Code Review / apex-tripleo-heat-templates.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Adds network/cidr mapping into a new service property
[apex-tripleo-heat-templates.git] / docker / services / containers-common.yaml
1 heat_template_version: pike
2
3 description: >
4   Contains a static list of common things necessary for containers
5
6 parameters:
7
8   # Required parameters
9   EndpointMap:
10     default: {}
11     description: Mapping of service endpoint -> protocol. Typically set
12                  via parameter_defaults in the resource registry.
13     type: json
14   ServiceData:
15     default: {}
16     description: Dictionary packing service data
17     type: json
18   ServiceNetMap:
19     default: {}
20     description: Mapping of service_name -> network name. Typically set
21                  via parameter_defaults in the resource registry.  This
22                  mapping overrides those in ServiceNetMapDefaults.
23     type: json
24   DefaultPasswords:
25     default: {}
26     type: json
27   RoleName:
28     default: ''
29     description: Role name on which the service is applied
30     type: string
31   RoleParameters:
32     default: {}
33     description: Parameters specific to the role
34     type: json
35
36
37   EnableInternalTLS:
38     type: boolean
39     default: false
40   InternalTLSCAFile:
41     default: '/etc/ipa/ca.crt'
42     type: string
43     description: Specifies the default CA cert to use if TLS is used for
44                  services in the internal network.
45
46 conditions:
47
48   internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
49
50 outputs:
51   volumes:
52     description: Common volumes for the containers.
53     value:
54       list_concat:
55         - - /etc/hosts:/etc/hosts:ro
56           - /etc/localtime:/etc/localtime:ro
57           # required for bootstrap_host_exec
58           - /etc/puppet:/etc/puppet:ro
59           # OpenSSL trusted CAs
60           - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro
61           - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro
62           - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro
63           - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro
64           # Syslog socket
65           - /dev/log:/dev/log
66           - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
67         - if:
68           - internal_tls_enabled
69           - - {get_param: InternalTLSCAFile}
70           - null