openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Add novajoin entries to the TLS-everywhere environment file 

These metadata settings (the hardcoded metadata and the hook override)
are used by the novajoin service when it's deployed in the undercloud,
and will tell it to enroll the overcloud nodes and the services that are
specified by the metadata hook.

bp novajoin
bp tls-via-certmonger

Change-Id: Ia4645cc356688b7bcf82ed7765c0b74d53d64ed1
This commit is contained in:
Juan Antonio Osorio Robles 2017-01-18 01:02:35 +02:00
parent 7dbd771a35
commit c6b6466f07
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
environments/enable-internal-tls.yaml
View File

@ -2,9 +2,18 @@
# a TLS for in the internal network via certmonger
parameter_defaults:
EnableInternalTLS: true
# Required for novajoin to enroll the overcloud nodes
ServerMetadata:
ipa_enroll: True
resource_registry:
OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml
OS::TripleO::Services::ApacheTLS: ../puppet/services/apache-internal-tls-certmonger.yaml
OS::TripleO::Services::MySQLTLS: ../puppet/services/database/mysql-internal-tls-certmonger.yaml
# We use apache as a TLS proxy
OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml
# Creates nova metadata that will create the extra service principals per
# node.
OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml