summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-06-19 15:26:33 +0000
committerGerrit Code Review <review@openstack.org>2017-06-19 15:26:33 +0000
commit96813ba2683552860c68d99931aa77cd6a0bf391 (patch)
tree6df1901592d7eb8a6aced93a247a7e13ef58ee82
parentab6080f94ddb1a0c4b7441064dd2728c98885ada (diff)
parentf503d1b0e7fb9fe77e6fd1e71e08ca2d43427578 (diff)
Merge "Support config dir for env generator input files"
-rw-r--r--environments/enable-tls.yaml3
-rw-r--r--environments/ssl/enable-tls.yaml41
-rw-r--r--environments/ssl/tls-endpoints-public-dns.yaml131
-rw-r--r--environments/ssl/tls-endpoints-public-ip.yaml131
-rw-r--r--environments/ssl/tls-everywhere-endpoints-dns.yaml131
-rw-r--r--environments/tls-endpoints-public-dns.yaml4
-rw-r--r--environments/tls-endpoints-public-ip.yaml4
-rw-r--r--sample-env-generator/README.rst4
-rw-r--r--sample-env-generator/predictable-placement.yaml (renamed from sample-env-generator/sample-environments.yaml)0
-rw-r--r--sample-env-generator/ssl.yaml426
-rwxr-xr-xtools/yaml-validate.py13
-rw-r--r--tox.ini2
-rwxr-xr-xtripleo_heat_templates/environment_generator.py24
13 files changed, 900 insertions, 14 deletions
diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml
index 481459c..175e1fd 100644
--- a/environments/enable-tls.yaml
+++ b/environments/enable-tls.yaml
@@ -1,3 +1,6 @@
1# ********************************************************************************
2# DEPRECATED: Use tripleo-heat-templates/environments/ssl/enable-tls.yaml instead.
3# ********************************************************************************
1# Use this environment to pass in certificates for SSL deployments. 4# Use this environment to pass in certificates for SSL deployments.
2# For these values to take effect, one of the tls-endpoints-*.yaml environments 5# For these values to take effect, one of the tls-endpoints-*.yaml environments
3# must also be used. 6# must also be used.
diff --git a/environments/ssl/enable-tls.yaml b/environments/ssl/enable-tls.yaml
new file mode 100644
index 0000000..c8ed2bd
--- /dev/null
+++ b/environments/ssl/enable-tls.yaml
@@ -0,0 +1,41 @@
1# *******************************************************************
2# This file was created automatically by the sample environment
3# generator. Developers should use `tox -e genconfig` to update it.
4# Users are recommended to make changes to a copy of the file instead
5# of the original, if any customizations are needed.
6# *******************************************************************
7# title: Enable SSL on OpenStack Public Endpoints
8# description: |
9# Use this environment to pass in certificates for SSL deployments.
10# For these values to take effect, one of the tls-endpoints-*.yaml environments
11# must also be used.
12parameter_defaults:
13 # The content of the SSL certificate (without Key) in PEM format.
14 # Mandatory. This parameter must be set by the user.
15 # Type: string
16 SSLCertificate: |
17 The contents of your certificate go here
18
19 # The content of an SSL intermediate CA certificate in PEM format.
20 # Type: string
21 SSLIntermediateCertificate: ''
22
23 # The content of the SSL Key in PEM format.
24 # Mandatory. This parameter must be set by the user.
25 # Type: string
26 SSLKey: |
27 The contents of the private key go here
28
29 # ******************************************************
30 # Static parameters - these are values that must be
31 # included in the environment but should not be changed.
32 # ******************************************************
33 # The filepath of the certificate as it will be stored in the controller.
34 # Type: string
35 DeployedSSLCertificatePath: /etc/pki/tls/private/overcloud_endpoint.pem
36
37 # *********************
38 # End static parameters
39 # *********************
40resource_registry:
41 OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
diff --git a/environments/ssl/tls-endpoints-public-dns.yaml b/environments/ssl/tls-endpoints-public-dns.yaml
new file mode 100644
index 0000000..d1cab98
--- /dev/null
+++ b/environments/ssl/tls-endpoints-public-dns.yaml
@@ -0,0 +1,131 @@
1# *******************************************************************
2# This file was created automatically by the sample environment
3# generator. Developers should use `tox -e genconfig` to update it.
4# Users are recommended to make changes to a copy of the file instead
5# of the original, if any customizations are needed.
6# *******************************************************************
7# title: Deploy Public SSL Endpoints as DNS Names
8# description: |
9# Use this environment when deploying an SSL-enabled overcloud where the public
10# endpoint is a DNS name.
11parameter_defaults:
12 # Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.
13 # Type: json
14 EndpointMap:
15 AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
16 AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
17 AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
18 BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
19 BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
20 BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
21 CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
22 CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
23 CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
24 CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
25 CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
26 CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
27 CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
28 CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
29 CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
30 CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
31 CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
32 CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
33 ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
34 ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
35 ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
36 ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
37 host: 'IP_ADDRESS'}
38 ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
39 host: 'IP_ADDRESS'}
40 ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
41 host: 'IP_ADDRESS'}
42 ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
43 host: 'IP_ADDRESS'}
44 ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
45 host: 'IP_ADDRESS'}
46 ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
47 host: 'IP_ADDRESS'}
48 ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
49 ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
50 ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
51 ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
52 ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
53 ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
54 ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
55 ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
56 ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
57 ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
58 ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
59 ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
60 ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
61 ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
62 ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
63 ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
64 ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
65 ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
66 Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
67 Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
68 Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
69 GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
70 GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
71 GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
72 GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
73 GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
74 GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
75 HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
76 HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
77 HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
78 HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
79 HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
80 HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
81 HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
82 IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
83 IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
84 IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
85 IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
86 IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
87 IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
88 KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
89 KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
90 KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
91 ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
92 ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
93 ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
94 MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
95 MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
96 MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
97 MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
98 NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
99 NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
100 NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
101 NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
102 NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
103 NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
104 NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
105 NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
106 NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
107 NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
108 NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
109 NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
110 OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
111 OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
112 OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
113 PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
114 PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
115 PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
116 SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
117 SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
118 SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
119 SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
120 SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
121 SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
122 TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
123 TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
124 TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
125 ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
126 ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
127 ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
128 ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
129 ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
130 ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
131
diff --git a/environments/ssl/tls-endpoints-public-ip.yaml b/environments/ssl/tls-endpoints-public-ip.yaml
new file mode 100644
index 0000000..cb41dc1
--- /dev/null
+++ b/environments/ssl/tls-endpoints-public-ip.yaml
@@ -0,0 +1,131 @@
1# *******************************************************************
2# This file was created automatically by the sample environment
3# generator. Developers should use `tox -e genconfig` to update it.
4# Users are recommended to make changes to a copy of the file instead
5# of the original, if any customizations are needed.
6# *******************************************************************
7# title: Deploy Public SSL Endpoints as IP Addresses
8# description: |
9# Use this environment when deploying an SSL-enabled overcloud where the public
10# endpoint is an IP address.
11parameter_defaults:
12 # Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.
13 # Type: json
14 EndpointMap:
15 AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
16 AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
17 AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
18 BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
19 BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
20 BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'}
21 CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
22 CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
23 CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'}
24 CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
25 CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
26 CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
27 CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
28 CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
29 CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
30 CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
31 CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
32 CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'}
33 ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
34 ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
35 ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
36 ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
37 host: 'IP_ADDRESS'}
38 ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
39 host: 'IP_ADDRESS'}
40 ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
41 host: 'IP_ADDRESS'}
42 ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
43 host: 'IP_ADDRESS'}
44 ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
45 host: 'IP_ADDRESS'}
46 ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
47 host: 'IP_ADDRESS'}
48 ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
49 ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
50 ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
51 ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
52 ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
53 ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
54 ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
55 ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
56 ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
57 ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
58 ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
59 ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
60 ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
61 ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
62 ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
63 ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
64 ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
65 ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
66 Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
67 Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
68 Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'}
69 GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
70 GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
71 GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
72 GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
73 GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
74 GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'}
75 HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
76 HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
77 HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'}
78 HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
79 HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
80 HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'}
81 HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
82 IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
83 IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
84 IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
85 IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
86 IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
87 IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'}
88 KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
89 KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
90 KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
91 ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
92 ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
93 ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'}
94 MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
95 MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
96 MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
97 MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
98 NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
99 NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
100 NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'}
101 NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
102 NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
103 NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
104 NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
105 NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
106 NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'}
107 NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
108 NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
109 NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
110 OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
111 OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
112 OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'}
113 PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
114 PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
115 PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'}
116 SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
117 SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
118 SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'}
119 SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
120 SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
121 SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
122 TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
123 TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
124 TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
125 ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
126 ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
127 ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'}
128 ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
129 ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
130 ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'}
131
diff --git a/environments/ssl/tls-everywhere-endpoints-dns.yaml b/environments/ssl/tls-everywhere-endpoints-dns.yaml
new file mode 100644
index 0000000..7ae7f3a
--- /dev/null
+++ b/environments/ssl/tls-everywhere-endpoints-dns.yaml
@@ -0,0 +1,131 @@
1# *******************************************************************
2# This file was created automatically by the sample environment
3# generator. Developers should use `tox -e genconfig` to update it.
4# Users are recommended to make changes to a copy of the file instead
5# of the original, if any customizations are needed.
6# *******************************************************************
7# title: Deploy All SSL Endpoints as DNS Names
8# description: |
9# Use this environment when deploying an overcloud where all the endpoints are
10# DNS names and there's TLS in all endpoint types.
11parameter_defaults:
12 # Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.
13 # Type: json
14 EndpointMap:
15 AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
16 AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
17 AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
18 BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
19 BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
20 BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
21 CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
22 CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
23 CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
24 CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
25 CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
26 CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
27 CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
28 CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
29 CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
30 CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
31 CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
32 CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
33 ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
34 ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
35 ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
36 ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
37 host: 'IP_ADDRESS'}
38 ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
39 host: 'IP_ADDRESS'}
40 ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
41 host: 'IP_ADDRESS'}
42 ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
43 host: 'IP_ADDRESS'}
44 ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
45 host: 'IP_ADDRESS'}
46 ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
47 host: 'IP_ADDRESS'}
48 ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
49 ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
50 ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
51 ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
52 ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
53 ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
54 ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
55 ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
56 ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
57 ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
58 ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
59 ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
60 ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
61 ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
62 ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
63 ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
64 ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
65 ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
66 Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
67 Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
68 Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
69 GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
70 GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
71 GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
72 GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
73 GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
74 GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
75 HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
76 HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
77 HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
78 HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
79 HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
80 HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
81 HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
82 IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
83 IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
84 IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
85 IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
86 IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
87 IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
88 KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'}
89 KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'}
90 KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
91 ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
92 ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
93 ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
94 MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
95 MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
96 MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
97 MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'}
98 NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
99 NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
100 NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
101 NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
102 NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
103 NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
104 NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
105 NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
106 NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
107 NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
108 NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
109 NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
110 OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
111 OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
112 OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
113 PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
114 PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
115 PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
116 SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
117 SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
118 SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
119 SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
120 SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
121 SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
122 TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
123 TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
124 TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
125 ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
126 ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
127 ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
128 ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
129 ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
130 ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
131
diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml
index 92b696b..83b3249 100644
--- a/environments/tls-endpoints-public-dns.yaml
+++ b/environments/tls-endpoints-public-dns.yaml
@@ -1,3 +1,7 @@
1# *************************************************************************************
2# DEPRECATED: Use tripleo-heat-templates/environments/ssl/tls-endpoints-public-dns.yaml
3# instead.
4# *************************************************************************************
1# Use this environment when deploying an SSL-enabled overcloud where the public 5# Use this environment when deploying an SSL-enabled overcloud where the public
2# endpoint is a DNS name. 6# endpoint is a DNS name.
3parameter_defaults: 7parameter_defaults:
diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml
index c879ff9..8e50297 100644
--- a/environments/tls-endpoints-public-ip.yaml
+++ b/environments/tls-endpoints-public-ip.yaml
@@ -1,3 +1,7 @@
1# *************************************************************************************
2# DEPRECATED: Use tripleo-heat-templates/environments/ssl/tls-endpoints-public-ip.yaml
3# instead.
4# *************************************************************************************
1# Use this environment when deploying an SSL-enabled overcloud where the public 5# Use this environment when deploying an SSL-enabled overcloud where the public
2# endpoint is an IP address. 6# endpoint is an IP address.
3parameter_defaults: 7parameter_defaults:
diff --git a/sample-env-generator/README.rst b/sample-env-generator/README.rst
index 71e9810..55f3bac 100644
--- a/sample-env-generator/README.rst
+++ b/sample-env-generator/README.rst
@@ -19,8 +19,8 @@ target to do this::
19 ``tripleo-heat-templates`` project. 19 ``tripleo-heat-templates`` project.
20 20
21If a new sample environment is needed, it should be added to the 21If a new sample environment is needed, it should be added to the
22``sample-env-generator/sample-environments.yaml`` file. The existing 22appropriate file in the ``sample-env-generator/`` directory. The existing
23entries in the file can be used as examples, and a more detailed 23entries in the files can be used as examples, and a more detailed
24explanation of the different available keys is below: 24explanation of the different available keys is below:
25 25
26- **name**: the output file will be this name + .yaml, in the 26- **name**: the output file will be this name + .yaml, in the
diff --git a/sample-env-generator/sample-environments.yaml b/sample-env-generator/predictable-placement.yaml
index ffda7ac..ffda7ac 100644
--- a/sample-env-generator/sample-environments.yaml
+++ b/sample-env-generator/predictable-placement.yaml
diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml
new file mode 100644
index 0000000..2f379f3
--- /dev/null
+++ b/sample-env-generator/ssl.yaml
@@ -0,0 +1,426 @@
1environments:
2 -
3 name: ssl/enable-tls
4 title: Enable SSL on OpenStack Public Endpoints
5 description: |
6 Use this environment to pass in certificates for SSL deployments.
7 For these values to take effect, one of the tls-endpoints-*.yaml environments
8 must also be used.
9 files:
10 puppet/extraconfig/tls/tls-cert-inject.yaml:
11 parameters: all
12 static:
13 # This should probably be private, but for testing static params I'm
14 # setting it as such for now.
15 - DeployedSSLCertificatePath
16 sample_values:
17 SSLCertificate: |-
18 |
19 The contents of your certificate go here
20 SSLKey: |-
21 |
22 The contents of the private key go here
23 resource_registry:
24 OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
25 -
26 name: ssl/tls-endpoints-public-ip
27 title: Deploy Public SSL Endpoints as IP Addresses
28 description: |
29 Use this environment when deploying an SSL-enabled overcloud where the public
30 endpoint is an IP address.
31 files:
32 network/endpoints/endpoint_map.yaml:
33 parameters:
34 - EndpointMap
35 sample_values:
36 # NOTE(bnemec): This is a bit odd, but it's the only way I've found that
37 # works. The |-2 tells YAML to strip two spaces off the indentation of
38 # the value, which because it's indented six spaces gets us to the four
39 # that we actually want. Note that zero is not a valid value here, so
40 # two seemed like the most sane option.
41 EndpointMap: |-2
42
43 AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
44 AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
45 AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
46 BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
47 BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
48 BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'}
49 CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
50 CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
51 CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'}
52 CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
53 CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
54 CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
55 CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
56 CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
57 CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
58 CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
59 CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
60 CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'}
61 ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
62 ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
63 ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
64 ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
65 host: 'IP_ADDRESS'}
66 ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
67 host: 'IP_ADDRESS'}
68 ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
69 host: 'IP_ADDRESS'}
70 ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
71 host: 'IP_ADDRESS'}
72 ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
73 host: 'IP_ADDRESS'}
74 ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
75 host: 'IP_ADDRESS'}
76 ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
77 ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
78 ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
79 ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
80 ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
81 ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
82 ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
83 ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
84 ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
85 ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
86 ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
87 ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
88 ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
89 ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
90 ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
91 ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
92 ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
93 ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
94 Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
95 Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
96 Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'}
97 GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
98 GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
99 GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
100 GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
101 GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
102 GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'}
103 HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
104 HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
105 HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'}
106 HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
107 HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
108 HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'}
109 HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
110 IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
111 IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
112 IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
113 IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
114 IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
115 IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'}
116 KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
117 KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
118 KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
119 ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
120 ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
121 ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'}
122 MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
123 MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
124 MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
125 MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
126 NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
127 NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
128 NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'}
129 NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
130 NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
131 NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
132 NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
133 NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
134 NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'}
135 NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
136 NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
137 NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
138 OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
139 OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
140 OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'}
141 PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
142 PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
143 PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'}
144 SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
145 SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
146 SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'}
147 SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
148 SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
149 SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
150 TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
151 TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
152 TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
153 ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
154 ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
155 ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'}
156 ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
157 ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
158 ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'}
159 -
160 name: ssl/tls-endpoints-public-dns
161 title: Deploy Public SSL Endpoints as DNS Names
162 description: |
163 Use this environment when deploying an SSL-enabled overcloud where the public
164 endpoint is a DNS name.
165 files:
166 network/endpoints/endpoint_map.yaml:
167 parameters:
168 - EndpointMap
169 sample_values:
170 # NOTE(bnemec): This is a bit odd, but it's the only way I've found that
171 # works. The |-2 tells YAML to strip two spaces off the indentation of
172 # the value, which because it's indented six spaces gets us to the four
173 # that we actually want. Note that zero is not a valid value here, so
174 # two seemed like the most sane option.
175 EndpointMap: |-2
176
177 AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
178 AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
179 AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
180 BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
181 BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
182 BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
183 CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
184 CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
185 CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
186 CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
187 CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
188 CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
189 CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
190 CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
191 CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
192 CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
193 CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
194 CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
195 ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
196 ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
197 ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
198 ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
199 host: 'IP_ADDRESS'}
200 ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
201 host: 'IP_ADDRESS'}
202 ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
203 host: 'IP_ADDRESS'}
204 ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
205 host: 'IP_ADDRESS'}
206 ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
207 host: 'IP_ADDRESS'}
208 ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
209 host: 'IP_ADDRESS'}
210 ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
211 ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
212 ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
213 ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
214 ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
215 ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
216 ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
217 ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
218 ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
219 ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
220 ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
221 ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
222 ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
223 ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
224 ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
225 ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
226 ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
227 ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
228 Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
229 Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
230 Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
231 GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
232 GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
233 GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
234 GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
235 GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
236 GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
237 HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
238 HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
239 HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
240 HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
241 HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
242 HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
243 HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
244 IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
245 IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
246 IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
247 IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
248 IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
249 IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
250 KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
251 KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
252 KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
253 ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
254 ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
255 ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
256 MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
257 MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
258 MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
259 MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
260 NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
261 NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
262 NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
263 NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
264 NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
265 NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
266 NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
267 NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
268 NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
269 NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
270 NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
271 NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
272 OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
273 OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
274 OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
275 PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
276 PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
277 PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
278 SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
279 SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
280 SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
281 SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
282 SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
283 SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
284 TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
285 TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
286 TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
287 ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
288 ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
289 ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
290 ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
291 ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
292 ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
293 -
294 name: ssl/tls-everywhere-endpoints-dns
295 title: Deploy All SSL Endpoints as DNS Names
296 description: |
297 Use this environment when deploying an overcloud where all the endpoints are
298 DNS names and there's TLS in all endpoint types.
299 files:
300 network/endpoints/endpoint_map.yaml:
301 parameters:
302 - EndpointMap
303 sample_values:
304 # NOTE(bnemec): This is a bit odd, but it's the only way I've found that
305 # works. The |-2 tells YAML to strip two spaces off the indentation of
306 # the value, which because it's indented six spaces gets us to the four
307 # that we actually want. Note that zero is not a valid value here, so
308 # two seemed like the most sane option.
309 EndpointMap: |-2
310
311 AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
312 AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
313 AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
314 BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
315 BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
316 BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
317 CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
318 CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
319 CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
320 CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
321 CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
322 CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
323 CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
324 CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
325 CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
326 CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
327 CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
328 CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
329 ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
330 ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
331 ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
332 ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
333 host: 'IP_ADDRESS'}
334 ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
335 host: 'IP_ADDRESS'}
336 ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
337 host: 'IP_ADDRESS'}
338 ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
339 host: 'IP_ADDRESS'}
340 ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
341 host: 'IP_ADDRESS'}
342 ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
343 host: 'IP_ADDRESS'}
344 ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
345 ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
346 ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
347 ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
348 ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
349 ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
350 ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
351 ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
352 ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
353 ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
354 ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
355 ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
356 ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
357 ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
358 ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
359 ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
360 ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
361 ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
362 Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
363 Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
364 Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
365 GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
366 GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
367 GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
368 GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
369 GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
370 GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
371 HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
372 HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
373 HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
374 HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
375 HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
376 HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
377 HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
378 IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
379 IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
380 IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
381 IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
382 IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
383 IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
384 KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'}
385 KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'}
386 KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
387 ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
388 ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
389 ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
390 MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
391 MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
392 MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
393 MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'}
394 NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
395 NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
396 NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
397 NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
398 NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
399 NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
400 NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
401 NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
402 NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
403 NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
404 NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
405 NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
406 OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
407 OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
408 OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
409 PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
410 PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
411 PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
412 SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
413 SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
414 SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
415 SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
416 SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
417 SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
418 TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
419 TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
420 TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
421 ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
422 ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
423 ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
424 ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
425 ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
426 ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py
index 0fd4bcc..ff215fb 100755
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@@ -20,8 +20,15 @@ import yaml
20required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords', 20required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords',
21 'RoleName', 'RoleParameters'] 21 'RoleName', 'RoleParameters']
22 22
23# NOTE(bnemec): The duplication in this list is intentional. For the
24# transition to generated environments we have two copies of these files,
25# so they need to be listed twice. Once the deprecated version can be removed
26# the duplicate entries can be as well.
23envs_containing_endpoint_map = ['tls-endpoints-public-dns.yaml', 27envs_containing_endpoint_map = ['tls-endpoints-public-dns.yaml',
24 'tls-endpoints-public-ip.yaml', 28 'tls-endpoints-public-ip.yaml',
29 'tls-everywhere-endpoints-dns.yaml',
30 'tls-endpoints-public-dns.yaml',
31 'tls-endpoints-public-ip.yaml',
25 'tls-everywhere-endpoints-dns.yaml'] 32 'tls-everywhere-endpoints-dns.yaml']
26ENDPOINT_MAP_FILE = 'endpoint_map.yaml' 33ENDPOINT_MAP_FILE = 'endpoint_map.yaml'
27REQUIRED_DOCKER_SECTIONS = ['service_name', 'docker_config', 'puppet_config', 34REQUIRED_DOCKER_SECTIONS = ['service_name', 'docker_config', 'puppet_config',
@@ -292,9 +299,9 @@ if base_endpoint_map and \
292 else: 299 else:
293 print("%s matches base endpoint map" % env_endpoint_map['file']) 300 print("%s matches base endpoint map" % env_endpoint_map['file'])
294else: 301else:
295 print("ERROR: Can't validate endpoint maps since a file is missing. " 302 print("ERROR: Did not find expected number of environments containing the "
296 "If you meant to delete one of these files you should update this " 303 "EndpointMap parameter. If you meant to add or remove one of these "
297 "tool as well.") 304 "environments then you also need to update this tool.")
298 if not base_endpoint_map: 305 if not base_endpoint_map:
299 failed_files.append(ENDPOINT_MAP_FILE) 306 failed_files.append(ENDPOINT_MAP_FILE)
300 if len(env_endpoint_maps) != len(envs_containing_endpoint_map): 307 if len(env_endpoint_maps) != len(envs_containing_endpoint_map):
diff --git a/tox.ini b/tox.ini
index 74f1b5f..c87bf7b 100644
--- a/tox.ini
+++ b/tox.ini
@@ -31,4 +31,4 @@ commands = python setup.py test --coverage --coverage-package-name=tripleo_heat_
31[testenv:genconfig] 31[testenv:genconfig]
32commands = 32commands =
33 python ./tools/process-templates.py 33 python ./tools/process-templates.py
34 python ./tripleo_heat_templates/environment_generator.py sample-env-generator/sample-environments.yaml 34 python ./tripleo_heat_templates/environment_generator.py sample-env-generator/
diff --git a/tripleo_heat_templates/environment_generator.py b/tripleo_heat_templates/environment_generator.py
index e2f4872..659a7d5 100755
--- a/tripleo_heat_templates/environment_generator.py
+++ b/tripleo_heat_templates/environment_generator.py
@@ -165,24 +165,32 @@ def _generate_environment(input_env, parent_env=None):
165 _generate_environment(e, env) 165 _generate_environment(e, env)
166 166
167 167
168def generate_environments(config_file): 168def generate_environments(config_path):
169 with open(config_file) as f: 169 if os.path.isdir(config_path):
170 config = yaml.safe_load(f) 170 config_files = os.listdir(config_path)
171 for env in config['environments']: 171 config_files = [os.path.join(config_path, i) for i in config_files
172 _generate_environment(env) 172 if os.path.splitext(i)[1] == '.yaml']
173 else:
174 config_files = [config_path]
175 for config_file in config_files:
176 print('Reading environment definitions from %s' % config_file)
177 with open(config_file) as f:
178 config = yaml.safe_load(f)
179 for env in config['environments']:
180 _generate_environment(env)
173 181
174 182
175def usage(exit_code=1): 183def usage(exit_code=1):
176 print('Usage: %s <filename.yaml>' % sys.argv[0]) 184 print('Usage: %s [<filename.yaml> | <directory>]' % sys.argv[0])
177 sys.exit(exit_code) 185 sys.exit(exit_code)
178 186
179 187
180def main(): 188def main():
181 try: 189 try:
182 config_file = sys.argv[1] 190 config_path = sys.argv[1]
183 except IndexError: 191 except IndexError:
184 usage() 192 usage()
185 generate_environments(config_file) 193 generate_environments(config_path)
186 194
187 195
188if __name__ == '__main__': 196if __name__ == '__main__':