This passes SSL keys in via Heat which places a high cost on heat
compromises or the use of a non-SSL heat to do deploys. We'll want
to ensure that that is documented clearly.
Change-Id: I14d441460116fda91fbd1d2097c5598b57155a6d
all: $(generated_templates)
-overcloud.yaml: overcloud-source.yaml swift-source.yaml $(overcloud_source_deps)
- python ./tripleo_heat_merge/merge.py overcloud-source.yaml swift-source.yaml > $@.tmp
+overcloud.yaml: overcloud-source.yaml swift-source.yaml ssl-source.yaml $(overcloud_source_deps)
+ python ./tripleo_heat_merge/merge.py overcloud-source.yaml swift-source.yaml ssl-source.yaml > $@.tmp
mv $@.tmp $@
undercloud-vm.yaml: undercloud-source.yaml undercloud-vm-source.yaml
--- /dev/null
+Description: 'ssl-source: SSL endpoint metadata for openstack'
+Parameters:
+ SSLCertificate:
+ Default: ''
+ Description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
+ Type: String
+ NoEcho: true
+ SSLKey:
+ Default: ''
+ Description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
+ Type: String
+ NoEcho: true
+Resources:
+ notcomputeConfig:
+ Type: AWS::AutoScaling::LaunchConfiguration
+ Metadata:
+ stunnel:
+ cert:
+ Ref: SSLCertificate
+ key:
+ Ref: SSLKey
+ ports:
+ - name: 'ec2'
+ accept: 13773
+ connect: 8773
+ - name: 'image'
+ accept: 13292
+ connect: 9292
+ - name: 'identity'
+ accept: 13000
+ connect: 5000
+ - name: 'network'
+ accept: 13696
+ connect: 9696
+ - name: 'compute'
+ accept: 13774
+ connect: 8774
+ - name: 'swift-proxy'
+ accept: 13080
+ connect: 8080
+ - name: 'cinder'
+ accept: 13776
+ connect: 8776
Code Review / apex-tripleo-heat-templates.git / commitdiff