You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
439 lines
29 KiB
439 lines
29 KiB
environments: |
|
- |
|
name: ssl/enable-tls |
|
title: Enable SSL on OpenStack Public Endpoints |
|
description: | |
|
Use this environment to pass in certificates for SSL deployments. |
|
For these values to take effect, one of the tls-endpoints-*.yaml environments |
|
must also be used. |
|
files: |
|
puppet/extraconfig/tls/tls-cert-inject.yaml: |
|
parameters: all |
|
static: |
|
# This should probably be private, but for testing static params I'm |
|
# setting it as such for now. |
|
- DeployedSSLCertificatePath |
|
sample_values: |
|
SSLCertificate: |- |
|
| |
|
The contents of your certificate go here |
|
SSLKey: |- |
|
| |
|
The contents of the private key go here |
|
resource_registry: |
|
OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml |
|
- |
|
name: ssl/enable-internal-tls |
|
title: Enable SSL on OpenStack Internal Endpoints |
|
description: | |
|
A Heat environment file which can be used to enable TLS for the internal |
|
network via certmonger |
|
files: |
|
puppet/all-nodes-config.yaml: |
|
parameters: |
|
- EnableInternalTLS |
|
puppet/services/nova-base.yaml: |
|
parameters: |
|
- RabbitClientUseSSL |
|
overcloud.yaml: |
|
parameters: |
|
- ServerMetadata |
|
static: |
|
- EnableInternalTLS |
|
- RabbitClientUseSSL |
|
- ServerMetadata |
|
sample_values: |
|
EnableInternalTLS: True |
|
RabbitClientUseSSL: True |
|
ServerMetadata: |-2 |
|
|
|
ipa_enroll: True |
|
resource_registry: |
|
OS::TripleO::Services::CertmongerUser: ../../puppet/services/certmonger-user.yaml |
|
OS::TripleO::Services::HAProxyInternalTLS: ../../puppet/services/haproxy-internal-tls-certmonger.yaml |
|
# We use apache as a TLS proxy |
|
OS::TripleO::Services::TLSProxyBase: ../../puppet/services/apache.yaml |
|
# Creates nova metadata that will create the extra service principals per |
|
# node. |
|
OS::TripleO::ServiceServerMetadataHook: ../../extraconfig/nova_metadata/krb-service-principals.yaml |
|
- name: ssl/inject-trust-anchor |
|
title: Inject SSL Trust Anchor on Overcloud Nodes |
|
description: | |
|
When using an SSL certificate signed by a CA that is not in the default |
|
list of CAs, this environment allows adding a custom CA certificate to |
|
the overcloud nodes. |
|
files: |
|
puppet/extraconfig/tls/ca-inject.yaml: |
|
parameters: |
|
- SSLRootCertificate |
|
sample_values: |
|
SSLRootCertificate: |- |
|
| |
|
The contents of your certificate go here |
|
resource_registry: |
|
OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml |
|
children: |
|
- name: ssl/inject-trust-anchor-hiera |
|
files: |
|
puppet/services/ca-certs.yaml: |
|
parameters: |
|
- CAMap |
|
# Need to clear this so we don't inherit the parent registry |
|
resource_registry: {} |
|
sample_values: |
|
CAMap: |-2 |
|
|
|
first-ca-name: |
|
content: | |
|
The content of the CA cert goes here |
|
second-ca-name: |
|
content: | |
|
The content of the CA cert goes here |
|
- |
|
name: ssl/tls-endpoints-public-ip |
|
title: Deploy Public SSL Endpoints as IP Addresses |
|
description: | |
|
Use this environment when deploying an SSL-enabled overcloud where the public |
|
endpoint is an IP address. |
|
files: |
|
network/endpoints/endpoint_map.yaml: |
|
parameters: |
|
- EndpointMap |
|
sample_values: |
|
# NOTE(bnemec): This is a bit odd, but it's the only way I've found that |
|
# works. The |-2 tells YAML to strip two spaces off the indentation of |
|
# the value, which because it's indented six spaces gets us to the four |
|
# that we actually want. Note that zero is not a valid value here, so |
|
# two seemed like the most sane option. |
|
EndpointMap: |-2 |
|
|
|
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} |
|
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} |
|
AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'} |
|
BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} |
|
BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} |
|
BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'} |
|
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} |
|
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} |
|
CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'} |
|
CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} |
|
CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} |
|
CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} |
|
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} |
|
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} |
|
CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'} |
|
CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} |
|
CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} |
|
CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'} |
|
DesignateAdmin: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} |
|
DesignateInternal: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} |
|
DesignatePublic: {protocol: 'https', port: '13001', host: 'IP_ADDRESS'} |
|
DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'IP_ADDRESS'} |
|
Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} |
|
Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} |
|
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'} |
|
GaneshaInternal: {protocol: 'nfs', port: '2049', host: 'IP_ADDRESS'} |
|
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} |
|
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} |
|
GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'} |
|
GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} |
|
GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} |
|
GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'} |
|
HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} |
|
HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} |
|
HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'} |
|
HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} |
|
HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} |
|
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'} |
|
HeatUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} |
|
HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} |
|
IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} |
|
IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} |
|
IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'} |
|
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} |
|
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} |
|
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'} |
|
IronicInspectorUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} |
|
IronicUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} |
|
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} |
|
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} |
|
KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'} |
|
KeystoneUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} |
|
ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} |
|
ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} |
|
ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'} |
|
MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} |
|
MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} |
|
MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'} |
|
MistralUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} |
|
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} |
|
NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} |
|
NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} |
|
NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'} |
|
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} |
|
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} |
|
NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'} |
|
NovaUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} |
|
NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} |
|
NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} |
|
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'} |
|
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} |
|
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} |
|
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'} |
|
OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} |
|
OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} |
|
OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'} |
|
OpenDaylightAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} |
|
OpenDaylightInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} |
|
PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'} |
|
PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'} |
|
PankoPublic: {protocol: 'https', port: '13977', host: 'IP_ADDRESS'} |
|
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} |
|
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} |
|
SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'} |
|
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} |
|
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} |
|
SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} |
|
SwiftUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} |
|
TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} |
|
TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} |
|
TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'} |
|
ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} |
|
ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} |
|
ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'} |
|
ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} |
|
ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} |
|
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'} |
|
ZaqarWebSocketUIConfig: {protocol: 'wss', port: '443', host: 'IP_ADDRESS'} |
|
- |
|
name: ssl/tls-endpoints-public-dns |
|
title: Deploy Public SSL Endpoints as DNS Names |
|
description: | |
|
Use this environment when deploying an SSL-enabled overcloud where the public |
|
endpoint is a DNS name. |
|
files: |
|
network/endpoints/endpoint_map.yaml: |
|
parameters: |
|
- EndpointMap |
|
sample_values: |
|
# NOTE(bnemec): This is a bit odd, but it's the only way I've found that |
|
# works. The |-2 tells YAML to strip two spaces off the indentation of |
|
# the value, which because it's indented six spaces gets us to the four |
|
# that we actually want. Note that zero is not a valid value here, so |
|
# two seemed like the most sane option. |
|
EndpointMap: |-2 |
|
|
|
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} |
|
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} |
|
AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} |
|
BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} |
|
BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} |
|
BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'} |
|
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} |
|
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} |
|
CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} |
|
CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} |
|
CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} |
|
CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} |
|
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} |
|
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} |
|
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} |
|
CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} |
|
CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} |
|
CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} |
|
DesignateAdmin: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} |
|
DesignateInternal: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} |
|
DesignatePublic: {protocol: 'https', port: '13001', host: 'CLOUDNAME'} |
|
DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'} |
|
Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} |
|
Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} |
|
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} |
|
GaneshaInternal: {protocol: 'nfs', port: '2049', host: 'IP_ADDRESS'} |
|
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} |
|
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} |
|
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} |
|
GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} |
|
GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} |
|
GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} |
|
HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} |
|
HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} |
|
HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} |
|
HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} |
|
HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} |
|
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'} |
|
HeatUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} |
|
HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} |
|
IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} |
|
IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} |
|
IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'} |
|
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} |
|
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} |
|
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'} |
|
IronicInspectorUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} |
|
IronicUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} |
|
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} |
|
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} |
|
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} |
|
KeystoneUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} |
|
ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} |
|
ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} |
|
ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} |
|
MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} |
|
MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} |
|
MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} |
|
MistralUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} |
|
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} |
|
NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} |
|
NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} |
|
NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} |
|
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} |
|
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} |
|
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} |
|
NovaUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} |
|
NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} |
|
NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} |
|
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'} |
|
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} |
|
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} |
|
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} |
|
OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} |
|
OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} |
|
OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'} |
|
OpenDaylightAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} |
|
OpenDaylightInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} |
|
PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'} |
|
PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'} |
|
PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'} |
|
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} |
|
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} |
|
SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} |
|
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} |
|
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} |
|
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} |
|
SwiftUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} |
|
TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} |
|
TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} |
|
TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} |
|
ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} |
|
ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} |
|
ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} |
|
ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} |
|
ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} |
|
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} |
|
ZaqarWebSocketUIConfig: {protocol: 'wss', port: '443', host: 'IP_ADDRESS'} |
|
- |
|
name: ssl/tls-everywhere-endpoints-dns |
|
title: Deploy All SSL Endpoints as DNS Names |
|
description: | |
|
Use this environment when deploying an overcloud where all the endpoints are |
|
DNS names and there's TLS in all endpoint types. |
|
files: |
|
network/endpoints/endpoint_map.yaml: |
|
parameters: |
|
- EndpointMap |
|
sample_values: |
|
# NOTE(bnemec): This is a bit odd, but it's the only way I've found that |
|
# works. The |-2 tells YAML to strip two spaces off the indentation of |
|
# the value, which because it's indented six spaces gets us to the four |
|
# that we actually want. Note that zero is not a valid value here, so |
|
# two seemed like the most sane option. |
|
EndpointMap: |-2 |
|
|
|
AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'} |
|
AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'} |
|
AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} |
|
BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'} |
|
BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'} |
|
BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'} |
|
CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'} |
|
CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'} |
|
CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} |
|
CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} |
|
CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} |
|
CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} |
|
CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} |
|
CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} |
|
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} |
|
CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} |
|
CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} |
|
CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} |
|
DesignateAdmin: {protocol: 'https', port: '9001', host: 'CLOUDNAME'} |
|
DesignateInternal: {protocol: 'https', port: '9001', host: 'CLOUDNAME'} |
|
DesignatePublic: {protocol: 'https', port: '13001', host: 'CLOUDNAME'} |
|
DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'} |
|
Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} |
|
Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} |
|
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} |
|
GaneshaInternal: {protocol: 'nfs', port: '2049', host: 'CLOUDNAME'} |
|
GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} |
|
GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} |
|
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} |
|
GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} |
|
GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} |
|
GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} |
|
HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'} |
|
HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'} |
|
HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} |
|
HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'} |
|
HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'} |
|
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'} |
|
HeatUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'} |
|
HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} |
|
IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'} |
|
IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'} |
|
IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'} |
|
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'} |
|
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'} |
|
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'} |
|
IronicInspectorUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'} |
|
IronicUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'} |
|
KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'} |
|
KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'} |
|
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} |
|
KeystoneUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'} |
|
ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'} |
|
ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'} |
|
ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} |
|
MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'} |
|
MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'} |
|
MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} |
|
MistralUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'} |
|
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'} |
|
NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'} |
|
NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'} |
|
NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} |
|
NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} |
|
NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} |
|
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} |
|
NovaUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'} |
|
NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'} |
|
NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'} |
|
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'} |
|
NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} |
|
NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} |
|
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} |
|
OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'} |
|
OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'} |
|
OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'} |
|
OpenDaylightAdmin: {protocol: 'https', port: '8081', host: 'CLOUDNAME'} |
|
OpenDaylightInternal: {protocol: 'https', port: '8081', host: 'CLOUDNAME'} |
|
PankoAdmin: {protocol: 'https', port: '8977', host: 'CLOUDNAME'} |
|
PankoInternal: {protocol: 'https', port: '8977', host: 'CLOUDNAME'} |
|
PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'} |
|
SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} |
|
SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} |
|
SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} |
|
SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} |
|
SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} |
|
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} |
|
SwiftUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'} |
|
TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'} |
|
TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'} |
|
TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} |
|
ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} |
|
ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} |
|
ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} |
|
ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} |
|
ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} |
|
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} |
|
ZaqarWebSocketUIConfig: {protocol: 'wss', port: '443', host: 'CLOUDNAME'}
|
|
|