X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=overcloud-source.yaml;h=742429f1e88bf7cc22394f7f2e86f45d653d2fec;hb=a9d03c8ba7f6b423f1280da604e00d2e96236c67;hp=a1e71f00a6ecf0a2862b1e393cdf8eb1b62be737;hpb=44a1924bc080678cde9bab6b0ab6e20b3ee4aa96;p=apex-tripleo-heat-templates.git

diff --git a/overcloud-source.yaml b/overcloud-source.yaml
index a1e71f00..742429f1 100644
--- a/overcloud-source.yaml
+++ b/overcloud-source.yaml
@@ -173,6 +173,15 @@ parameters:
     description: Keystone key for signing tokens.
     type: string
     hidden: true
+  KeystoneSSLCertificate:
+    default: ''
+    description: Keystone certificate for verifying token validity.
+    type: string
+  KeystoneSSLCertificateKey:
+    default: ''
+    description: Keystone key for signing tokens.
+    type: string
+    hidden: true
   LiveUpdateComputeImage:
     type: string
     description: The image ID for live-updates to the overcloud compute nodes.
@@ -334,6 +343,16 @@ parameters:
     default: guest
     description: The username for RabbitMQ
     type: string
+  RabbitClientUseSSL:
+    default: false
+    description: >
+        Rabbit client subscriber parameter to specify
+        an SSL connection to the RabbitMQ host.
+    type: string
+  RabbitClientPort:
+    default: 5672
+    description: Set rabbit subscriber port, change this if using SSL
+    type: number
   SnmpdReadonlyUserName:
     default: ro_snmp_user
     description: The user name for SNMPd with readonly rights running on all Overcloud nodes
@@ -351,6 +370,7 @@ resources:
       network_id: {get_param: NeutronControlPlaneID}
       fixed_ips:
         get_param: ControlFixedIPs
+      replacement_policy: AUTO
   MysqlClusterUniquePart:
     type: OS::Heat::RandomString
     properties:
@@ -366,6 +386,7 @@ resources:
       network: {get_param: PublicVirtualNetwork}
       fixed_ips:
         get_param: PublicVirtualFixedIPs
+      replacement_policy: AUTO
   RabbitCookie:
     type: OS::Heat::RandomString
     properties:
@@ -558,6 +579,9 @@ resources:
           ca_certificate: {get_param: KeystoneCACertificate}
           signing_key: {get_param: KeystoneSigningKey}
           signing_certificate: {get_param: KeystoneSigningCertificate}
+          ssl:
+              certificate: {get_param: KeystoneSSLCertificate}
+              certificate_key: {get_param: KeystoneSSLCertificateKey}
         mysql:
           innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
           local_bind: true
@@ -646,6 +670,8 @@ resources:
             get_attr:
             - RabbitCookie
             - value
+          rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
+          rabbit_port: {get_param: RabbitClientPort}
         ntp:
           servers:
               - {server: {get_param: NtpServer}, fudge: "stratum 0"}