From: Juan Antonio Osorio Robles Date: Tue, 17 Jan 2017 23:02:35 +0000 (+0200) Subject: Add novajoin entries to the TLS-everywhere environment file X-Git-Tag: opnfv-6.0.0~1158^2 X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=c6b6466f079097271072c35720462eb6a7414de7;p=apex-tripleo-heat-templates.git Add novajoin entries to the TLS-everywhere environment file These metadata settings (the hardcoded metadata and the hook override) are used by the novajoin service when it's deployed in the undercloud, and will tell it to enroll the overcloud nodes and the services that are specified by the metadata hook. bp novajoin bp tls-via-certmonger Change-Id: Ia4645cc356688b7bcf82ed7765c0b74d53d64ed1 --- diff --git a/environments/enable-internal-tls.yaml b/environments/enable-internal-tls.yaml index d2fc59c6..ff4ecfbe 100644 --- a/environments/enable-internal-tls.yaml +++ b/environments/enable-internal-tls.yaml @@ -2,9 +2,18 @@ # a TLS for in the internal network via certmonger parameter_defaults: EnableInternalTLS: true + + # Required for novajoin to enroll the overcloud nodes + ServerMetadata: + ipa_enroll: True + resource_registry: OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml OS::TripleO::Services::ApacheTLS: ../puppet/services/apache-internal-tls-certmonger.yaml OS::TripleO::Services::MySQLTLS: ../puppet/services/database/mysql-internal-tls-certmonger.yaml # We use apache as a TLS proxy OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml + + # Creates nova metadata that will create the extra service principals per + # node. + OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml