| Vasyl Saienko | 3c6caf7 | 2018-03-06 01:51:48 +0200 | [diff] [blame] | 1 | classes: |
| 2 | - system.apache.server.site.cinder |
| 3 | # Enable proxy for services that are not under apache and |
| 4 | # do not use apache wsgi template |
| 5 | - system.apache.server.proxy.openstack.designate |
| 6 | - system.apache.server.proxy.openstack.glance |
| 7 | - system.apache.server.proxy.openstack.heat |
| 8 | - system.apache.server.proxy.openstack.neutron |
| 9 | - system.apache.server.proxy.openstack.nova |
| 10 | - system.apache.server.proxy.openstack.placement |
| 11 | - cluster.virtual-mcp11-aio.openstack |
| 12 | parameters: |
| 13 | _param: |
| 14 | cluster_public_protocol: https |
| 15 | cluster_internal_protocol: https |
| 16 | keystone_service_protocol: ${_param:cluster_internal_protocol} |
| 17 | glance_service_protocol: ${_param:cluster_internal_protocol} |
| 18 | nova_service_protocol: ${_param:cluster_internal_protocol} |
| 19 | neutron_service_protocol: ${_param:cluster_internal_protocol} |
| 20 | heat_service_protocol: ${_param:cluster_internal_protocol} |
| 21 | cinder_service_protocol: ${_param:cluster_internal_protocol} |
| Vasyl Saienko | 3c6caf7 | 2018-03-06 01:51:48 +0200 | [diff] [blame] | 22 | designate_service_protocol: ${_param:cluster_internal_protocol} |
| Mykyta Karpin | b7d4ee0 | 2018-08-20 12:32:26 +0300 | [diff] [blame] | 23 | apache_ssl: |
| Vasyl Saienko | 3c6caf7 | 2018-03-06 01:51:48 +0200 | [diff] [blame] | 24 | enabled: true |
| 25 | engine: salt |
| 26 | authority: "${_param:salt_minion_ca_authority}" |
| 27 | key_file: "/etc/ssl/private/internal_proxy.key" |
| 28 | cert_file: "/etc/ssl/certs/internal_proxy.crt" |
| 29 | chain_file: "/etc/ssl/certs/internal_proxy-with-chain.crt" |
| Vasyl Saienko | 3c6caf7 | 2018-03-06 01:51:48 +0200 | [diff] [blame] | 30 | apache_proxy_openstack_api_address: ${_param:cluster_public_host} |
| 31 | apache_proxy_openstack_keystone_host: 127.0.0.1 |
| 32 | apache_proxy_openstack_nova_host: 127.0.0.1 |
| 33 | apache_proxy_openstack_glance_host: 127.0.0.1 |
| 34 | apache_proxy_openstack_neutron_host: 127.0.0.1 |
| 35 | apache_proxy_openstack_heat_host: 127.0.0.1 |
| 36 | apache_proxy_openstack_designate_host: 127.0.0.1 |
| 37 | apache_proxy_openstack_placement_host: 127.0.0.1 |
| 38 | apache_keystone_api_host: ${_param:single_address} |
| Vasyl Saienko | 3c6caf7 | 2018-03-06 01:51:48 +0200 | [diff] [blame] | 39 | neutron: |
| 40 | server: |
| 41 | bind: |
| 42 | address: 127.0.0.1 |
| 43 | identity: |
| 44 | protocol: https |
| 45 | nova: |
| 46 | controller: |
| 47 | bind: |
| 48 | private_address: 127.0.0.1 |
| 49 | identity: |
| 50 | protocol: https |
| 51 | network: |
| 52 | protocol: https |
| 53 | glance: |
| 54 | protocol: https |
| 55 | metadata: |
| 56 | bind: |
| 57 | address: ${_param:nova_service_host} |
| 58 | |
| 59 | cinder: |
| 60 | controller: |
| 61 | identity: |
| 62 | protocol: https |
| 63 | glance: |
| 64 | protocol: https |
| 65 | horizon: |
| 66 | server: |
| 67 | secure: False |
| 68 | identity: |
| 69 | encryption: ssl |
| 70 | designate: |
| 71 | server: |
| 72 | identity: |
| 73 | protocol: https |
| 74 | bind: |
| 75 | api: |
| 76 | address: 127.0.0.1 |
| 77 | glance: |
| 78 | server: |
| 79 | bind: |
| 80 | address: 127.0.0.1 |
| 81 | identity: |
| 82 | protocol: https |
| 83 | registry: |
| 84 | protocol: https |
| 85 | heat: |
| 86 | server: |
| 87 | bind: |
| 88 | api: |
| 89 | address: 127.0.0.1 |
| 90 | api_cfn: |
| 91 | address: 127.0.0.1 |
| 92 | api_cloudwatch: |
| 93 | address: 127.0.0.1 |
| 94 | identity: |
| 95 | protocol: https |
| Vasyl Saienko | 515b05f | 2018-07-11 10:04:34 +0300 | [diff] [blame] | 96 | # Since we using self signed cert not present in images, we have to |
| 97 | # use insecure option when sending signal to wait condition from instance. |
| 98 | clients: |
| 99 | heat: |
| 100 | insecure: true |