3bd4a3f94b
Usually a nested stack is used that contains the TLS-everywhere bits (config_settings and metadata_settings). Nested stacks are very resource intensive. So, instead of doing using nested stacks, this patch changes that to use a conditional, and output the necessary config_settings and metadata_settings this way in an attempt to save resources. Change-Id: Ib7151d67982957369f7c139a3b01274a1a746c4a
22 lines
769 B
YAML
22 lines
769 B
YAML
# A Heat environment file which can be used to enable a
|
|
# a TLS for in the internal network via certmonger
|
|
parameter_defaults:
|
|
EnableInternalTLS: true
|
|
RabbitClientUseSSL: true
|
|
|
|
# Required for novajoin to enroll the overcloud nodes
|
|
ServerMetadata:
|
|
ipa_enroll: True
|
|
|
|
resource_registry:
|
|
OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml
|
|
|
|
OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml
|
|
|
|
# We use apache as a TLS proxy
|
|
OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml
|
|
|
|
# Creates nova metadata that will create the extra service principals per
|
|
# node.
|
|
OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml
|