03c8cbcdc2
I934561612d26befd88a9053262836b47bdf4efb0 renamed the rabbit ssl parameters that we use in the same environment generate but since the script did not fail, it made it past CI. This change fixes the RabbitClientUseSsl parameter in the environment to match the new RpcUseSsl flag and updates the check script to fail if this happens again. Change-Id: I47c63875c6934bca2903883787467fc1804ba5da Closes-Bug: #1768358
442 lines
29 KiB
YAML
442 lines
29 KiB
YAML
environments:
|
|
-
|
|
name: ssl/enable-tls
|
|
title: Enable SSL on OpenStack Public Endpoints
|
|
description: |
|
|
Use this environment to pass in certificates for SSL deployments.
|
|
For these values to take effect, one of the tls-endpoints-*.yaml environments
|
|
must also be used.
|
|
files:
|
|
puppet/extraconfig/tls/tls-cert-inject.yaml:
|
|
parameters: all
|
|
static:
|
|
# This should probably be private, but for testing static params I'm
|
|
# setting it as such for now.
|
|
- DeployedSSLCertificatePath
|
|
sample_values:
|
|
SSLCertificate: |-
|
|
|
|
|
The contents of your certificate go here
|
|
SSLKey: |-
|
|
|
|
|
The contents of the private key go here
|
|
resource_registry:
|
|
OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
|
|
-
|
|
name: ssl/enable-internal-tls
|
|
title: Enable SSL on OpenStack Internal Endpoints
|
|
description: |
|
|
A Heat environment file which can be used to enable TLS for the internal
|
|
network via certmonger
|
|
files:
|
|
puppet/all-nodes-config.yaml:
|
|
parameters:
|
|
- EnableInternalTLS
|
|
puppet/services/nova-base.yaml:
|
|
parameters:
|
|
- RpcUseSSL
|
|
overcloud.yaml:
|
|
parameters:
|
|
- ServerMetadata
|
|
static:
|
|
- EnableInternalTLS
|
|
- RpcUseSSL
|
|
- ServerMetadata
|
|
sample_values:
|
|
EnableInternalTLS: True
|
|
RpcUseSSL: True
|
|
ServerMetadata: |-2
|
|
|
|
ipa_enroll: True
|
|
resource_registry:
|
|
# FIXME(bogdando): switch it, once it is containerized
|
|
OS::TripleO::Services::CertmongerUser: ../../puppet/services/certmonger-user.yaml
|
|
OS::TripleO::Services::HAProxyInternalTLS: ../../puppet/services/haproxy-internal-tls-certmonger.yaml
|
|
# We use apache as a TLS proxy
|
|
# FIXME(bogdando): switch it, once it is containerized
|
|
OS::TripleO::Services::TLSProxyBase: ../../puppet/services/apache.yaml
|
|
# Creates nova metadata that will create the extra service principals per
|
|
# node.
|
|
OS::TripleO::ServiceServerMetadataHook: ../../extraconfig/nova_metadata/krb-service-principals.yaml
|
|
- name: ssl/inject-trust-anchor
|
|
title: Inject SSL Trust Anchor on Overcloud Nodes
|
|
description: |
|
|
When using an SSL certificate signed by a CA that is not in the default
|
|
list of CAs, this environment allows adding a custom CA certificate to
|
|
the overcloud nodes.
|
|
files:
|
|
puppet/extraconfig/tls/ca-inject.yaml:
|
|
parameters:
|
|
- SSLRootCertificate
|
|
sample_values:
|
|
SSLRootCertificate: |-
|
|
|
|
|
The contents of your certificate go here
|
|
resource_registry:
|
|
OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml
|
|
children:
|
|
- name: ssl/inject-trust-anchor-hiera
|
|
files:
|
|
puppet/services/ca-certs.yaml:
|
|
parameters:
|
|
- CAMap
|
|
# Need to clear this so we don't inherit the parent registry
|
|
resource_registry: {}
|
|
sample_values:
|
|
CAMap: |-2
|
|
|
|
first-ca-name:
|
|
content: |
|
|
The content of the CA cert goes here
|
|
second-ca-name:
|
|
content: |
|
|
The content of the CA cert goes here
|
|
-
|
|
name: ssl/tls-endpoints-public-ip
|
|
title: Deploy Public SSL Endpoints as IP Addresses
|
|
description: |
|
|
Use this environment when deploying an SSL-enabled overcloud where the public
|
|
endpoint is an IP address.
|
|
files:
|
|
network/endpoints/endpoint_map.yaml:
|
|
parameters:
|
|
- EndpointMap
|
|
sample_values:
|
|
# NOTE(bnemec): This is a bit odd, but it's the only way I've found that
|
|
# works. The |-2 tells YAML to strip two spaces off the indentation of
|
|
# the value, which because it's indented six spaces gets us to the four
|
|
# that we actually want. Note that zero is not a valid value here, so
|
|
# two seemed like the most sane option.
|
|
EndpointMap: |-2
|
|
|
|
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
|
|
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
|
|
AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
|
|
BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
|
BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
|
BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'}
|
|
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
|
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
|
CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'}
|
|
CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
|
|
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
|
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
|
CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
|
|
CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
|
|
CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
|
|
CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'}
|
|
DesignateAdmin: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'}
|
|
DesignateInternal: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'}
|
|
DesignatePublic: {protocol: 'https', port: '13001', host: 'IP_ADDRESS'}
|
|
DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'IP_ADDRESS'}
|
|
Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
|
|
Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
|
|
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'}
|
|
GaneshaInternal: {protocol: 'nfs', port: '2049', host: 'IP_ADDRESS'}
|
|
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
|
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
|
GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
|
|
GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
|
|
GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
|
|
GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'}
|
|
HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
|
HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
|
HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'}
|
|
HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
|
|
HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
|
|
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'}
|
|
HeatUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
|
HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
|
IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
|
|
IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
|
|
IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
|
|
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
|
|
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
|
|
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'}
|
|
IronicInspectorUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
|
IronicUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
|
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
|
|
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
|
|
KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
|
|
KeystoneUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
|
ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
|
|
ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
|
|
ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'}
|
|
MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
|
|
MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
|
|
MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
|
|
MistralUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
|
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
|
|
NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
|
NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
|
NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'}
|
|
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
|
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
|
NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
|
|
NovaUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
|
NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
|
|
NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
|
|
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'}
|
|
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
|
|
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
|
|
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
|
|
OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
|
|
OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
|
|
OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'}
|
|
OpenDaylightAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
|
OpenDaylightInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
|
PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
|
|
PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
|
|
PankoPublic: {protocol: 'https', port: '13977', host: 'IP_ADDRESS'}
|
|
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
|
|
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
|
|
SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'}
|
|
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
|
|
SwiftUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
|
TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
|
|
TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
|
|
TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
|
|
ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
|
|
ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
|
|
ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'}
|
|
ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
|
|
ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
|
|
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'}
|
|
ZaqarWebSocketUIConfig: {protocol: 'wss', port: '443', host: 'IP_ADDRESS'}
|
|
-
|
|
name: ssl/tls-endpoints-public-dns
|
|
title: Deploy Public SSL Endpoints as DNS Names
|
|
description: |
|
|
Use this environment when deploying an SSL-enabled overcloud where the public
|
|
endpoint is a DNS name.
|
|
files:
|
|
network/endpoints/endpoint_map.yaml:
|
|
parameters:
|
|
- EndpointMap
|
|
sample_values:
|
|
# NOTE(bnemec): This is a bit odd, but it's the only way I've found that
|
|
# works. The |-2 tells YAML to strip two spaces off the indentation of
|
|
# the value, which because it's indented six spaces gets us to the four
|
|
# that we actually want. Note that zero is not a valid value here, so
|
|
# two seemed like the most sane option.
|
|
EndpointMap: |-2
|
|
|
|
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
|
|
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
|
|
AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
|
|
BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
|
BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
|
BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
|
|
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
|
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
|
CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
|
|
CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
|
|
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
|
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
|
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
|
|
CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
|
|
CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
|
|
CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
|
|
DesignateAdmin: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'}
|
|
DesignateInternal: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'}
|
|
DesignatePublic: {protocol: 'https', port: '13001', host: 'CLOUDNAME'}
|
|
DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'}
|
|
Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
|
|
Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
|
|
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
|
|
GaneshaInternal: {protocol: 'nfs', port: '2049', host: 'IP_ADDRESS'}
|
|
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
|
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
|
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
|
|
GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
|
|
GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
|
|
GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
|
|
HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
|
HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
|
HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
|
|
HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
|
|
HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
|
|
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
|
|
HeatUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
|
HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
|
|
IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
|
|
IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
|
|
IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
|
|
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
|
|
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
|
|
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
|
|
IronicInspectorUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
|
IronicUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
|
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
|
|
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
|
|
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
|
|
KeystoneUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
|
ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
|
|
ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
|
|
ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
|
|
MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
|
|
MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
|
|
MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
|
|
MistralUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
|
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
|
|
NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
|
NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
|
NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
|
|
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
|
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
|
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
|
|
NovaUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
|
NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
|
|
NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
|
|
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
|
|
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
|
|
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
|
|
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
|
|
OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
|
|
OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
|
|
OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
|
|
OpenDaylightAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
|
OpenDaylightInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
|
PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
|
|
PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
|
|
PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'}
|
|
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
|
|
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
|
|
SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
|
|
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
|
|
SwiftUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
|
TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
|
|
TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
|
|
TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
|
|
ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
|
|
ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
|
|
ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
|
|
ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
|
|
ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
|
|
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
|
|
ZaqarWebSocketUIConfig: {protocol: 'wss', port: '443', host: 'IP_ADDRESS'}
|
|
-
|
|
name: ssl/tls-everywhere-endpoints-dns
|
|
title: Deploy All SSL Endpoints as DNS Names
|
|
description: |
|
|
Use this environment when deploying an overcloud where all the endpoints are
|
|
DNS names and there's TLS in all endpoint types.
|
|
files:
|
|
network/endpoints/endpoint_map.yaml:
|
|
parameters:
|
|
- EndpointMap
|
|
sample_values:
|
|
# NOTE(bnemec): This is a bit odd, but it's the only way I've found that
|
|
# works. The |-2 tells YAML to strip two spaces off the indentation of
|
|
# the value, which because it's indented six spaces gets us to the four
|
|
# that we actually want. Note that zero is not a valid value here, so
|
|
# two seemed like the most sane option.
|
|
EndpointMap: |-2
|
|
|
|
AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
|
|
AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
|
|
AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
|
|
BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
|
|
BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
|
|
BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
|
|
CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
|
|
CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
|
|
CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
|
|
CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
|
|
CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
|
|
CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
|
|
CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
|
|
CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
|
|
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
|
|
CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
|
|
CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
|
|
CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
|
|
DesignateAdmin: {protocol: 'https', port: '9001', host: 'CLOUDNAME'}
|
|
DesignateInternal: {protocol: 'https', port: '9001', host: 'CLOUDNAME'}
|
|
DesignatePublic: {protocol: 'https', port: '13001', host: 'CLOUDNAME'}
|
|
DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'}
|
|
Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
|
|
Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
|
|
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
|
|
GaneshaInternal: {protocol: 'nfs', port: '2049', host: 'CLOUDNAME'}
|
|
GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
|
|
GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
|
|
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
|
|
GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
|
|
GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
|
|
GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
|
|
HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
|
|
HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
|
|
HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
|
|
HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
|
|
HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
|
|
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
|
|
HeatUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
|
|
HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
|
|
IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
|
|
IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
|
|
IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
|
|
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
|
|
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
|
|
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
|
|
IronicInspectorUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
|
|
IronicUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
|
|
KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'}
|
|
KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'}
|
|
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
|
|
KeystoneUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
|
|
ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
|
|
ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
|
|
ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
|
|
MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
|
|
MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
|
|
MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
|
|
MistralUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
|
|
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'}
|
|
NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
|
|
NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
|
|
NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
|
|
NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
|
|
NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
|
|
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
|
|
NovaUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
|
|
NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
|
|
NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
|
|
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
|
|
NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
|
|
NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
|
|
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
|
|
OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
|
|
OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
|
|
OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
|
|
OpenDaylightAdmin: {protocol: 'https', port: '8081', host: 'CLOUDNAME'}
|
|
OpenDaylightInternal: {protocol: 'https', port: '8081', host: 'CLOUDNAME'}
|
|
PankoAdmin: {protocol: 'https', port: '8977', host: 'CLOUDNAME'}
|
|
PankoInternal: {protocol: 'https', port: '8977', host: 'CLOUDNAME'}
|
|
PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'}
|
|
SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
|
|
SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
|
|
SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
|
|
SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
|
|
SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
|
|
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
|
|
SwiftUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
|
|
TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
|
|
TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
|
|
TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
|
|
ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
|
|
ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
|
|
ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
|
|
ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
|
|
ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
|
|
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
|
|
ZaqarWebSocketUIConfig: {protocol: 'wss', port: '443', host: 'CLOUDNAME'}
|