tripleo-heat-templates/sample-env-generator/ssl.yaml
Ben Nemec 204a582099 Add nested sample environments for inject-trust-anchor
Fix a bug that prevented these working.  A unit test and
documentation for the nested environment functionality is also
included.

Change-Id: I2d4aeb584eb624178d601cfd6bc0a6473cb5289f
2017-06-12 15:02:50 -05:00

460 lines
32 KiB
YAML

environments:
-
name: ssl/enable-tls
title: Enable SSL on OpenStack Public Endpoints
description: |
Use this environment to pass in certificates for SSL deployments.
For these values to take effect, one of the tls-endpoints-*.yaml environments
must also be used.
files:
puppet/extraconfig/tls/tls-cert-inject.yaml:
parameters: all
static:
# This should probably be private, but for testing static params I'm
# setting it as such for now.
- DeployedSSLCertificatePath
sample_values:
SSLCertificate: |-
|
The contents of your certificate go here
SSLKey: |-
|
The contents of the private key go here
resource_registry:
OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
- name: ssl/inject-trust-anchor
title: Inject SSL Trust Anchor on Overcloud Nodes
description: |
When using an SSL certificate signed by a CA that is not in the default
list of CAs, this environment allows adding a custom CA certificate to
the overcloud nodes.
files:
puppet/extraconfig/tls/ca-inject.yaml:
parameters:
- SSLRootCertificate
sample_values:
SSLRootCertificate: |-
|
The contents of your certificate go here
resource_registry:
OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml
children:
- name: ssl/inject-trust-anchor-hiera
files:
puppet/services/ca-certs.yaml:
parameters:
- CAMap
# Need to clear this so we don't inherit the parent registry
resource_registry: {}
sample_values:
CAMap: |-2
first-ca-name:
content: |
The content of the CA cert goes here
second-ca-name:
content: |
The content of the CA cert goes here
-
name: ssl/tls-endpoints-public-ip
title: Deploy Public SSL Endpoints as IP Addresses
description: |
Use this environment when deploying an SSL-enabled overcloud where the public
endpoint is an IP address.
files:
network/endpoints/endpoint_map.yaml:
parameters:
- EndpointMap
sample_values:
# NOTE(bnemec): This is a bit odd, but it's the only way I've found that
# works. The |-2 tells YAML to strip two spaces off the indentation of
# the value, which because it's indented six spaces gets us to the four
# that we actually want. Note that zero is not a valid value here, so
# two seemed like the most sane option.
EndpointMap: |-2
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'}
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'}
CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'}
ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'}
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'}
HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'}
HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'}
HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'}
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'}
MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'}
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'}
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'}
PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'}
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'}
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'}
ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'}
-
name: ssl/tls-endpoints-public-dns
title: Deploy Public SSL Endpoints as DNS Names
description: |
Use this environment when deploying an SSL-enabled overcloud where the public
endpoint is a DNS name.
files:
network/endpoints/endpoint_map.yaml:
parameters:
- EndpointMap
sample_values:
# NOTE(bnemec): This is a bit odd, but it's the only way I've found that
# works. The |-2 tells YAML to strip two spaces off the indentation of
# the value, which because it's indented six spaces gets us to the four
# that we actually want. Note that zero is not a valid value here, so
# two seemed like the most sane option.
EndpointMap: |-2
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
-
name: ssl/tls-everywhere-endpoints-dns
title: Deploy All SSL Endpoints as DNS Names
description: |
Use this environment when deploying an overcloud where all the endpoints are
DNS names and there's TLS in all endpoint types.
files:
network/endpoints/endpoint_map.yaml:
parameters:
- EndpointMap
sample_values:
# NOTE(bnemec): This is a bit odd, but it's the only way I've found that
# works. The |-2 tells YAML to strip two spaces off the indentation of
# the value, which because it's indented six spaces gets us to the four
# that we actually want. Note that zero is not a valid value here, so
# two seemed like the most sane option.
EndpointMap: |-2
AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
host: 'IP_ADDRESS'}
ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'}
KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'}
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'}
NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}