Containers: Bind mount directories with the key/certs for heat

author Juan Antonio Osorio Robles <jaosorior@redhat.com>

Mon, 8 May 2017 09:38:16 +0000 (09:38 +0000)

committer Juan Antonio Osorio Robles <jaosorior@redhat.com>

Mon, 8 May 2017 10:41:20 +0000 (10:41 +0000)
author Juan Antonio Osorio Robles <jaosorior@redhat.com>
Mon, 8 May 2017 09:38:16 +0000 (09:38 +0000)
committer Juan Antonio Osorio Robles <jaosorior@redhat.com>
Mon, 8 May 2017 10:41:20 +0000 (10:41 +0000)
diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml

index fc22815..ff18f17 100644 (file)
--- a/docker/services/heat-api-cfn.yaml
+++ b/docker/services/heat-api-cfn.yaml
@@ -31,7 +31,13 @@ parameters:
    DefaultPasswords:
      default: {}
      type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
  
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
  
  resources:
  
@@ -95,6 +101,16 @@ outputs:
                    - /var/lib/config-data/heat_api_cfn/etc/httpd/:/etc/httpd/:ro
                    - /var/lib/config-data/heat_api_cfn/var/www/:/var/www/:ro
                    - /var/log/containers/heat:/var/log/heat
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                      - ''
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                      - ''
              environment:
                - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
        host_prep_tasks:
diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml

index fe56541..886a0d8 100644 (file)
--- a/docker/services/heat-api.yaml
+++ b/docker/services/heat-api.yaml
@@ -31,7 +31,13 @@ parameters:
    DefaultPasswords:
      default: {}
      type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
  
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
  
  resources:
  
@@ -95,6 +101,16 @@ outputs:
                    - /var/lib/config-data/heat_api/etc/httpd/:/etc/httpd/:ro
                    - /var/lib/config-data/heat_api/var/www/:/var/www/:ro
                    - /var/log/containers/heat:/var/log/heat
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                      - ''
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                      - ''
              environment:
                - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
        host_prep_tasks:
diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml

index 73b9172..7b27663 100644 (file)
--- a/environments/docker-services-tls-everywhere.yaml
+++ b/environments/docker-services-tls-everywhere.yaml
@@ -8,14 +8,17 @@ resource_registry:
    OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
  
    # NOTE: add roles to be docker enabled as we support them.
-  OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
-  OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml
-  OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml
-  OS::TripleO::Services::GnocchiStatsd: ../docker/services/gnocchi-statsd.yaml
    OS::TripleO::Services::AodhApi: ../docker/services/aodh-api.yaml
    OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml
-  OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml
    OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml
+  OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml
+  OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml
+  OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml
+  OS::TripleO::Services::GnocchiStatsd: ../docker/services/gnocchi-statsd.yaml
+  OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml
+  OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml
+  OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml
+  OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
    OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml
  
    OS::TripleO::PostDeploySteps: ../docker/post.yaml
author	Juan Antonio Osorio Robles <jaosorior@redhat.com>
	Mon, 8 May 2017 09:38:16 +0000 (09:38 +0000)
committer	Juan Antonio Osorio Robles <jaosorior@redhat.com>
	Mon, 8 May 2017 10:41:20 +0000 (10:41 +0000)
docker/services/heat-api-cfn.yaml		patch \| blob \| history
docker/services/heat-api.yaml		patch \| blob \| history
environments/docker-services-tls-everywhere.yaml		patch \| blob \| history