environments: - name: ssl/enable-tls title: Enable SSL on OpenStack Public Endpoints description: | Use this environment to pass in certificates for SSL deployments. For these values to take effect, one of the tls-endpoints-*.yaml environments must also be used. files: puppet/extraconfig/tls/tls-cert-inject.yaml: parameters: all static: # This should probably be private, but for testing static params I'm # setting it as such for now. - DeployedSSLCertificatePath sample_values: SSLCertificate: |- | The contents of your certificate go here SSLKey: |- | The contents of the private key go here resource_registry: OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml - name: ssl/enable-internal-tls title: Enable SSL on OpenStack Internal Endpoints description: | A Heat environment file which can be used to enable TLS for the internal network via certmonger files: puppet/all-nodes-config.yaml: parameters: - EnableInternalTLS puppet/services/nova-base.yaml: parameters: - RabbitClientUseSSL overcloud.yaml: parameters: - ServerMetadata static: - EnableInternalTLS - RabbitClientUseSSL - ServerMetadata sample_values: EnableInternalTLS: True RabbitClientUseSSL: True ServerMetadata: |-2 ipa_enroll: True resource_registry: # FIXME(bogdando): switch it, once it is containerized OS::TripleO::Services::CertmongerUser: ../../puppet/services/certmonger-user.yaml OS::TripleO::Services::HAProxyInternalTLS: ../../puppet/services/haproxy-internal-tls-certmonger.yaml # We use apache as a TLS proxy # FIXME(bogdando): switch it, once it is containerized OS::TripleO::Services::TLSProxyBase: ../../puppet/services/apache.yaml # Creates nova metadata that will create the extra service principals per # node. OS::TripleO::ServiceServerMetadataHook: ../../extraconfig/nova_metadata/krb-service-principals.yaml - name: ssl/inject-trust-anchor title: Inject SSL Trust Anchor on Overcloud Nodes description: | When using an SSL certificate signed by a CA that is not in the default list of CAs, this environment allows adding a custom CA certificate to the overcloud nodes. files: puppet/extraconfig/tls/ca-inject.yaml: parameters: - SSLRootCertificate sample_values: SSLRootCertificate: |- | The contents of your certificate go here resource_registry: OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml children: - name: ssl/inject-trust-anchor-hiera files: puppet/services/ca-certs.yaml: parameters: - CAMap # Need to clear this so we don't inherit the parent registry resource_registry: {} sample_values: CAMap: |-2 first-ca-name: content: | The content of the CA cert goes here second-ca-name: content: | The content of the CA cert goes here - name: ssl/tls-endpoints-public-ip title: Deploy Public SSL Endpoints as IP Addresses description: | Use this environment when deploying an SSL-enabled overcloud where the public endpoint is an IP address. files: network/endpoints/endpoint_map.yaml: parameters: - EndpointMap sample_values: # NOTE(bnemec): This is a bit odd, but it's the only way I've found that # works. The |-2 tells YAML to strip two spaces off the indentation of # the value, which because it's indented six spaces gets us to the four # that we actually want. Note that zero is not a valid value here, so # two seemed like the most sane option. EndpointMap: |-2 AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'} BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'} CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'} CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'} CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'} DesignateAdmin: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} DesignateInternal: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} DesignatePublic: {protocol: 'https', port: '13001', host: 'IP_ADDRESS'} DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'IP_ADDRESS'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'} GaneshaInternal: {protocol: 'nfs', port: '2049', host: 'IP_ADDRESS'} GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'} GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'} HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'} HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'} HeatUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'} IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'} IronicInspectorUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} IronicUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'} KeystoneUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'} MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'} MistralUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'} NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'} NovaUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'} NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'} OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'} OpenDaylightAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} OpenDaylightInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'} PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'} PankoPublic: {protocol: 'https', port: '13977', host: 'IP_ADDRESS'} SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'} SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} SwiftUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'} ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'} ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'} ZaqarWebSocketUIConfig: {protocol: 'wss', port: '443', host: 'IP_ADDRESS'} - name: ssl/tls-endpoints-public-dns title: Deploy Public SSL Endpoints as DNS Names description: | Use this environment when deploying an SSL-enabled overcloud where the public endpoint is a DNS name. files: network/endpoints/endpoint_map.yaml: parameters: - EndpointMap sample_values: # NOTE(bnemec): This is a bit odd, but it's the only way I've found that # works. The |-2 tells YAML to strip two spaces off the indentation of # the value, which because it's indented six spaces gets us to the four # that we actually want. Note that zero is not a valid value here, so # two seemed like the most sane option. EndpointMap: |-2 AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'} CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} DesignateAdmin: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} DesignateInternal: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} DesignatePublic: {protocol: 'https', port: '13001', host: 'CLOUDNAME'} DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} GaneshaInternal: {protocol: 'nfs', port: '2049', host: 'IP_ADDRESS'} GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'} HeatUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'} IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'} IronicInspectorUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} IronicUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} KeystoneUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} MistralUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} NovaUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'} NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'} OpenDaylightAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} OpenDaylightInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'} PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'} PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'} SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} SwiftUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} ZaqarWebSocketUIConfig: {protocol: 'wss', port: '443', host: 'IP_ADDRESS'} - name: ssl/tls-everywhere-endpoints-dns title: Deploy All SSL Endpoints as DNS Names description: | Use this environment when deploying an overcloud where all the endpoints are DNS names and there's TLS in all endpoint types. files: network/endpoints/endpoint_map.yaml: parameters: - EndpointMap sample_values: # NOTE(bnemec): This is a bit odd, but it's the only way I've found that # works. The |-2 tells YAML to strip two spaces off the indentation of # the value, which because it's indented six spaces gets us to the four # that we actually want. Note that zero is not a valid value here, so # two seemed like the most sane option. EndpointMap: |-2 AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'} AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'} AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'} BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'} BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'} CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'} CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'} CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} DesignateAdmin: {protocol: 'https', port: '9001', host: 'CLOUDNAME'} DesignateInternal: {protocol: 'https', port: '9001', host: 'CLOUDNAME'} DesignatePublic: {protocol: 'https', port: '13001', host: 'CLOUDNAME'} DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'} Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} GaneshaInternal: {protocol: 'nfs', port: '2049', host: 'CLOUDNAME'} GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'} HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'} HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'} HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'} HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'} HeatUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'} HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'} IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'} IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'} IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'} IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'} IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'} IronicInspectorUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'} IronicUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'} KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'} KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'} KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} KeystoneUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'} ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'} ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'} ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'} MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'} MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} MistralUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'} MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'} NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'} NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'} NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} NovaUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'} NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'} NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'} NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'} NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'} OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'} OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'} OpenDaylightAdmin: {protocol: 'https', port: '8081', host: 'CLOUDNAME'} OpenDaylightInternal: {protocol: 'https', port: '8081', host: 'CLOUDNAME'} PankoAdmin: {protocol: 'https', port: '8977', host: 'CLOUDNAME'} PankoInternal: {protocol: 'https', port: '8977', host: 'CLOUDNAME'} PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'} SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} SwiftUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'} TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'} TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'} TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} ZaqarWebSocketUIConfig: {protocol: 'wss', port: '443', host: 'CLOUDNAME'}