Code Review / apex-tripleo-heat-templates.git / blob
? search:


d104853fcc1bf77957846d9c4ff2a11d12b3a672
[apex-tripleo-heat-templates.git] / docker / services / containers-common.yaml
1 heat_template_version: pike
2
3 description: >
4   Contains a static list of common things necessary for containers
5
6 parameters:
7
8   # Required parameters
9   EndpointMap:
10     default: {}
11     description: Mapping of service endpoint -> protocol. Typically set
12                  via parameter_defaults in the resource registry.
13     type: json
14   ServiceNetMap:
15     default: {}
16     description: Mapping of service_name -> network name. Typically set
17                  via parameter_defaults in the resource registry.  This
18                  mapping overrides those in ServiceNetMapDefaults.
19     type: json
20   DefaultPasswords:
21     default: {}
22     type: json
23   RoleName:
24     default: ''
25     description: Role name on which the service is applied
26     type: string
27   RoleParameters:
28     default: {}
29     description: Parameters specific to the role
30     type: json
31
32
33   EnableInternalTLS:
34     type: boolean
35     default: false
36   InternalTLSCAFile:
37     default: '/etc/ipa/ca.crt'
38     type: string
39     description: Specifies the default CA cert to use if TLS is used for
40                  services in the internal network.
41
42 conditions:
43
44   internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
45
46 outputs:
47   volumes:
48     description: Common volumes for the containers.
49     value:
50       list_concat:
51         - - /etc/hosts:/etc/hosts:ro
52           - /etc/localtime:/etc/localtime:ro
53           # required for bootstrap_host_exec
54           - /etc/puppet:/etc/puppet:ro
55           # OpenSSL trusted CAs
56           - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro
57           - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro
58           - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro
59           - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro
60           # Syslog socket
61           - /dev/log:/dev/log
62           - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
63         - if:
64           - internal_tls_enabled
65           - - {get_param: InternalTLSCAFile}
66           - null