summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-06-15 20:22:15 +0000
committerGerrit Code Review <review@openstack.org>2017-06-15 20:22:15 +0000
commit0354927a1143dd766cab4b9a88d4af84e404d6d9 (patch)
tree856ea52fb2c8de1ba0aa4bc625d706a989304815
parente23e8c46f4384bd691982b073f4b2aae987708bc (diff)
parent31f773a95bf64e4da49edc41a4e36ffc9ee012fd (diff)
Merge "Bind mount internal CA file to all containers"
-rw-r--r--docker/services/containers-common.yaml69
1 files changed, 57 insertions, 12 deletions
diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml
index 973d999..d104853 100644
--- a/docker/services/containers-common.yaml
+++ b/docker/services/containers-common.yaml
@@ -3,19 +3,64 @@ heat_template_version: pike
3description: > 3description: >
4 Contains a static list of common things necessary for containers 4 Contains a static list of common things necessary for containers
5 5
6parameters:
7
8 # Required parameters
9 EndpointMap:
10 default: {}
11 description: Mapping of service endpoint -> protocol. Typically set
12 via parameter_defaults in the resource registry.
13 type: json
14 ServiceNetMap:
15 default: {}
16 description: Mapping of service_name -> network name. Typically set
17 via parameter_defaults in the resource registry. This
18 mapping overrides those in ServiceNetMapDefaults.
19 type: json
20 DefaultPasswords:
21 default: {}
22 type: json
23 RoleName:
24 default: ''
25 description: Role name on which the service is applied
26 type: string
27 RoleParameters:
28 default: {}
29 description: Parameters specific to the role
30 type: json
31
32
33 EnableInternalTLS:
34 type: boolean
35 default: false
36 InternalTLSCAFile:
37 default: '/etc/ipa/ca.crt'
38 type: string
39 description: Specifies the default CA cert to use if TLS is used for
40 services in the internal network.
41
42conditions:
43
44 internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
45
6outputs: 46outputs:
7 volumes: 47 volumes:
8 description: Common volumes for the containers. 48 description: Common volumes for the containers.
9 value: 49 value:
10 - /etc/hosts:/etc/hosts:ro 50 list_concat:
11 - /etc/localtime:/etc/localtime:ro 51 - - /etc/hosts:/etc/hosts:ro
12 # required for bootstrap_host_exec 52 - /etc/localtime:/etc/localtime:ro
13 - /etc/puppet:/etc/puppet:ro 53 # required for bootstrap_host_exec
14 # OpenSSL trusted CAs 54 - /etc/puppet:/etc/puppet:ro
15 - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro 55 # OpenSSL trusted CAs
16 - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro 56 - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro
17 - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro 57 - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro
18 - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro 58 - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro
19 # Syslog socket 59 - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro
20 - /dev/log:/dev/log 60 # Syslog socket
21 - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro 61 - /dev/log:/dev/log
62 - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
63 - if:
64 - internal_tls_enabled
65 - - {get_param: InternalTLSCAFile}
66 - null