4 title: Enable SSL on OpenStack Public Endpoints
6 Use this environment to pass in certificates for SSL deployments.
7 For these values to take effect, one of the tls-endpoints-*.yaml environments
10 puppet/extraconfig/tls/tls-cert-inject.yaml:
13 # This should probably be private, but for testing static params I'm
14 # setting it as such for now.
15 - DeployedSSLCertificatePath
19 The contents of your certificate go here
22 The contents of the private key go here
24 OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
26 name: ssl/enable-internal-tls
27 title: Enable SSL on OpenStack Internal Endpoints
29 A Heat environment file which can be used to enable TLS for the internal
30 network via certmonger
32 puppet/all-nodes-config.yaml:
35 puppet/services/nova-base.yaml:
46 EnableInternalTLS: True
47 RabbitClientUseSSL: True
52 OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml
53 OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml
54 # We use apache as a TLS proxy
55 OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml
56 # Creates nova metadata that will create the extra service principals per
58 OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml
59 - name: ssl/inject-trust-anchor
60 title: Inject SSL Trust Anchor on Overcloud Nodes
62 When using an SSL certificate signed by a CA that is not in the default
63 list of CAs, this environment allows adding a custom CA certificate to
66 puppet/extraconfig/tls/ca-inject.yaml:
70 SSLRootCertificate: |-
72 The contents of your certificate go here
74 OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml
76 - name: ssl/inject-trust-anchor-hiera
78 puppet/services/ca-certs.yaml:
81 # Need to clear this so we don't inherit the parent registry
88 The content of the CA cert goes here
91 The content of the CA cert goes here
93 name: ssl/tls-endpoints-public-ip
94 title: Deploy Public SSL Endpoints as IP Addresses
96 Use this environment when deploying an SSL-enabled overcloud where the public
97 endpoint is an IP address.
99 network/endpoints/endpoint_map.yaml:
103 # NOTE(bnemec): This is a bit odd, but it's the only way I've found that
104 # works. The |-2 tells YAML to strip two spaces off the indentation of
105 # the value, which because it's indented six spaces gets us to the four
106 # that we actually want. Note that zero is not a valid value here, so
107 # two seemed like the most sane option.
110 AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
111 AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
112 AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
113 BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
114 BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
115 BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'}
116 CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
117 CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
118 CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'}
119 CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
120 CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
121 CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
122 CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
123 CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
124 CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
125 CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
126 CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
127 CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'}
128 Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
129 Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
130 Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'}
131 GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
132 GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
133 GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
134 GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
135 GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
136 GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'}
137 HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
138 HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
139 HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'}
140 HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
141 HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
142 HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'}
143 HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
144 IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
145 IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
146 IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
147 IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
148 IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
149 IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'}
150 KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
151 KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
152 KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
153 ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
154 ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
155 ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'}
156 MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
157 MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
158 MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
159 MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
160 NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
161 NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
162 NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'}
163 NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
164 NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
165 NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
166 NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
167 NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
168 NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'}
169 NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
170 NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
171 NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
172 OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
173 OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
174 OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'}
175 PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
176 PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
177 PankoPublic: {protocol: 'https', port: '13977', host: 'IP_ADDRESS'}
178 SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
179 SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
180 SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'}
181 SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
182 SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
183 SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
184 TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
185 TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
186 TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
187 ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
188 ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
189 ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'}
190 ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
191 ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
192 ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'}
194 name: ssl/tls-endpoints-public-dns
195 title: Deploy Public SSL Endpoints as DNS Names
197 Use this environment when deploying an SSL-enabled overcloud where the public
198 endpoint is a DNS name.
200 network/endpoints/endpoint_map.yaml:
204 # NOTE(bnemec): This is a bit odd, but it's the only way I've found that
205 # works. The |-2 tells YAML to strip two spaces off the indentation of
206 # the value, which because it's indented six spaces gets us to the four
207 # that we actually want. Note that zero is not a valid value here, so
208 # two seemed like the most sane option.
211 AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
212 AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
213 AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
214 BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
215 BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
216 BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
217 CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
218 CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
219 CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
220 CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
221 CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
222 CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
223 CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
224 CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
225 CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
226 CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
227 CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
228 CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
229 Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
230 Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
231 Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
232 GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
233 GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
234 GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
235 GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
236 GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
237 GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
238 HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
239 HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
240 HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
241 HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
242 HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
243 HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
244 HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
245 IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
246 IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
247 IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
248 IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
249 IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
250 IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
251 KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
252 KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
253 KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
254 ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
255 ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
256 ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
257 MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
258 MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
259 MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
260 MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
261 NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
262 NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
263 NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
264 NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
265 NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
266 NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
267 NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
268 NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
269 NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
270 NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
271 NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
272 NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
273 OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
274 OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
275 OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
276 PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
277 PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
278 PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'}
279 SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
280 SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
281 SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
282 SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
283 SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
284 SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
285 TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
286 TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
287 TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
288 ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
289 ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
290 ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
291 ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
292 ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
293 ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
295 name: ssl/tls-everywhere-endpoints-dns
296 title: Deploy All SSL Endpoints as DNS Names
298 Use this environment when deploying an overcloud where all the endpoints are
299 DNS names and there's TLS in all endpoint types.
301 network/endpoints/endpoint_map.yaml:
305 # NOTE(bnemec): This is a bit odd, but it's the only way I've found that
306 # works. The |-2 tells YAML to strip two spaces off the indentation of
307 # the value, which because it's indented six spaces gets us to the four
308 # that we actually want. Note that zero is not a valid value here, so
309 # two seemed like the most sane option.
312 AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
313 AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
314 AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
315 BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
316 BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
317 BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
318 CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
319 CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
320 CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
321 CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
322 CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
323 CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
324 CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
325 CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
326 CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
327 CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
328 CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
329 CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
330 Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
331 Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
332 Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
333 GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
334 GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
335 GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
336 GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
337 GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
338 GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
339 HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
340 HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
341 HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
342 HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
343 HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
344 HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
345 HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
346 IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
347 IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
348 IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
349 IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
350 IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
351 IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
352 KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'}
353 KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'}
354 KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
355 ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
356 ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
357 ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
358 MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
359 MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
360 MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
361 MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'}
362 NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
363 NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
364 NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
365 NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
366 NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
367 NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
368 NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
369 NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
370 NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
371 NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
372 NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
373 NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
374 OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
375 OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
376 OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
377 PankoAdmin: {protocol: 'https', port: '8977', host: 'CLOUDNAME'}
378 PankoInternal: {protocol: 'https', port: '8977', host: 'CLOUDNAME'}
379 PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'}
380 SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
381 SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
382 SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
383 SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
384 SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
385 SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
386 TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
387 TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
388 TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
389 ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
390 ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
391 ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
392 ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
393 ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
394 ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}