From a72f8d4ae99e17cffe52cb94a90e33e1e4ea16fe Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Wed, 3 Oct 2018 15:53:12 +0300
Subject: [PATCH] Remove deprecated TLS-related environment files
The ones in environments/ssl/ are preferred instead. These have been
available since pike.
Change-Id: I84a7b354ede46d6ec88964e5dcbd5678d89c8c0f
Depends-On: I5a905ec7499a6faa08cbcacfccb19a6e424e4a80
---
environments/enable-internal-tls.yaml | 27 ----
environments/enable-tls.yaml | 19 ---
environments/inject-trust-anchor-hiera.yaml | 12 --
environments/inject-trust-anchor.yaml | 10 --
environments/no-tls-endpoints-public-ip.yaml | 120 ------------------
environments/tls-endpoints-public-dns.yaml | 109 ----------------
environments/tls-endpoints-public-ip.yaml | 109 ----------------
.../tls-everywhere-endpoints-dns.yaml | 105 ---------------
.../remove-old-tls-envs-137cf19b55526a81.yaml | 9 ++
tools/yaml-validate.py | 4 -
10 files changed, 9 insertions(+), 515 deletions(-)
delete mode 100644 environments/enable-internal-tls.yaml
delete mode 100644 environments/enable-tls.yaml
delete mode 100644 environments/inject-trust-anchor-hiera.yaml
delete mode 100644 environments/inject-trust-anchor.yaml
delete mode 100644 environments/no-tls-endpoints-public-ip.yaml
delete mode 100644 environments/tls-endpoints-public-dns.yaml
delete mode 100644 environments/tls-endpoints-public-ip.yaml
delete mode 100644 environments/tls-everywhere-endpoints-dns.yaml
create mode 100644 releasenotes/notes/remove-old-tls-envs-137cf19b55526a81.yaml
diff --git a/environments/enable-internal-tls.yaml b/environments/enable-internal-tls.yaml
deleted file mode 100644
index 9a9e565a9c..0000000000
--- a/environments/enable-internal-tls.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-# ********************************************************************************
-# DEPRECATED: Use tripleo-heat-templates/environments/ssl/enable-internal-tls.yaml
-# instead.
-# ********************************************************************************
-# A Heat environment file which can be used to enable a
-# a TLS for in the internal network via certmonger
-parameter_defaults:
- EnableInternalTLS: true
- RabbitClientUseSSL: true
-
- # Required for novajoin to enroll the overcloud nodes
- ServerMetadata:
- ipa_enroll: True
-
-resource_registry:
- # FIXME(bogdando): switch it, once it is containerized
- OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml
-
- OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml
-
- # We use apache as a TLS proxy
- # FIXME(bogdando): switch it, once it is containerized
- OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml
-
- # Creates nova metadata that will create the extra service principals per
- # node.
- OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml
diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml
deleted file mode 100644
index 968f8980a2..0000000000
--- a/environments/enable-tls.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-# ********************************************************************************
-# DEPRECATED: Use tripleo-heat-templates/environments/ssl/enable-tls.yaml instead.
-# ********************************************************************************
-# Use this environment to pass in certificates for SSL deployments.
-# For these values to take effect, one of the tls-endpoints-*.yaml environments
-# must also be used.
-parameter_defaults:
- HorizonSecureCookies: True
- SSLCertificate: |
- The contents of your certificate go here
- SSLIntermediateCertificate: ''
- SSLKey: |
- The contents of the private key go here
-
- # Disable Gnocchi Incoming redis storage driver when using tls
- GnocchiIncomingStorageDriver: ''
-
-resource_registry:
- OS::TripleO::NodeTLSData: OS::Heat::None
diff --git a/environments/inject-trust-anchor-hiera.yaml b/environments/inject-trust-anchor-hiera.yaml
deleted file mode 100644
index 95d2de953c..0000000000
--- a/environments/inject-trust-anchor-hiera.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-# **************************************************************************************
-# DEPRECATED: Use tripleo-heat-templates/environments/ssl/inject-trust-anchor-hiera.yaml
-# instead.
-# **************************************************************************************
-parameter_defaults:
- CAMap:
- first-ca-name:
- content: |
- The content of the CA cert goes here
- second-ca-name:
- content: |
- The content of the CA cert goes here
diff --git a/environments/inject-trust-anchor.yaml b/environments/inject-trust-anchor.yaml
deleted file mode 100644
index 1b0f7066b6..0000000000
--- a/environments/inject-trust-anchor.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-# ********************************************************************************
-# DEPRECATED: Use tripleo-heat-templates/environments/ssl/inject-trust-anchor.yaml
-# instead.
-# ********************************************************************************
-parameter_defaults:
- SSLRootCertificate: |
- The contents of your root CA certificate go here
-
-resource_registry:
- OS::TripleO::NodeTLSCAData: ../puppet/extraconfig/tls/ca-inject.yaml
diff --git a/environments/no-tls-endpoints-public-ip.yaml b/environments/no-tls-endpoints-public-ip.yaml
deleted file mode 100644
index 1bca0197e2..0000000000
--- a/environments/no-tls-endpoints-public-ip.yaml
+++ /dev/null
@@ -1,120 +0,0 @@
-# *******************************************************************
-# This file was created automatically by the sample environment
-# generator. Developers should use `tox -e genconfig` to update it.
-# Users are recommended to make changes to a copy of the file instead
-# of the original, if any customizations are needed.
-# *******************************************************************
-# title: Deploy All Endpoints without TLS and with IP addresses
-# description: |
-# Use this environment when deploying an overcloud where all the endpoints not
-# using TLS and are using IP addresses.
-parameter_defaults:
- # Whether to enable TLS on the public interface or not.
- # Type: boolean
- EnablePublicTLS: False
-
- # Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.
- # Type: json
- EndpointMap:
- AodhAdmin: {protocol: http, port: '8042', host: IP_ADDRESS}
- AodhInternal: {protocol: http, port: '8042', host: IP_ADDRESS}
- AodhPublic: {protocol: http, port: '8042', host: IP_ADDRESS}
- BarbicanAdmin: {protocol: http, port: '9311', host: IP_ADDRESS}
- BarbicanInternal: {protocol: http, port: '9311', host: IP_ADDRESS}
- BarbicanPublic: {protocol: http, port: '9311', host: IP_ADDRESS}
- CephRgwAdmin: {protocol: http, port: '8080', host: IP_ADDRESS}
- CephRgwInternal: {protocol: http, port: '8080', host: IP_ADDRESS}
- CephRgwPublic: {protocol: http, port: '8080', host: IP_ADDRESS}
- CinderAdmin: {protocol: http, port: '8776', host: IP_ADDRESS}
- CinderInternal: {protocol: http, port: '8776', host: IP_ADDRESS}
- CinderPublic: {protocol: http, port: '8776', host: IP_ADDRESS}
- CongressAdmin: {protocol: http, port: '1789', host: IP_ADDRESS}
- CongressInternal: {protocol: http, port: '1789', host: IP_ADDRESS}
- CongressPublic: {protocol: http, port: '1789', host: IP_ADDRESS}
- DesignateAdmin: {protocol: 'http', port: '9001', host: IP_ADDRESS}
- DesignateInternal: {protocol: 'http', port: '9001', host: IP_ADDRESS}
- DesignatePublic: {protocol: 'http', port: '9001', host: IP_ADDRESS}
- DockerRegistryInternal: {protocol: http, port: '8787', host: IP_ADDRESS}
- Ec2ApiAdmin: {protocol: http, port: '8788', host: IP_ADDRESS}
- Ec2ApiInternal: {protocol: http, port: '8788', host: IP_ADDRESS}
- Ec2ApiPublic: {protocol: http, port: '8788', host: IP_ADDRESS}
- GaneshaInternal: {protocol: nfs, port: '2049', host: IP_ADDRESS}
- GlanceAdmin: {protocol: http, port: '9292', host: IP_ADDRESS}
- GlanceInternal: {protocol: http, port: '9292', host: IP_ADDRESS}
- GlancePublic: {protocol: http, port: '9292', host: IP_ADDRESS}
- GnocchiAdmin: {protocol: http, port: '8041', host: IP_ADDRESS}
- GnocchiInternal: {protocol: http, port: '8041', host: IP_ADDRESS}
- GnocchiPublic: {protocol: http, port: '8041', host: IP_ADDRESS}
- HeatAdmin: {protocol: http, port: '8004', host: IP_ADDRESS}
- HeatInternal: {protocol: http, port: '8004', host: IP_ADDRESS}
- HeatPublic: {protocol: http, port: '8004', host: IP_ADDRESS}
- HeatUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
- HeatCfnAdmin: {protocol: http, port: '8000', host: IP_ADDRESS}
- HeatCfnInternal: {protocol: http, port: '8000', host: IP_ADDRESS}
- HeatCfnPublic: {protocol: http, port: '8000', host: IP_ADDRESS}
- HorizonPublic: {protocol: http, port: '80', host: IP_ADDRESS}
- IronicAdmin: {protocol: http, port: '6385', host: IP_ADDRESS}
- IronicInternal: {protocol: http, port: '6385', host: IP_ADDRESS}
- IronicPublic: {protocol: http, port: '6385', host: IP_ADDRESS}
- IronicUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
- IronicInspectorAdmin: {protocol: http, port: '5050', host: IP_ADDRESS}
- IronicInspectorInternal: {protocol: http, port: '5050', host: IP_ADDRESS}
- IronicInspectorPublic: {protocol: http, port: '5050', host: IP_ADDRESS}
- IronicInspectorUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
- KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS}
- KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS}
- KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS}
- KeystoneUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
- ManilaAdmin: {protocol: http, port: '8786', host: IP_ADDRESS}
- ManilaInternal: {protocol: http, port: '8786', host: IP_ADDRESS}
- ManilaPublic: {protocol: http, port: '8786', host: IP_ADDRESS}
- MistralAdmin: {protocol: http, port: '8989', host: IP_ADDRESS}
- MistralInternal: {protocol: http, port: '8989', host: IP_ADDRESS}
- MistralPublic: {protocol: http, port: '8989', host: IP_ADDRESS}
- MistralUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
- MysqlInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS}
- NeutronAdmin: {protocol: http, port: '9696', host: IP_ADDRESS}
- NeutronInternal: {protocol: http, port: '9696', host: IP_ADDRESS}
- NeutronPublic: {protocol: http, port: '9696', host: IP_ADDRESS}
- NovaAdmin: {protocol: http, port: '8774', host: IP_ADDRESS}
- NovaInternal: {protocol: http, port: '8774', host: IP_ADDRESS}
- NovaPublic: {protocol: http, port: '8774', host: IP_ADDRESS}
- NovaUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
- NovaPlacementAdmin: {protocol: http, port: '8778', host: IP_ADDRESS}
- NovaPlacementInternal: {protocol: http, port: '8778', host: IP_ADDRESS}
- NovaPlacementPublic: {protocol: http, port: '8778', host: IP_ADDRESS}
- NovaVNCProxyAdmin: {protocol: http, port: '6080', host: IP_ADDRESS}
- NovaVNCProxyInternal: {protocol: http, port: '6080', host: IP_ADDRESS}
- NovaVNCProxyPublic: {protocol: http, port: '6080', host: IP_ADDRESS}
- OctaviaAdmin: {protocol: http, port: '9876', host: IP_ADDRESS}
- OctaviaInternal: {protocol: http, port: '9876', host: IP_ADDRESS}
- OctaviaPublic: {protocol: http, port: '9876', host: IP_ADDRESS}
- OpenDaylightAdmin: {protocol: http, port: '8081', host: IP_ADDRESS}
- OpenDaylightInternal: {protocol: http, port: '8081', host: IP_ADDRESS}
- OpenshiftAdmin: {protocol: http, port: '8443', host: IP_ADDRESS}
- OpenshiftInternal: {protocol: http, port: '8443', host: IP_ADDRESS}
- OpenshiftPublic: {protocol: http, port: '8443', host: IP_ADDRESS}
- OpenshiftRouterAdmin: {protocol: http, port: '80', host: IP_ADDRESS}
- OpenshiftRouterInternal: {protocol: http, port: '80', host: IP_ADDRESS}
- OpenshiftRouterPublic: {protocol: http, port: '80', host: IP_ADDRESS}
- PankoAdmin: {protocol: http, port: '8977', host: IP_ADDRESS}
- PankoInternal: {protocol: http, port: '8977', host: IP_ADDRESS}
- PankoPublic: {protocol: http, port: '8977', host: IP_ADDRESS}
- SaharaAdmin: {protocol: http, port: '8386', host: IP_ADDRESS}
- SaharaInternal: {protocol: http, port: '8386', host: IP_ADDRESS}
- SaharaPublic: {protocol: http, port: '8386', host: IP_ADDRESS}
- SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS}
- SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS}
- SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS}
- SwiftUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
- TackerAdmin: {protocol: http, port: '9890', host: IP_ADDRESS}
- TackerInternal: {protocol: http, port: '9890', host: IP_ADDRESS}
- TackerPublic: {protocol: http, port: '9890', host: IP_ADDRESS}
- ZaqarAdmin: {protocol: http, port: '8888', host: IP_ADDRESS}
- ZaqarInternal: {protocol: http, port: '8888', host: IP_ADDRESS}
- ZaqarPublic: {protocol: http, port: '8888', host: IP_ADDRESS}
- ZaqarWebSocketAdmin: {protocol: ws, port: '9000', host: IP_ADDRESS}
- ZaqarWebSocketInternal: {protocol: ws, port: '9000', host: IP_ADDRESS}
- ZaqarWebSocketPublic: {protocol: ws, port: '9000', host: IP_ADDRESS}
- ZaqarWebSocketUIConfig: {protocol: ws, port: '3000', host: IP_ADDRESS}
-
diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml
deleted file mode 100644
index e68a45a041..0000000000
--- a/environments/tls-endpoints-public-dns.yaml
+++ /dev/null
@@ -1,109 +0,0 @@
-# *************************************************************************************
-# DEPRECATED: Use tripleo-heat-templates/environments/ssl/tls-endpoints-public-dns.yaml
-# instead.
-# *************************************************************************************
-# Use this environment when deploying an SSL-enabled overcloud where the public
-# endpoint is a DNS name.
-parameter_defaults:
- EndpointMap:
- AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
- AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
- AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
- BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
- BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
- BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
- CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
- CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
- CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
- CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
- CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
- CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
- CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
- DesignateAdmin: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'}
- DesignateInternal: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'}
- DesignatePublic: {protocol: 'https', port: '13001', host: 'CLOUDNAME'}
- DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'}
- Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
- Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
- Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
- GaneshaInternal: {protocol: 'nfs', port: '2049', host: 'IP_ADDRESS'}
- GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
- GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
- GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
- GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
- GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
- GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
- HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
- HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
- HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
- HeatUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'}
- HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
- HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
- HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
- HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
- IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
- IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
- IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
- IronicUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'}
- IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
- IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
- IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
- IronicInspectorUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'}
- KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
- KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
- KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
- KeystoneUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'}
- ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
- ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
- ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
- MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
- MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
- MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
- MistralUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'}
- MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
- NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
- NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
- NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
- NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
- NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
- NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
- NovaUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'}
- NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
- NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
- NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
- NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
- NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
- NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
- OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
- OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
- OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
- OpenDaylightAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
- OpenDaylightInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
- OpenshiftAdmin: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
- OpenshiftInternal: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
- OpenshiftPublic: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
- OpenshiftRouterAdmin: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
- OpenshiftRouterInternal: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
- OpenshiftRouterPublic: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
- PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
- PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
- PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'}
- SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
- SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
- SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
- SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
- SwiftUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'}
- TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
- TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
- TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
- ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
- ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
- ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
- ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
- ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
- ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
- ZaqarWebSocketUIConfig: {protocol: 'ws', port: '3000', host: 'IP_ADDRESS'}
diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml
deleted file mode 100644
index fb853cd619..0000000000
--- a/environments/tls-endpoints-public-ip.yaml
+++ /dev/null
@@ -1,109 +0,0 @@
-# *************************************************************************************
-# DEPRECATED: Use tripleo-heat-templates/environments/ssl/tls-endpoints-public-ip.yaml
-# instead.
-# *************************************************************************************
-# Use this environment when deploying an SSL-enabled overcloud where the public
-# endpoint is an IP address.
-parameter_defaults:
- EndpointMap:
- AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
- AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
- AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
- BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
- BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
- BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'}
- CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
- CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
- CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
- CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
- CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
- CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
- CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'}
- DesignateAdmin: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'}
- DesignateInternal: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'}
- DesignatePublic: {protocol: 'https', port: '13001', host: 'IP_ADDRESS'}
- DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'IP_ADDRESS'}
- Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
- Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
- Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'}
- GaneshaInternal: {protocol: 'nfs', port: '2049', host: 'IP_ADDRESS'}
- GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
- GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
- GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
- GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
- GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
- GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'}
- HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
- HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
- HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'}
- HeatUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'}
- HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
- HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
- HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'}
- HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
- IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
- IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
- IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
- IronicUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'}
- IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
- IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
- IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'}
- IronicInspectorUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'}
- KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
- KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
- KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
- KeystoneUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'}
- ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
- ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
- ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'}
- MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
- MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
- MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
- MistralUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'}
- MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
- NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
- NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
- NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'}
- NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
- NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
- NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
- NovaUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'}
- NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
- NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
- NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'}
- NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
- NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
- NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
- OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
- OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
- OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'}
- OpenDaylightAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
- OpenDaylightInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
- OpenshiftAdmin: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
- OpenshiftInternal: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
- OpenshiftPublic: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
- OpenshiftRouterAdmin: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
- OpenshiftRouterInternal: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
- OpenshiftRouterPublic: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
- PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
- PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
- PankoPublic: {protocol: 'https', port: '13977', host: 'IP_ADDRESS'}
- SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
- SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
- SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'}
- SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
- SwiftUIConfig: {protocol: 'http', port: '3000', host: 'IP_ADDRESS'}
- TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
- TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
- TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
- ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
- ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
- ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'}
- ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
- ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
- ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'}
- ZaqarWebSocketUIConfig: {protocol: 'ws', port: '3000', host: 'IP_ADDRESS'}
diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml
deleted file mode 100644
index b50586afaa..0000000000
--- a/environments/tls-everywhere-endpoints-dns.yaml
+++ /dev/null
@@ -1,105 +0,0 @@
-# Use this environment when deploying an overcloud where all the endpoints are
-# DNS names and there's TLS in all endpoint types.
-parameter_defaults:
- EndpointMap:
- AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
- AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
- AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
- BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
- BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
- BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
- CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
- CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
- CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
- CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
- CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
- CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
- CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
- CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
- CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
- DesignateAdmin: {protocol: 'https', port: '9001', host: 'CLOUDNAME'}
- DesignateInternal: {protocol: 'https', port: '9001', host: 'CLOUDNAME'}
- DesignatePublic: {protocol: 'https', port: '13001', host: 'CLOUDNAME'}
- DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'}
- Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
- Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
- Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
- GaneshaInternal: {protocol: 'nfs', port: '2049', host: 'CLOUDNAME'}
- GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
- GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
- GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
- GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
- GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
- GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
- HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
- HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
- HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
- HeatUIConfig: {protocol: 'http', port: '3000', host: 'CLOUDNAME'}
- HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
- HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
- HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
- HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
- IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
- IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
- IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
- IronicUIConfig: {protocol: 'http', port: '3000', host: 'CLOUDNAME'}
- IronicInspectorAdmin: {protocol: 'https', port: '5050', host: 'CLOUDNAME'}
- IronicInspectorInternal: {protocol: 'https', port: '5050', host: 'CLOUDNAME'}
- IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
- IronicInspectorUIConfig: {protocol: 'http', port: '3000', host: 'CLOUDNAME'}
- KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'}
- KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'}
- KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
- KeystoneUIConfig: {protocol: 'http', port: '3000', host: 'CLOUDNAME'}
- ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
- ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
- ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
- MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
- MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
- MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
- MistralUIConfig: {protocol: 'http', port: '3000', host: 'CLOUDNAME'}
- MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'}
- NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
- NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
- NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
- NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
- NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
- NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
- NovaUIConfig: {protocol: 'http', port: '3000', host: 'CLOUDNAME'}
- NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
- NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
- NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
- NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
- NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
- NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
- OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
- OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
- OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
- OpenDaylightAdmin: {protocol: 'https', port: '8081', host: 'CLOUDNAME'}
- OpenDaylightInternal: {protocol: 'https', port: '8081', host: 'CLOUDNAME'}
- OpenshiftAdmin: {protocol: 'https', port: '8443', host: 'CLOUDNAME'}
- OpenshiftInternal: {protocol: 'https', port: '8443', host: 'CLOUDNAME'}
- OpenshiftPublic: {protocol: 'https', port: '8443', host: 'CLOUDNAME'}
- OpenshiftRouterAdmin: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
- OpenshiftRouterInternal: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
- OpenshiftRouterPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
- PankoAdmin: {protocol: 'https', port: '8977', host: 'CLOUDNAME'}
- PankoInternal: {protocol: 'https', port: '8977', host: 'CLOUDNAME'}
- PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'}
- SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
- SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
- SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
- SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
- SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
- SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
- SwiftUIConfig: {protocol: 'http', port: '3000', host: 'CLOUDNAME'}
- TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
- TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
- TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
- ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
- ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
- ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
- ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
- ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
- ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
- ZaqarWebSocketUIConfig: {protocol: ws, port: '3000', host: 'CLOUDNAME'}
diff --git a/releasenotes/notes/remove-old-tls-envs-137cf19b55526a81.yaml b/releasenotes/notes/remove-old-tls-envs-137cf19b55526a81.yaml
new file mode 100644
index 0000000000..be9690e7f8
--- /dev/null
+++ b/releasenotes/notes/remove-old-tls-envs-137cf19b55526a81.yaml
@@ -0,0 +1,9 @@
+---
+deprecations:
+ - |
+ The TLS-related environment files in the environments/ directory were
+ deleted. The ones in the environments/ssl/ are preferred instead. Namely,
+ the following files:: enable-internal-tls.yaml, enable-tls.yaml,
+ inject-trust-anchor-hiera.yaml, inject-trust-anchor.yaml,
+ no-tls-endpoints-public-ip.yaml, tls-endpoints-public-dns.yaml
+ tls-endpoints-public-ip.yaml, tls-everywhere-endpoints-dns.yaml.
diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py
index c84e415cb0..f66322f35e 100755
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@@ -48,10 +48,6 @@ required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords',
# so they need to be listed twice. Once the deprecated version can be removed
# the duplicate entries can be as well.
envs_containing_endpoint_map = ['no-tls-endpoints-public-ip.yaml',
- 'tls-endpoints-public-dns.yaml',
- 'tls-endpoints-public-ip.yaml',
- 'tls-everywhere-endpoints-dns.yaml',
- 'no-tls-endpoints-public-ip.yaml',
'tls-endpoints-public-dns.yaml',
'tls-endpoints-public-ip.yaml',
'tls-everywhere-endpoints-dns.yaml']