openstack/tripleo-heat-templates
Code Issues Proposed changes
b8aeabdcb0
tripleo-heat-templates/extraconfig/post_deploy/undercloud_post.yaml
Juan Antonio Osorio Robles b633eaf73a undercloud-post: Discard CA usage if not set 
If there is nothing set for the CA, discard the value. This way we can
ignore this value when using trusted certificates.

Change-Id: Ia0085c43fe9468cd1827f6e4ae39f48ce0e398b6
Related-Bug: #1785059
2018-08-02 16:37:55 +03:00

187 lines
6.0 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
Post-deployment for the TripleO undercloud
parameters:
servers:
type: json
DeployedServerPortMap:
default: {}
type: json
UndercloudHomeDir:
description: The HOME directory where the stackrc and ssh credentials for the Undercloud will be installed. Set to /home/<user> to customize the location.
type: string
default: '/root'
AdminPassword: #supplied by tripleo-undercloud-passwords.yaml
type: string
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
hidden: True
SSLCertificate:
description: >
The content of the SSL certificate (without Key) in PEM format.
type: string
default: ""
hidden: True
PublicSSLCertificateAutogenerated:
default: false
description: >
Whether the public SSL certificate was autogenerated or not.
type: boolean
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
SnmpdReadonlyUserPassword:
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
type: string
hidden: true
EnableValidations:
default: false
description: >
Whether the TripleO validations are enabled.
type: boolean
DnsServers:
default: []
description: >
DNS servers to use for the Overcloud (2 max for some implementations).
If not set the nameservers configured in the ctlplane subnet's
dns_nameservers attribute will be used.
type: comma_delimited_list
CtlplaneLocalPhysicalNetwork:
default: ctlplane
type: string
description: Physical network name for the ctlplane network local to the undercloud
UndercloudCtlplaneSubnets:
description: >
Dictionary of subnets to configure on the Undercloud ctlplan network
default: {}
type: json
UndercloudCtlplaneLocalSubnet:
description: The subnet local to the undercloud on the ctlplane network
default: ctlplane-subnet
type: string
UndercloudEnableRoutedNetworks:
description: Enable support for routed ctlplane networks.
default: False
type: boolean
UndercloudLocalMtu: # Override this via parameter_defaults
default: 1500
description: MTU to use for the Undercloud local_interface.
type: number
constraints:
- range: { min: 1000, max: 65536 }
conditions:
tls_enabled:
or:
- not:
equals:
- {get_param: SSLCertificate}
- ""
- equals:
- {get_param: PublicSSLCertificateAutogenerated}
- true
ca_file_enabled:
and:
- not:
equals:
- {get_param: InternalTLSCAFile}
- ""
- tls_enabled
resources:
UndercloudPostConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
inputs:
- name: deploy_identifier
- name: admin_password
- name: auth_url
- name: snmp_readonly_user_password
- name: enable_validations
- name: internal_tls_ca_file
config: {get_file: ./undercloud_post.sh}
UndercloudPostDeployment:
type: OS::Heat::SoftwareDeployments
properties:
name: UndercloudPostDeployment
servers: {get_param: servers}
config: {get_resource: UndercloudPostConfig}
input_values:
ssl_certificate: {get_param: SSLCertificate}
homedir: {get_param: UndercloudHomeDir}
admin_password: {get_param: AdminPassword}
snmp_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
enable_validations: [get_params: EnableValidations]
internal_tls_ca_file:
if:
- ca_file_enabled
- {get_param: InternalTLSCAFile}
- ''
# if SSL is enabled we use the public virtual ip as the stackrc endpoint
auth_url:
if:
- tls_enabled
- make_url:
scheme: https
host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
port: 13000
path: /
- make_url:
scheme: http
host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
port: 5000
path: /
UndercloudCtlplaneNetworkConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
inputs:
- name: admin_password
- name: auth_url
- name: config
config: {get_file: ./undercloud_ctlplane_network.py}
UndercloudCtlplaneNetworkDeployment:
type: OS::Heat::SoftwareDeployments
properties:
name: UndercloudCtlplaneNetworkDeployment
servers: {get_param: servers}
config: {get_resource: UndercloudCtlplaneNetworkConfig}
input_values:
admin_password: {get_param: AdminPassword}
# if SSL is enabled we use the public virtual ip as the stackrc endpoint
auth_url:
if:
- tls_enabled
- make_url:
scheme: https
host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
port: 13000
path: /
- make_url:
scheme: http
host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
port: 5000
path: /
config:
str_replace:
template: JSON
params:
JSON:
local_ip: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
local_subnet: {get_param: UndercloudCtlplaneLocalSubnet}
nameservers: {get_param: DnsServers}
physical_network: {get_param: CtlplaneLocalPhysicalNetwork}
subnets: {get_param: UndercloudCtlplaneSubnets}
enable_routed_networks: {get_param: UndercloudEnableRoutedNetworks}
mtu: {get_param: UndercloudLocalMtu}
View Git Blame Copy Permalink