Code Review / apex-tripleo-heat-templates.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 0eb7001) | patch
Decouple EndpointMap from SSL certificate params
authorBen Nemec <bnemec@redhat.com>
Wed, 27 Jul 2016 20:44:58 +0000 (15:44 -0500)
committerBen Nemec <bnemec@redhat.com>
Fri, 12 Aug 2016 15:26:16 +0000 (10:26 -0500)
commit8cd7861a26bcf82dfb8d3c744d03007c0b66644f
treecb186c6c306dfade1a23792cc818bc623e28f866tree | snapshot
parent0eb70014a339eddc6be9257a70d6ad0547e31c9acommit | diff
Decouple EndpointMap from SSL certificate params

Having the endpoint map in the same environment as the SSL
certificate parameters means that every time a service is added to
the overcloud, the user must remember to update their copy of
enable-tls.yaml to reflect the new service.

To avoid this, let's separate the SSL EndpointMap from the SSL
certificates so users can simply pass the shipped list of SSL
endpoints and only have to customize the certificate env file. As
and added bonus, this means they won't have to put the certificates
in enable-tls.yaml specifically.  The parameters can be set
anywhere, and will be used as long as one of the tls-endpoints
envs is also specified.

inject-trust-anchor.yaml is not changed, but it could already be
used in the same fashion.  The root certificate param could be set
in any env passed after inject-trust-anchor.yaml, and then
inject-trust-anchor.yaml would only be responsible for setting the
appropriate resource_registry entry.  This way there is no need to
customize the in-tree inject-trust-anchor.yaml either.

Change-Id: I38eabb903b8382e6577ccc97e21fbb9d09c382b3
environments/enable-tls.yaml diff | blob | history
environments/tls-endpoints-public-dns.yaml [new file with mode: 0644] blob
environments/tls-endpoints-public-ip.yaml [new file with mode: 0644] blob