204a582099
Fix a bug that prevented these working. A unit test and documentation for the nested environment functionality is also included. Change-Id: I2d4aeb584eb624178d601cfd6bc0a6473cb5289f
460 lines
32 KiB
YAML
460 lines
32 KiB
YAML
environments:
|
|
-
|
|
name: ssl/enable-tls
|
|
title: Enable SSL on OpenStack Public Endpoints
|
|
description: |
|
|
Use this environment to pass in certificates for SSL deployments.
|
|
For these values to take effect, one of the tls-endpoints-*.yaml environments
|
|
must also be used.
|
|
files:
|
|
puppet/extraconfig/tls/tls-cert-inject.yaml:
|
|
parameters: all
|
|
static:
|
|
# This should probably be private, but for testing static params I'm
|
|
# setting it as such for now.
|
|
- DeployedSSLCertificatePath
|
|
sample_values:
|
|
SSLCertificate: |-
|
|
|
|
|
The contents of your certificate go here
|
|
SSLKey: |-
|
|
|
|
|
The contents of the private key go here
|
|
resource_registry:
|
|
OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
|
|
- name: ssl/inject-trust-anchor
|
|
title: Inject SSL Trust Anchor on Overcloud Nodes
|
|
description: |
|
|
When using an SSL certificate signed by a CA that is not in the default
|
|
list of CAs, this environment allows adding a custom CA certificate to
|
|
the overcloud nodes.
|
|
files:
|
|
puppet/extraconfig/tls/ca-inject.yaml:
|
|
parameters:
|
|
- SSLRootCertificate
|
|
sample_values:
|
|
SSLRootCertificate: |-
|
|
|
|
|
The contents of your certificate go here
|
|
resource_registry:
|
|
OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml
|
|
children:
|
|
- name: ssl/inject-trust-anchor-hiera
|
|
files:
|
|
puppet/services/ca-certs.yaml:
|
|
parameters:
|
|
- CAMap
|
|
# Need to clear this so we don't inherit the parent registry
|
|
resource_registry: {}
|
|
sample_values:
|
|
CAMap: |-2
|
|
|
|
first-ca-name:
|
|
content: |
|
|
The content of the CA cert goes here
|
|
second-ca-name:
|
|
content: |
|
|
The content of the CA cert goes here
|
|
-
|
|
name: ssl/tls-endpoints-public-ip
|
|
title: Deploy Public SSL Endpoints as IP Addresses
|
|
description: |
|
|
Use this environment when deploying an SSL-enabled overcloud where the public
|
|
endpoint is an IP address.
|
|
files:
|
|
network/endpoints/endpoint_map.yaml:
|
|
parameters:
|
|
- EndpointMap
|
|
sample_values:
|
|
# NOTE(bnemec): This is a bit odd, but it's the only way I've found that
|
|
# works. The |-2 tells YAML to strip two spaces off the indentation of
|
|
# the value, which because it's indented six spaces gets us to the four
|
|
# that we actually want. Note that zero is not a valid value here, so
|
|
# two seemed like the most sane option.
|
|
EndpointMap: |-2
|
|
|
|
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
|
|
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
|
|
AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
|
|
BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
|
BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
|
BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'}
|
|
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
|
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
|
CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'}
|
|
CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
|
|
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
|
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
|
CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
|
|
CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
|
|
CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
|
|
CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
|
|
host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
|
|
host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
|
|
host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
|
|
host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
|
|
host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
|
|
host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
|
ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
|
ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
|
ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
|
ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
|
ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
|
ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
|
ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
|
ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
|
ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
|
Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
|
|
Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
|
|
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'}
|
|
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
|
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
|
GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
|
|
GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
|
|
GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
|
|
GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'}
|
|
HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
|
HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
|
HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'}
|
|
HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
|
|
HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
|
|
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'}
|
|
HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
|
|
IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
|
|
IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
|
|
IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
|
|
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
|
|
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
|
|
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'}
|
|
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
|
|
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
|
|
KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
|
|
ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
|
|
ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
|
|
ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'}
|
|
MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
|
|
MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
|
|
MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
|
|
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
|
|
NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
|
NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
|
NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'}
|
|
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
|
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
|
NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
|
|
NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
|
|
NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
|
|
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'}
|
|
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
|
|
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
|
|
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
|
|
OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
|
|
OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
|
|
OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'}
|
|
PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
|
|
PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
|
|
PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'}
|
|
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
|
|
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
|
|
SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'}
|
|
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
|
|
TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
|
|
TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
|
|
TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
|
|
ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
|
|
ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
|
|
ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'}
|
|
ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
|
|
ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
|
|
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'}
|
|
-
|
|
name: ssl/tls-endpoints-public-dns
|
|
title: Deploy Public SSL Endpoints as DNS Names
|
|
description: |
|
|
Use this environment when deploying an SSL-enabled overcloud where the public
|
|
endpoint is a DNS name.
|
|
files:
|
|
network/endpoints/endpoint_map.yaml:
|
|
parameters:
|
|
- EndpointMap
|
|
sample_values:
|
|
# NOTE(bnemec): This is a bit odd, but it's the only way I've found that
|
|
# works. The |-2 tells YAML to strip two spaces off the indentation of
|
|
# the value, which because it's indented six spaces gets us to the four
|
|
# that we actually want. Note that zero is not a valid value here, so
|
|
# two seemed like the most sane option.
|
|
EndpointMap: |-2
|
|
|
|
AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
|
|
AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
|
|
AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
|
|
BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
|
BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
|
BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
|
|
CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
|
CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
|
|
CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
|
|
CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
|
|
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
|
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
|
|
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
|
|
CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
|
|
CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
|
|
CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
|
|
ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
|
|
host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
|
|
host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
|
|
host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
|
|
host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
|
|
host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
|
|
host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
|
ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
|
ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
|
ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
|
ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
|
ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
|
ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
|
ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
|
ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
|
ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
|
Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
|
|
Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
|
|
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
|
|
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
|
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
|
|
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
|
|
GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
|
|
GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
|
|
GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
|
|
HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
|
HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
|
|
HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
|
|
HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
|
|
HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
|
|
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
|
|
HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
|
|
IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
|
|
IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
|
|
IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
|
|
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
|
|
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
|
|
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
|
|
KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
|
|
KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
|
|
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
|
|
ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
|
|
ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
|
|
ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
|
|
MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
|
|
MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
|
|
MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
|
|
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
|
|
NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
|
NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
|
|
NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
|
|
NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
|
NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
|
|
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
|
|
NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
|
|
NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
|
|
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
|
|
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
|
|
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
|
|
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
|
|
OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
|
|
OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
|
|
OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
|
|
PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
|
|
PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
|
|
PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
|
|
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
|
|
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
|
|
SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
|
|
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
|
|
TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
|
|
TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
|
|
TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
|
|
ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
|
|
ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
|
|
ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
|
|
ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
|
|
ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
|
|
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
|
|
-
|
|
name: ssl/tls-everywhere-endpoints-dns
|
|
title: Deploy All SSL Endpoints as DNS Names
|
|
description: |
|
|
Use this environment when deploying an overcloud where all the endpoints are
|
|
DNS names and there's TLS in all endpoint types.
|
|
files:
|
|
network/endpoints/endpoint_map.yaml:
|
|
parameters:
|
|
- EndpointMap
|
|
sample_values:
|
|
# NOTE(bnemec): This is a bit odd, but it's the only way I've found that
|
|
# works. The |-2 tells YAML to strip two spaces off the indentation of
|
|
# the value, which because it's indented six spaces gets us to the four
|
|
# that we actually want. Note that zero is not a valid value here, so
|
|
# two seemed like the most sane option.
|
|
EndpointMap: |-2
|
|
|
|
AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
|
|
AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
|
|
AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
|
|
BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
|
|
BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
|
|
BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
|
|
CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
|
|
CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
|
|
CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
|
|
CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
|
|
CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
|
|
CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
|
|
CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
|
|
CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
|
|
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
|
|
CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
|
|
CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
|
|
CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
|
|
ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
|
|
host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
|
|
host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
|
|
host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
|
|
host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
|
|
host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
|
|
host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
|
ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
|
|
ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
|
ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
|
ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
|
|
ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
|
ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
|
ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
|
|
ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
|
ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
|
ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
|
ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
|
|
Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
|
|
Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
|
|
Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
|
|
GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
|
|
GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
|
|
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
|
|
GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
|
|
GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
|
|
GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
|
|
HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
|
|
HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
|
|
HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
|
|
HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
|
|
HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
|
|
HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
|
|
HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
|
|
IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
|
|
IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
|
|
IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
|
|
IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
|
|
IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
|
|
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
|
|
KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'}
|
|
KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'}
|
|
KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
|
|
ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
|
|
ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
|
|
ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
|
|
MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
|
|
MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
|
|
MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
|
|
MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'}
|
|
NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
|
|
NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
|
|
NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
|
|
NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
|
|
NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
|
|
NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
|
|
NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
|
|
NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
|
|
NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
|
|
NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
|
|
NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
|
|
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
|
|
OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
|
|
OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
|
|
OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
|
|
PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
|
|
PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
|
|
PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
|
|
SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
|
|
SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
|
|
SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
|
|
SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
|
|
SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
|
|
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
|
|
TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
|
|
TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
|
|
TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
|
|
ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
|
|
ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
|
|
ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
|
|
ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
|
|
ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
|
|
ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
|