4 title: Enable SSL on OpenStack Public Endpoints
6 Use this environment to pass in certificates for SSL deployments.
7 For these values to take effect, one of the tls-endpoints-*.yaml environments
10 puppet/extraconfig/tls/tls-cert-inject.yaml:
13 # This should probably be private, but for testing static params I'm
14 # setting it as such for now.
15 - DeployedSSLCertificatePath
19 The contents of your certificate go here
22 The contents of the private key go here
24 OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
25 - name: ssl/inject-trust-anchor
26 title: Inject SSL Trust Anchor on Overcloud Nodes
28 When using an SSL certificate signed by a CA that is not in the default
29 list of CAs, this environment allows adding a custom CA certificate to
32 puppet/extraconfig/tls/ca-inject.yaml:
36 SSLRootCertificate: |-
38 The contents of your certificate go here
40 OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml
42 - name: ssl/inject-trust-anchor-hiera
44 puppet/services/ca-certs.yaml:
47 # Need to clear this so we don't inherit the parent registry
54 The content of the CA cert goes here
57 The content of the CA cert goes here
59 name: ssl/tls-endpoints-public-ip
60 title: Deploy Public SSL Endpoints as IP Addresses
62 Use this environment when deploying an SSL-enabled overcloud where the public
63 endpoint is an IP address.
65 network/endpoints/endpoint_map.yaml:
69 # NOTE(bnemec): This is a bit odd, but it's the only way I've found that
70 # works. The |-2 tells YAML to strip two spaces off the indentation of
71 # the value, which because it's indented six spaces gets us to the four
72 # that we actually want. Note that zero is not a valid value here, so
73 # two seemed like the most sane option.
76 AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
77 AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
78 AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
79 BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
80 BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
81 BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'}
82 CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
83 CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
84 CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'}
85 CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
86 CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
87 CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
88 CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
89 CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
90 CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
91 CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
92 CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
93 CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'}
94 ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
95 ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
96 ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
97 ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
99 ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
101 ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
103 ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
105 ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
107 ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
109 ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
110 ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
111 ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
112 ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
113 ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
114 ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
115 ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
116 ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
117 ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
118 ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
119 ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
120 ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
121 ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
122 ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
123 ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
124 ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
125 ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
126 ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
127 Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
128 Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
129 Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'}
130 GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
131 GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
132 GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
133 GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
134 GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
135 GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'}
136 HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
137 HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
138 HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'}
139 HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
140 HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
141 HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'}
142 HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
143 IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
144 IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
145 IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
146 IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
147 IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
148 IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'}
149 KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
150 KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
151 KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
152 ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
153 ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
154 ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'}
155 MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
156 MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
157 MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
158 MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
159 NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
160 NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
161 NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'}
162 NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
163 NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
164 NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
165 NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
166 NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
167 NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'}
168 NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
169 NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
170 NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
171 OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
172 OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
173 OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'}
174 PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
175 PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
176 PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'}
177 SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
178 SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
179 SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'}
180 SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
181 SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
182 SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
183 TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
184 TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
185 TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
186 ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
187 ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
188 ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'}
189 ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
190 ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
191 ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'}
193 name: ssl/tls-endpoints-public-dns
194 title: Deploy Public SSL Endpoints as DNS Names
196 Use this environment when deploying an SSL-enabled overcloud where the public
197 endpoint is a DNS name.
199 network/endpoints/endpoint_map.yaml:
203 # NOTE(bnemec): This is a bit odd, but it's the only way I've found that
204 # works. The |-2 tells YAML to strip two spaces off the indentation of
205 # the value, which because it's indented six spaces gets us to the four
206 # that we actually want. Note that zero is not a valid value here, so
207 # two seemed like the most sane option.
210 AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
211 AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
212 AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
213 BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
214 BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
215 BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
216 CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
217 CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
218 CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
219 CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
220 CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
221 CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
222 CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
223 CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
224 CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
225 CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
226 CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
227 CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
228 ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
229 ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
230 ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
231 ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
233 ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
235 ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
237 ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
239 ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
241 ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
243 ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
244 ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
245 ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
246 ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
247 ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
248 ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
249 ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
250 ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
251 ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
252 ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
253 ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
254 ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
255 ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
256 ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
257 ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
258 ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
259 ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
260 ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
261 Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
262 Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
263 Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
264 GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
265 GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
266 GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
267 GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
268 GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
269 GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
270 HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
271 HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
272 HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
273 HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
274 HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
275 HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
276 HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
277 IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
278 IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
279 IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
280 IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
281 IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
282 IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
283 KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
284 KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
285 KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
286 ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
287 ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
288 ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
289 MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
290 MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
291 MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
292 MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
293 NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
294 NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
295 NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
296 NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
297 NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
298 NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
299 NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
300 NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
301 NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
302 NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
303 NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
304 NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
305 OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
306 OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
307 OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
308 PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
309 PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
310 PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
311 SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
312 SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
313 SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
314 SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
315 SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
316 SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
317 TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
318 TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
319 TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
320 ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
321 ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
322 ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
323 ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
324 ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
325 ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
327 name: ssl/tls-everywhere-endpoints-dns
328 title: Deploy All SSL Endpoints as DNS Names
330 Use this environment when deploying an overcloud where all the endpoints are
331 DNS names and there's TLS in all endpoint types.
333 network/endpoints/endpoint_map.yaml:
337 # NOTE(bnemec): This is a bit odd, but it's the only way I've found that
338 # works. The |-2 tells YAML to strip two spaces off the indentation of
339 # the value, which because it's indented six spaces gets us to the four
340 # that we actually want. Note that zero is not a valid value here, so
341 # two seemed like the most sane option.
344 AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
345 AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
346 AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
347 BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
348 BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
349 BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
350 CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
351 CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
352 CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
353 CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
354 CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
355 CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
356 CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
357 CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
358 CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
359 CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
360 CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
361 CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
362 ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
363 ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
364 ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
365 ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
367 ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
369 ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
371 ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
373 ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
375 ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
377 ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
378 ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
379 ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
380 ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
381 ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
382 ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
383 ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
384 ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
385 ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
386 ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
387 ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
388 ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
389 ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
390 ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
391 ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
392 ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
393 ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
394 ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
395 Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
396 Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
397 Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
398 GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
399 GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
400 GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
401 GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
402 GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
403 GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
404 HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
405 HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
406 HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
407 HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
408 HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
409 HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
410 HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
411 IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
412 IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
413 IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
414 IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
415 IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
416 IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
417 KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'}
418 KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'}
419 KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
420 ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
421 ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
422 ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
423 MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
424 MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
425 MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
426 MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'}
427 NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
428 NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
429 NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
430 NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
431 NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
432 NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
433 NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
434 NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
435 NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
436 NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
437 NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
438 NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
439 OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
440 OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
441 OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
442 PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
443 PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
444 PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
445 SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
446 SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
447 SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
448 SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
449 SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
450 SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
451 TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
452 TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
453 TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
454 ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
455 ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
456 ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
457 ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
458 ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
459 ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}