d5ecc1f651
Not all roles are connected to all networks, there is no need to create metadata for networks not associated with the role. In edge/spine-and-leaf deployments the total number of composable networks used can be high. Passing all the networks we quickly go beyond the nova metadata fields size limit (each field cannot exceed 256 bytes). Also update tools/check-up-to-date.sh script to use the simple yaml-diff.py instead of diff. The env generator code will sort data, while jinja rendered environments are not sorted, thus need to diff the data in yaml not the text. Closes-Bug: #1821377 Change-Id: I5ae3bc845b0a6ad6986d44b14ff4b0737a9b033b
44 lines
1.9 KiB
YAML
44 lines
1.9 KiB
YAML
# *******************************************************************
|
|
# This file was created automatically by the sample environment
|
|
# generator. Developers should use `tox -e genconfig` to update it.
|
|
# Users are recommended to make changes to a copy of the file instead
|
|
# of the original, if any customizations are needed.
|
|
# *******************************************************************
|
|
# title: Enable SSL on OpenStack Internal Endpoints
|
|
# description: |
|
|
# A Heat environment file which can be used to enable TLS for the internal
|
|
# network via certmonger
|
|
parameter_defaults:
|
|
# ******************************************************
|
|
# Static parameters - these are values that must be
|
|
# included in the environment but should not be changed.
|
|
# ******************************************************
|
|
#
|
|
# Type: boolean
|
|
EnableInternalTLS: True
|
|
|
|
# Messaging Notification client subscriber parameter to specify an SSL connection to the messaging host.
|
|
# Type: string
|
|
NotifyUseSSL: True
|
|
|
|
# Messaging client subscriber parameter to specify an SSL connection to the messaging host.
|
|
# Type: string
|
|
RpcUseSSL: True
|
|
|
|
# Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API.
|
|
# Type: json
|
|
ServerMetadata:
|
|
ipa_enroll: True
|
|
|
|
# *********************
|
|
# End static parameters
|
|
# *********************
|
|
resource_registry:
|
|
OS::TripleO::Services::CertmongerUser: ../../puppet/services/certmonger-user.yaml
|
|
OS::TripleO::Services::HAProxyInternalTLS: ../../deployment/haproxy/haproxy-internal-tls-certmonger.yaml
|
|
OS::TripleO::Services::IpaClient: ../../extraconfig/services/ipaclient.yaml
|
|
OS::TripleO::Services::TLSProxyBase: ../../deployment/apache/apache-baremetal-puppet.yaml
|
|
{%- for role in roles %}
|
|
OS::TripleO::{{role.name}}ServiceServerMetadataHook: ../../extraconfig/nova_metadata/krb-service-principals/{{role.name.lower()}}-role.yaml
|
|
{%- endfor %}
|