tripleo-heat-templates/environments/ssl/enable-internal-tls.j2.yaml
Emilien Macchi 2f3554cdcb Remove extraconfig/services directory
... and move the services into the deployment directory.

The extraconfig/services directory was initially created for
experimental services using an interface that was work in progress but
is now stable enough, so the services can live among the others for
simplification.

Change-Id: I2bd0b169ed18ea2fccfea4475402dd73076924c8
2019-07-18 14:44:14 -04:00

44 lines
2.0 KiB
YAML

# *******************************************************************
# This file was created automatically by the sample environment
# generator. Developers should use `tox -e genconfig` to update it.
# Users are recommended to make changes to a copy of the file instead
# of the original, if any customizations are needed.
# *******************************************************************
# title: Enable SSL on OpenStack Internal Endpoints
# description: |
# A Heat environment file which can be used to enable TLS for the internal
# network via certmonger
parameter_defaults:
# ******************************************************
# Static parameters - these are values that must be
# included in the environment but should not be changed.
# ******************************************************
#
# Type: boolean
EnableInternalTLS: True
# Messaging Notification client subscriber parameter to specify an SSL connection to the messaging host.
# Type: string
NotifyUseSSL: True
# Messaging client subscriber parameter to specify an SSL connection to the messaging host.
# Type: string
RpcUseSSL: True
# Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API.
# Type: json
ServerMetadata:
ipa_enroll: True
# *********************
# End static parameters
# *********************
resource_registry:
OS::TripleO::Services::CertmongerUser: ../../deployment/certs/certmonger-user-baremetal-puppet.yaml
OS::TripleO::Services::HAProxyInternalTLS: ../../deployment/haproxy/haproxy-internal-tls-certmonger.yaml
OS::TripleO::Services::IpaClient: ../../deployment/ipa/ipaclient-baremetal-ansible.yaml
OS::TripleO::Services::TLSProxyBase: ../../deployment/apache/apache-baremetal-puppet.yaml
{%- for role in roles %}
OS::TripleO::{{role.name}}ServiceServerMetadataHook: ../../extraconfig/nova_metadata/krb-service-principals/{{role.name.lower()}}-role.yaml
{%- endfor %}