environments/enable-internal-tls.yaml

   1 # ********************************************************************************
   2 # DEPRECATED: Use tripleo-heat-templates/environments/ssl/enable-internal-tls.yaml
   3 # instead.
   4 # ********************************************************************************
   5 # A Heat environment file which can be used to enable a
   6 # a TLS for in the internal network via certmonger
   7 parameter_defaults:
   8   EnableInternalTLS: true
   9   RabbitClientUseSSL: true
  10
  11   # Required for novajoin to enroll the overcloud nodes
  12   ServerMetadata:
  13     ipa_enroll: True
  14
  15 resource_registry:
  16   OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml
  17
  18   OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml
  19
  20   # We use apache as a TLS proxy
  21   OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml
  22
  23   # Creates nova metadata that will create the extra service principals per
  24   # node.
  25   OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml