||||||
|
AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
|
||||||
|
BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
||||||
|
BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
||||||
|
BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
|
||||||
|
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
||||||
|
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
||||||
|
CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
|
||||||
|
CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
|
||||||
|
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
||||||
|
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
||||||
|
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
|
||||||
|
CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
|
||||||
|
CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
|
||||||
|
CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
|
||||||
|
ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
||||||
|
ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
||||||
|
ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
||||||
|
ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
||||||
|
ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
||||||
|
ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
||||||
|
ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
||||||
|
Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
|
||||||
|
Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
|
||||||
|
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
|
||||||
|
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
||||||
|
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
||||||
|
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
|
||||||
|
GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
|
||||||
|
GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
|
||||||
|
GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
|
||||||
|
HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
||||||
|
HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
||||||
|
HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
|
||||||
|
HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
|
||||||
|
HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
|
||||||
|
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
|
||||||
|
HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
|
||||||
|
IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
|
||||||
|
IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
|
||||||
|
IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
|
||||||
|
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
|
||||||
|
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
|
||||||
|
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
|
||||||
|
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
|
||||||
|
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
|
||||||
|
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
|
||||||
|
ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
|
||||||
|
ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
|
||||||
|
ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
|
||||||
|
MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
|
||||||
|
MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
|
||||||
|
MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
|
||||||
|
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
|
||||||
|
NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
||||||
|
NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
||||||
|
NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
|
||||||
|
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||||
|
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||||
|
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
|
||||||
|
NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
|
||||||
|
NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
|
||||||
|
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
|
||||||
|
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
|
||||||
|
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
|
||||||
|
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
|
||||||
|
OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
|
||||||
|
OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
|
||||||
|
OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
|
||||||
|
PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
|
||||||
|
PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
|
||||||
|
PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
|
||||||
|
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
|
||||||
|
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
|
||||||
|
SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
|
||||||
|
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
|
||||||
|
TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
|
||||||
|
TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
|
||||||
|
TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
|
||||||
|
ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
|
||||||
|
ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
|
||||||
|
ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
|
||||||
|
ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
|
||||||
|
ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
|
||||||
|
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
|
||||||
|
|
131
environments/ssl/tls-endpoints-public-ip.yaml
Normal file
131
environments/ssl/tls-endpoints-public-ip.yaml
Normal file
@ -0,0 +1,131 @@
|
|||||||
|
# *******************************************************************
|
||||||
|
# This file was created automatically by the sample environment
|
||||||
|
# generator. Developers should use `tox -e genconfig` to update it.
|
||||||
|
# Users are recommended to make changes to a copy of the file instead
|
||||||
|
# of the original, if any customizations are needed.
|
||||||
|
# *******************************************************************
|
||||||
|
# title: Deploy Public SSL Endpoints as IP Addresses
|
||||||
|
# description: |
|
||||||
|
# Use this environment when deploying an SSL-enabled overcloud where the public
|
||||||
|
# endpoint is an IP address.
|
||||||
|
parameter_defaults:
|
||||||
|
# Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.
|
||||||
|
# Type: json
|
||||||
|
EndpointMap:
|
||||||
|
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
|
||||||
|
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
|
||||||
|
AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
|
||||||
|
BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
||||||
|
BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
||||||
|
BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'}
|
||||||
|
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
||||||
|
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
||||||
|
CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'}
|
||||||
|
CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
|
||||||
|
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
||||||
|
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
||||||
|
CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
|
||||||
|
CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
|
||||||
|
CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
|
||||||
|
CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
||||||
|
ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
||||||
|
ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
||||||
|
ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
||||||
|
ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
||||||
|
ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
||||||
|
ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
||||||
|
Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
|
||||||
|
Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
|
||||||
|
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'}
|
||||||
|
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
||||||
|
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
||||||
|
GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
|
||||||
|
GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
|
||||||
|
GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
|
||||||
|
GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'}
|
||||||
|
HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
||||||
|
HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
||||||
|
HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'}
|
||||||
|
HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
|
||||||
|
HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
|
||||||
|
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'}
|
||||||
|
HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
||||||
|
IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
|
||||||
|
IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
|
||||||
|
IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
|
||||||
|
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
|
||||||
|
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
|
||||||
|
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'}
|
||||||
|
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
|
||||||
|
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
|
||||||
|
KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
|
||||||
|
ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
|
||||||
|
ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
|
||||||
|
ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'}
|
||||||
|
MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
|
||||||
|
MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
|
||||||
|
MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
|
||||||
|
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
|
||||||
|
NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
||||||
|
NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
||||||
|
NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'}
|
||||||
|
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||||
|
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||||
|
NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
|
||||||
|
NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
|
||||||
|
NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
|
||||||
|
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'}
|
||||||
|
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
|
||||||
|
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
|
||||||
|
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
|
||||||
|
OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
|
||||||
|
OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
|
||||||
|
OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'}
|
||||||
|
PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
|
||||||
|
PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
|
||||||
|
PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'}
|
||||||
|
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
|
||||||
|
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
|
||||||
|
SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'}
|
||||||
|
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
|
||||||
|
TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
|
||||||
|
TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
|
||||||
|
TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
|
||||||
|
ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
|
||||||
|
ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
|
||||||
|
ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'}
|
||||||
|
ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
|
||||||
|
ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
|
||||||
|
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'}
|
||||||
|
|
131
environments/ssl/tls-everywhere-endpoints-dns.yaml
Normal file
131
environments/ssl/tls-everywhere-endpoints-dns.yaml
Normal file
@ -0,0 +1,131 @@
|
|||||||
|
# *******************************************************************
|
||||||
|
# This file was created automatically by the sample environment
|
||||||
|
# generator. Developers should use `tox -e genconfig` to update it.
|
||||||
|
# Users are recommended to make changes to a copy of the file instead
|
||||||
|
# of the original, if any customizations are needed.
|
||||||
|
# *******************************************************************
|
||||||
|
# title: Deploy All SSL Endpoints as DNS Names
|
||||||
|
# description: |
|
||||||
|
# Use this environment when deploying an overcloud where all the endpoints are
|
||||||
|
# DNS names and there's TLS in all endpoint types.
|
||||||
|
parameter_defaults:
|
||||||
|
# Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.
|
||||||
|
# Type: json
|
||||||
|
EndpointMap:
|
||||||
|
AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
|
||||||
|
AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
|
||||||
|
AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
|
||||||
|
BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
|
||||||
|
BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
|
||||||
|
BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
|
||||||
|
CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
|
||||||
|
CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
|
||||||
|
CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
|
||||||
|
CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
|
||||||
|
CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
|
||||||
|
CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
|
||||||
|
CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
|
||||||
|
CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
|
||||||
|
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
|
||||||
|
CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
|
||||||
|
CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
|
||||||
|
CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
|
||||||
|
ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
||||||
|
ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
||||||
|
ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
||||||
|
ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
||||||
|
ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
||||||
|
ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
||||||
|
ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
||||||
|
Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
|
||||||
|
Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
|
||||||
|
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
|
||||||
|
GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
|
||||||
|
GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
|
||||||
|
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
|
||||||
|
GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
|
||||||
|
GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
|
||||||
|
GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
|
||||||
|
HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
|
||||||
|
HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
|
||||||
|
HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
|
||||||
|
HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
|
||||||
|
HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
|
||||||
|
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
|
||||||
|
HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
|
||||||
|
IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
|
||||||
|
IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
|
||||||
|
IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
|
||||||
|
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
|
||||||
|
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
|
||||||
|
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
|
||||||
|
KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'}
|
||||||
|
KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'}
|
||||||
|
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
|
||||||
|
ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
|
||||||
|
ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
|
||||||
|
ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
|
||||||
|
MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
|
||||||
|
MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
|
||||||
|
MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
|
||||||
|
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'}
|
||||||
|
NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
|
||||||
|
NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
|
||||||
|
NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
|
||||||
|
NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
|
||||||
|
NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
|
||||||
|
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
|
||||||
|
NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
|
||||||
|
NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
|
||||||
|
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
|
||||||
|
NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
|
||||||
|
NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
|
||||||
|
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
|
||||||
|
OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
|
||||||
|
OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
|
||||||
|
OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
|
||||||
|
PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
|
||||||
|
PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
|
||||||
|
PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
|
||||||
|
SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
|
||||||
|
SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
|
||||||
|
SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
|
||||||
|
SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
|
||||||
|
SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
|
||||||
|
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
|
||||||
|
TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
|
||||||
|
TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
|
||||||
|
TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
|
||||||
|
ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
|
||||||
|
ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
|
||||||
|
ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
|
||||||
|
ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
|
||||||
|
ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
|
||||||
|
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
|
||||||
|
|
@ -1,3 +1,7 @@
|
|||||||
|
# *************************************************************************************
|
||||||
|
# DEPRECATED: Use tripleo-heat-templates/environments/ssl/tls-endpoints-public-dns.yaml
|
||||||
|
# instead.
|
||||||
|
# *************************************************************************************
|
||||||
# Use this environment when deploying an SSL-enabled overcloud where the public
|
# Use this environment when deploying an SSL-enabled overcloud where the public
|
||||||
# endpoint is a DNS name.
|
# endpoint is a DNS name.
|
||||||
parameter_defaults:
|
parameter_defaults:
|
||||||
|
@ -1,3 +1,7 @@
|
|||||||
|
# *************************************************************************************
|
||||||
|
# DEPRECATED: Use tripleo-heat-templates/environments/ssl/tls-endpoints-public-ip.yaml
|
||||||
|
# instead.
|
||||||
|
# *************************************************************************************
|
||||||
# Use this environment when deploying an SSL-enabled overcloud where the public
|
# Use this environment when deploying an SSL-enabled overcloud where the public
|
||||||
# endpoint is an IP address.
|
# endpoint is an IP address.
|
||||||
parameter_defaults:
|
parameter_defaults:
|
||||||
|
@ -19,8 +19,8 @@ target to do this::
|
|||||||
``tripleo-heat-templates`` project.
|
``tripleo-heat-templates`` project.
|
||||||
|
|
||||||
If a new sample environment is needed, it should be added to the
|
If a new sample environment is needed, it should be added to the
|
||||||
``sample-env-generator/sample-environments.yaml`` file. The existing
|
appropriate file in the ``sample-env-generator/`` directory. The existing
|
||||||
entries in the file can be used as examples, and a more detailed
|
entries in the files can be used as examples, and a more detailed
|
||||||
explanation of the different available keys is below:
|
explanation of the different available keys is below:
|
||||||
|
|
||||||
- **name**: the output file will be this name + .yaml, in the
|
- **name**: the output file will be this name + .yaml, in the
|
||||||
|
426
sample-env-generator/ssl.yaml
Normal file
426
sample-env-generator/ssl.yaml
Normal file
@ -0,0 +1,426 @@
|
|||||||
|
environments:
|
||||||
|
-
|
||||||
|
name: ssl/enable-tls
|
||||||
|
title: Enable SSL on OpenStack Public Endpoints
|
||||||
|
description: |
|
||||||
|
Use this environment to pass in certificates for SSL deployments.
|
||||||
|
For these values to take effect, one of the tls-endpoints-*.yaml environments
|
||||||
|
must also be used.
|
||||||
|
files:
|
||||||
|
puppet/extraconfig/tls/tls-cert-inject.yaml:
|
||||||
|
parameters: all
|
||||||
|
static:
|
||||||
|
# This should probably be private, but for testing static params I'm
|
||||||
|
# setting it as such for now.
|
||||||
|
- DeployedSSLCertificatePath
|
||||||
|
sample_values:
|
||||||
|
SSLCertificate: |-
|
||||||
|
|
|
||||||
|
The contents of your certificate go here
|
||||||
|
SSLKey: |-
|
||||||
|
|
|
||||||
|
The contents of the private key go here
|
||||||
|
resource_registry:
|
||||||
|
OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
|
||||||
|
-
|
||||||
|
name: ssl/tls-endpoints-public-ip
|
||||||
|
title: Deploy Public SSL Endpoints as IP Addresses
|
||||||
|
description: |
|
||||||
|
Use this environment when deploying an SSL-enabled overcloud where the public
|
||||||
|
endpoint is an IP address.
|
||||||
|
files:
|
||||||
|
network/endpoints/endpoint_map.yaml:
|
||||||
|
parameters:
|
||||||
|
- EndpointMap
|
||||||
|
sample_values:
|
||||||
|
# NOTE(bnemec): This is a bit odd, but it's the only way I've found that
|
||||||
|
# works. The |-2 tells YAML to strip two spaces off the indentation of
|
||||||
|
# the value, which because it's indented six spaces gets us to the four
|
||||||
|
# that we actually want. Note that zero is not a valid value here, so
|
||||||
|
# two seemed like the most sane option.
|
||||||
|
EndpointMap: |-2
|
||||||
|
|
||||||
|
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
|
||||||
|
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
|
||||||
|
AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
|
||||||
|
BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
||||||
|
BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
||||||
|
BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'}
|
||||||
|
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
||||||
|
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
||||||
|
CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'}
|
||||||
|
CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
|
||||||
|
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
||||||
|
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
||||||
|
CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
|
||||||
|
CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
|
||||||
|
CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
|
||||||
|
CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
||||||
|
ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
||||||
|
ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
||||||
|
ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
||||||
|
ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
||||||
|
ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
||||||
|
ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
||||||
|
Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
|
||||||
|
Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
|
||||||
|
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'}
|
||||||
|
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
||||||
|
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
||||||
|
GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
|
||||||
|
GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
|
||||||
|
GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
|
||||||
|
GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'}
|
||||||
|
HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
||||||
|
HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
||||||
|
HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'}
|
||||||
|
HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
|
||||||
|
HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
|
||||||
|
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'}
|
||||||
|
HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
||||||
|
IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
|
||||||
|
IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
|
||||||
|
IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
|
||||||
|
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
|
||||||
|
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
|
||||||
|
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'}
|
||||||
|
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
|
||||||
|
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
|
||||||
|
KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
|
||||||
|
ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
|
||||||
|
ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
|
||||||
|
ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'}
|
||||||
|
MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
|
||||||
|
MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
|
||||||
|
MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
|
||||||
|
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
|
||||||
|
NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
||||||
|
NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
||||||
|
NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'}
|
||||||
|
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||||
|
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||||
|
NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
|
||||||
|
NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
|
||||||
|
NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
|
||||||
|
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'}
|
||||||
|
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
|
||||||
|
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
|
||||||
|
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
|
||||||
|
OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
|
||||||
|
OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
|
||||||
|
OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'}
|
||||||
|
PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
|
||||||
|
PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
|
||||||
|
PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'}
|
||||||
|
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
|
||||||
|
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
|
||||||
|
SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'}
|
||||||
|
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
|
||||||
|
TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
|
||||||
|
TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
|
||||||
|
TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
|
||||||
|
ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
|
||||||
|
ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
|
||||||
|
ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'}
|
||||||
|
ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
|
||||||
|
ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
|
||||||
|
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'}
|
||||||
|
-
|
||||||
|
name: ssl/tls-endpoints-public-dns
|
||||||
|
title: Deploy Public SSL Endpoints as DNS Names
|
||||||
|
description: |
|
||||||
|
Use this environment when deploying an SSL-enabled overcloud where the public
|
||||||
|
endpoint is a DNS name.
|
||||||
|
files:
|
||||||
|
network/endpoints/endpoint_map.yaml:
|
||||||
|
parameters:
|
||||||
|
- EndpointMap
|
||||||
|
sample_values:
|
||||||
|
# NOTE(bnemec): This is a bit odd, but it's the only way I've found that
|
||||||
|
# works. The |-2 tells YAML to strip two spaces off the indentation of
|
||||||
|
# the value, which because it's indented six spaces gets us to the four
|
||||||
|
# that we actually want. Note that zero is not a valid value here, so
|
||||||
|
# two seemed like the most sane option.
|
||||||
|
EndpointMap: |-2
|
||||||
|
|
||||||
|
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
|
||||||
|
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
|
||||||
|
AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
|
||||||
|
BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
||||||
|
BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
||||||
|
BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
|
||||||
|
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
||||||
|
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
||||||
|
CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
|
||||||
|
CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
|
||||||
|
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
||||||
|
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
||||||
|
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
|
||||||
|
CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
|
||||||
|
CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
|
||||||
|
CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
|
||||||
|
ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
||||||
|
ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
||||||
|
ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
||||||
|
ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
||||||
|
ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
||||||
|
ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
||||||
|
ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
||||||
|
Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
|
||||||
|
Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
|
||||||
|
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
|
||||||
|
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
||||||
|
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
||||||
|
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
|
||||||
|
GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
|
||||||
|
GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
|
||||||
|
GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
|
||||||
|
HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
||||||
|
HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
||||||
|
HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
|
||||||
|
HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
|
||||||
|
HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
|
||||||
|
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
|
||||||
|
HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
|
||||||
|
IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
|
||||||
|
IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
|
||||||
|
IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
|
||||||
|
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
|
||||||
|
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
|
||||||
|
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
|
||||||
|
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
|
||||||
|
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
|
||||||
|
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
|
||||||
|
ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
|
||||||
|
ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
|
||||||
|
ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
|
||||||
|
MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
|
||||||
|
MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
|
||||||
|
MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
|
||||||
|
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
|
||||||
|
NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
||||||
|
NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
||||||
|
NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
|
||||||
|
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||||
|
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
||||||
|
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
|
||||||
|
NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
|
||||||
|
NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
|
||||||
|
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
|
||||||
|
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
|
||||||
|
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
|
||||||
|
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
|
||||||
|
OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
|
||||||
|
OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
|
||||||
|
OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
|
||||||
|
PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
|
||||||
|
PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
|
||||||
|
PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
|
||||||
|
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
|
||||||
|
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
|
||||||
|
SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
|
||||||
|
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
|
||||||
|
TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
|
||||||
|
TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
|
||||||
|
TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
|
||||||
|
ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
|
||||||
|
ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
|
||||||
|
ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
|
||||||
|
ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
|
||||||
|
ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
|
||||||
|
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
|
||||||
|
-
|
||||||
|
name: ssl/tls-everywhere-endpoints-dns
|
||||||
|
title: Deploy All SSL Endpoints as DNS Names
|
||||||
|
description: |
|
||||||
|
Use this environment when deploying an overcloud where all the endpoints are
|
||||||
|
DNS names and there's TLS in all endpoint types.
|
||||||
|
files:
|
||||||
|
network/endpoints/endpoint_map.yaml:
|
||||||
|
parameters:
|
||||||
|
- EndpointMap
|
||||||
|
sample_values:
|
||||||
|
# NOTE(bnemec): This is a bit odd, but it's the only way I've found that
|
||||||
|
# works. The |-2 tells YAML to strip two spaces off the indentation of
|
||||||
|
# the value, which because it's indented six spaces gets us to the four
|
||||||
|
# that we actually want. Note that zero is not a valid value here, so
|
||||||
|
# two seemed like the most sane option.
|
||||||
|
EndpointMap: |-2
|
||||||
|
|
||||||
|
AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
|
||||||
|
AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
|
||||||
|
AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
|
||||||
|
BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
|
||||||
|
BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
|
||||||
|
BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
|
||||||
|
CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
|
||||||
|
CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
|
||||||
|
CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
|
||||||
|
CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
|
||||||
|
CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
|
||||||
|
CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
|
||||||
|
CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
|
||||||
|
CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
|
||||||
|
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
|
||||||
|
CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
|
||||||
|
CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
|
||||||
|
CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
|
||||||
|
ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
|
||||||
|
host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
||||||
|
ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
||||||
|
ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
||||||
|
ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
||||||
|
ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
||||||
|
ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
||||||
|
ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
||||||
|
ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
||||||
|
ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
||||||
|
Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
|
||||||
|
Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
|
||||||
|
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
|
||||||
|
GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
|
||||||
|
GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
|
||||||
|
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
|
||||||
|
GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
|
||||||
|
GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
|
||||||
|
GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
|
||||||
|
HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
|
||||||
|
HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
|
||||||
|
HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
|
||||||
|
HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
|
||||||
|
HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
|
||||||
|
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
|
||||||
|
HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
|
||||||
|
IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
|
||||||
|
IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
|
||||||
|
IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
|
||||||
|
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
|
||||||
|
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
|
||||||
|
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
|
||||||
|
KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'}
|
||||||
|
KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'}
|
||||||
|
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
|
||||||
|
ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
|
||||||
|
ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
|
||||||
|
ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
|
||||||
|
MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
|
||||||
|
MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
|
||||||
|
MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
|
||||||
|
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'}
|
||||||
|
NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
|
||||||
|
NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
|
||||||
|
NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
|
||||||
|
NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
|
||||||
|
NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
|
||||||
|
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
|
||||||
|
NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
|
||||||
|
NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
|
||||||
|
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
|
||||||
|
NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
|
||||||
|
NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
|
||||||
|
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
|
||||||
|
OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
|
||||||
|
OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
|
||||||
|
OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
|
||||||
|
PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
|
||||||
|
PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
|
||||||
|
PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
|
||||||
|
SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
|
||||||
|
SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
|
||||||
|
SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
|
||||||
|
SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
|
||||||
|
SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
|
||||||
|
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
|
||||||
|
TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
|
||||||
|
TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
|
||||||
|
TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
|
||||||
|
ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
|
||||||
|
ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
|
||||||
|
ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
|
||||||
|
ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
|
||||||
|
ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
|
||||||
|
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
|
@ -20,7 +20,14 @@ import yaml
|
|||||||
required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords',
|
required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords',
|
||||||
'RoleName', 'RoleParameters']
|
'RoleName', 'RoleParameters']
|
||||||
|
|
||||||
|
# NOTE(bnemec): The duplication in this list is intentional. For the
|
||||||
|
# transition to generated environments we have two copies of these files,
|
||||||
|
# so they need to be listed twice. Once the deprecated version can be removed
|
||||||
|
# the duplicate entries can be as well.
|
||||||
envs_containing_endpoint_map = ['tls-endpoints-public-dns.yaml',
|
envs_containing_endpoint_map = ['tls-endpoints-public-dns.yaml',
|
||||||
|
'tls-endpoints-public-ip.yaml',
|
||||||
|
'tls-everywhere-endpoints-dns.yaml',
|
||||||
|
'tls-endpoints-public-dns.yaml',
|
||||||
'tls-endpoints-public-ip.yaml',
|
'tls-endpoints-public-ip.yaml',
|
||||||
'tls-everywhere-endpoints-dns.yaml']
|
'tls-everywhere-endpoints-dns.yaml']
|
||||||
ENDPOINT_MAP_FILE = 'endpoint_map.yaml'
|
ENDPOINT_MAP_FILE = 'endpoint_map.yaml'
|
||||||
@ -294,9 +301,9 @@ if base_endpoint_map and \
|
|||||||
else:
|
else:
|
||||||
print("%s matches base endpoint map" % env_endpoint_map['file'])
|
print("%s matches base endpoint map" % env_endpoint_map['file'])
|
||||||
else:
|
else:
|
||||||
print("ERROR: Can't validate endpoint maps since a file is missing. "
|
print("ERROR: Did not find expected number of environments containing the "
|
||||||
"If you meant to delete one of these files you should update this "
|
"EndpointMap parameter. If you meant to add or remove one of these "
|
||||||
"tool as well.")
|
"environments then you also need to update this tool.")
|
||||||
if not base_endpoint_map:
|
if not base_endpoint_map:
|
||||||
failed_files.append(ENDPOINT_MAP_FILE)
|
failed_files.append(ENDPOINT_MAP_FILE)
|
||||||
if len(env_endpoint_maps) != len(envs_containing_endpoint_map):
|
if len(env_endpoint_maps) != len(envs_containing_endpoint_map):
|
||||||
|
2
tox.ini
2
tox.ini
@ -31,4 +31,4 @@ commands = python setup.py test --coverage --coverage-package-name=tripleo_heat_
|
|||||||
[testenv:genconfig]
|
[testenv:genconfig]
|
||||||
commands =
|
commands =
|
||||||
python ./tools/process-templates.py
|
python ./tools/process-templates.py
|
||||||
python ./tripleo_heat_templates/environment_generator.py sample-env-generator/sample-environments.yaml
|
python ./tripleo_heat_templates/environment_generator.py sample-env-generator/
|
||||||
|
@ -165,7 +165,15 @@ def _generate_environment(input_env, parent_env=None):
|
|||||||
_generate_environment(e, env)
|
_generate_environment(e, env)
|
||||||
|
|
||||||
|
|
||||||
def generate_environments(config_file):
|
def generate_environments(config_path):
|
||||||
|
if os.path.isdir(config_path):
|
||||||
|
config_files = os.listdir(config_path)
|
||||||
|
config_files = [os.path.join(config_path, i) for i in config_files
|
||||||
|
if os.path.splitext(i)[1] == '.yaml']
|
||||||
|
else:
|
||||||
|
config_files = [config_path]
|
||||||
|
for config_file in config_files:
|
||||||
|
print('Reading environment definitions from %s' % config_file)
|
||||||
with open(config_file) as f:
|
with open(config_file) as f:
|
||||||
config = yaml.safe_load(f)
|
config = yaml.safe_load(f)
|
||||||
for env in config['environments']:
|
for env in config['environments']:
|
||||||
@ -173,16 +181,16 @@ def generate_environments(config_file):
|
|||||||
|
|
||||||
|
|
||||||
def usage(exit_code=1):
|
def usage(exit_code=1):
|
||||||
print('Usage: %s <filename.yaml>' % sys.argv[0])
|
print('Usage: %s [<filename.yaml> | <directory>]' % sys.argv[0])
|
||||||
sys.exit(exit_code)
|
sys.exit(exit_code)
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
try:
|
try:
|
||||||
config_file = sys.argv[1]
|
config_path = sys.argv[1]
|
||||||
except IndexError:
|
except IndexError:
|
||||||
usage()
|
usage()
|
||||||
generate_environments(config_file)
|
generate_environments(config_path)
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
|
Loading…
Reference in New Issue
Block a user