1 heat_template_version: pike
4 Contains a static list of common things necessary for containers
11 description: Mapping of service endpoint -> protocol. Typically set
12 via parameter_defaults in the resource registry.
16 description: Dictionary packing service data
20 description: Mapping of service_name -> network name. Typically set
21 via parameter_defaults in the resource registry. This
22 mapping overrides those in ServiceNetMapDefaults.
29 description: Role name on which the service is applied
33 description: Parameters specific to the role
41 default: '/etc/ipa/ca.crt'
43 description: Specifies the default CA cert to use if TLS is used for
44 services in the internal network.
48 internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
52 description: Common volumes for the containers.
55 - - /etc/hosts:/etc/hosts:ro
56 - /etc/localtime:/etc/localtime:ro
57 # required for bootstrap_host_exec
58 - /etc/puppet:/etc/puppet:ro
60 - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro
61 - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro
62 - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro
63 - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro
66 - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
68 - internal_tls_enabled
71 - - {get_param: InternalTLSCAFile}
72 - {get_param: InternalTLSCAFile}