openstack/tripleo-heat-templates
Code Issues Proposed changes

Revert "Change default endpoint map entries to use TLS"

Browse Source 
This reverts commit 22ad1bc8c51dffb40e3ebaf5fef35de333adb53d.

Change-Id: I424d001a1aad78b6a756b10682b316b3f2a48fc5
Closes-Bug: #1771435
This commit is contained in:
Alex Schultz 2018-05-15 21:27:19 +00:00
parent 22ad1bc8c5
commit d5b34858de
3 changed files with 30 additions and 93 deletions

58
network/endpoints/endpoint_data.yaml

@ -6,8 +6,6 @@ Aodh:
net_param: AodhApi
Public:
net_param: Public
protocol: https
port: 13042
Admin:
net_param: AodhApi
port: 8042
@ -17,8 +15,6 @@ Barbican:
net_param: BarbicanApi
Public:
net_param: Public
protocol: https
port: 13311
Admin:
net_param: BarbicanApi
port: 9311
@ -28,8 +24,6 @@ Ceilometer:
net_param: CeilometerApi
Public:
net_param: Public
protocol: https
port: 13777
Admin:
net_param: CeilometerApi
port: 8777
@ -39,8 +33,6 @@ Designate:
net_param: DesignateApi
Public:
net_param: Public
protocol: https
port: 13001
Admin:
net_param: DesignateApi
port: 9001
@ -50,8 +42,6 @@ Ec2Api:
net_param: Ec2Api
Public:
net_param: Public
protocol: https
port: 13788
Admin:
net_param: Ec2Api
port: 8788
@ -61,8 +51,6 @@ Gnocchi:
net_param: GnocchiApi
Public:
net_param: Public
protocol: https
port: 13041
Admin:
net_param: GnocchiApi
port: 8041
@ -72,8 +60,6 @@ Panko:
net_param: PankoApi
Public:
net_param: Public
protocol: https
portt: 13977
Admin:
net_param: PankoApi
port: 8977
@ -91,8 +77,6 @@ Cinder:
'': /v1/%(tenant_id)s
V2: /v2/%(tenant_id)s
V3: /v3/%(tenant_id)s
protocol: https
port: 13776
Admin:
net_param: CinderApi
uri_suffixes:
@ -106,8 +90,6 @@ Congress:
net_param: CongressApi
Public:
net_param: Public
protocol: https
port: 13789
Admin:
net_param: CongressApi
port: 1789
@ -117,8 +99,6 @@ Glance:
net_param: GlanceApi
Public:
net_param: Public
protocol: https
port: 13292
Admin:
net_param: GlanceApi
port: 9292
@ -138,8 +118,6 @@ Heat:
net_param: Public
uri_suffixes:
'': /v1/%(tenant_id)s
protocol: https
port: 13004
Admin:
net_param: HeatApi
uri_suffixes:
@ -160,8 +138,6 @@ HeatCfn:
net_param: Public
uri_suffixes:
'': /v1
protocol: https
port: 13005
Admin:
net_param: HeatApi
uri_suffixes:
@ -173,8 +149,7 @@ Horizon:
net_param: Public
uri_suffixes:
'': /dashboard
protocol: https
port: 443
port: 80
# TODO(ayoung): V3 is a temporary fix. Endpoints should be versionless.
# Required for https://bugs.launchpad.net/puppet-nova/+bug/1542486
@ -191,8 +166,6 @@ Keystone:
uri_suffixes:
'': /
V3: /v3
protocol: https
port: 13000
Admin:
net_param: KeystoneAdminApi
uri_suffixes:
@ -217,8 +190,6 @@ Manila:
uri_suffixes:
'': /v2/%(tenant_id)s
V1: /v1/%(tenant_id)s
protocol: https
port: 13786
Admin:
net_param: ManilaApi
uri_suffixes:
@ -235,8 +206,6 @@ Mistral:
net_param: Public
uri_suffixes:
'': /v2
protocol: https
port: 13989
Admin:
net_param: MistralApi
uri_suffixes:
@ -253,8 +222,6 @@ Neutron:
net_param: NeutronApi
Public:
net_param: Public
protocol: https
port: 13696
Admin:
net_param: NeutronApi
port: 9696
@ -268,8 +235,6 @@ Nova:
net_param: Public
uri_suffixes:
'': /v2.1
protocol: https
port: 13774
Admin:
net_param: NovaApi
uri_suffixes:
@ -290,8 +255,6 @@ NovaPlacement:
net_param: Public
uri_suffixes:
'': /placement
protocol: https
port: 13778
Admin:
net_param: NovaPlacement
uri_suffixes:
@ -303,8 +266,6 @@ NovaVNCProxy:
net_param: NovaApi
Public:
net_param: Public
protocol: https
port: 13080
Admin:
net_param: NovaApi
port: 6080
@ -320,8 +281,6 @@ Swift:
uri_suffixes:
'': /v1/AUTH_%(tenant_id)s
S3:
protocol: https
port: 13808
Admin:
net_param: SwiftProxy
uri_suffixes:
@ -343,8 +302,6 @@ CephRgw:
net_param: Public
uri_suffixes:
'': /swift/v1
protocol: https
port: 13808
Admin:
net_param: CephRgw
uri_suffixes:
@ -360,8 +317,6 @@ Sahara:
net_param: Public
uri_suffixes:
'': /v1.1/%(tenant_id)s
protocol: https
port: 13386
Admin:
net_param: SaharaApi
uri_suffixes:
@ -373,8 +328,6 @@ Tacker:
net_param: TackerApi
Public:
net_param: Public
protocol: https
port: 13989
Admin:
net_param: TackerApi
port: 9890
@ -388,8 +341,6 @@ Ironic:
net_param: Public
uri_suffixes:
'': /v1
protocol: https
port: 13385
Admin:
net_param: IronicApi
uri_suffixes:
@ -406,8 +357,6 @@ IronicInspector:
net_param: IronicInspector
Public:
net_param: Public
protocol: https
port: 13050
Admin:
net_param: IronicInspector
UIConfig:
@ -422,8 +371,6 @@ Zaqar:
net_param: ZaqarApi
Public:
net_param: Public
protocol: https
port: 13888
Admin:
net_param: ZaqarApi
port: 8888
@ -433,7 +380,6 @@ ZaqarWebSocket:
net_param: ZaqarApi
Public:
net_param: Public
protocol: https
Admin:
net_param: ZaqarApi
UIConfig:
@ -449,8 +395,6 @@ Octavia:
net_param: OctaviaApi
Public:
net_param: Public
protocol: https
port: 13876
Admin:
net_param: OctaviaApi
port: 9876

58
network/endpoints/endpoint_map.yaml

@ -21,101 +21,101 @@ parameters:
default:
AodhAdmin: {protocol: http, port: '8042', host: IP_ADDRESS}
AodhInternal: {protocol: http, port: '8042', host: IP_ADDRESS}
AodhPublic: {protocol: https, port: '13042', host: CLOUDNAME}
AodhPublic: {protocol: http, port: '8042', host: CLOUDNAME}
BarbicanAdmin: {protocol: http, port: '9311', host: IP_ADDRESS}
BarbicanInternal: {protocol: http, port: '9311', host: IP_ADDRESS}
BarbicanPublic: {protocol: https, port: '13311', host: CLOUDNAME}
BarbicanPublic: {protocol: http, port: '9311', host: CLOUDNAME}
CeilometerAdmin: {protocol: http, port: '8777', host: IP_ADDRESS}
CeilometerInternal: {protocol: http, port: '8777', host: IP_ADDRESS}
CeilometerPublic: {protocol: https, port: '13777', host: CLOUDNAME}
CeilometerPublic: {protocol: http, port: '8777', host: CLOUDNAME}
CephRgwAdmin: {protocol: http, port: '8080', host: IP_ADDRESS}
CephRgwInternal: {protocol: http, port: '8080', host: IP_ADDRESS}
CephRgwPublic: {protocol: https, port: '13808', host: CLOUDNAME}
CephRgwPublic: {protocol: http, port: '8080', host: CLOUDNAME}
CinderAdmin: {protocol: http, port: '8776', host: IP_ADDRESS}
CinderInternal: {protocol: http, port: '8776', host: IP_ADDRESS}
CinderPublic: {protocol: https, port: '13776', host: CLOUDNAME}
CinderPublic: {protocol: http, port: '8776', host: CLOUDNAME}
CongressAdmin: {protocol: http, port: '1789', host: IP_ADDRESS}
CongressInternal: {protocol: http, port: '1789', host: IP_ADDRESS}
CongressPublic: {protocol: https, port: '13789', host: CLOUDNAME}
CongressPublic: {protocol: http, port: '1789', host: CLOUDNAME}
DesignateAdmin: {protocol: http, port: '9001', host: IP_ADDRESS}
DesignateInternal: {protocol: http, port: '9001', host: IP_ADDRESS}
DesignatePublic: {protocol: https, port: '13001', host: CLOUDNAME}
DesignatePublic: {protocol: http, port: '9001', host: CLOUDNAME}
DockerRegistryInternal: {protocol: http, port: '8787', host: IP_ADDRESS}
Ec2ApiAdmin: {protocol: http, port: '8788', host: IP_ADDRESS}
Ec2ApiInternal: {protocol: http, port: '8788', host: IP_ADDRESS}
Ec2ApiPublic: {protocol: https, port: '13788', host: CLOUDNAME}
Ec2ApiPublic: {protocol: http, port: '8788', host: CLOUDNAME}
GaneshaInternal: {protocol: nfs, port: '2049', host: IP_ADDRESS}
GlanceAdmin: {protocol: http, port: '9292', host: IP_ADDRESS}
GlanceInternal: {protocol: http, port: '9292', host: IP_ADDRESS}
GlancePublic: {protocol: https, port: '13292', host: CLOUDNAME}
GlancePublic: {protocol: http, port: '9292', host: CLOUDNAME}
GnocchiAdmin: {protocol: http, port: '8041', host: IP_ADDRESS}
GnocchiInternal: {protocol: http, port: '8041', host: IP_ADDRESS}
GnocchiPublic: {protocol: https, port: '13041', host: CLOUDNAME}
GnocchiPublic: {protocol: http, port: '8041', host: CLOUDNAME}
HeatAdmin: {protocol: http, port: '8004', host: IP_ADDRESS}
HeatInternal: {protocol: http, port: '8004', host: IP_ADDRESS}
HeatPublic: {protocol: https, port: '13004', host: CLOUDNAME}
HeatPublic: {protocol: http, port: '8004', host: CLOUDNAME}
HeatUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
HeatCfnAdmin: {protocol: http, port: '8000', host: IP_ADDRESS}
HeatCfnInternal: {protocol: http, port: '8000', host: IP_ADDRESS}
HeatCfnPublic: {protocol: https, port: '13005', host: CLOUDNAME}
HorizonPublic: {protocol: https, port: '443', host: CLOUDNAME}
HeatCfnPublic: {protocol: http, port: '8000', host: CLOUDNAME}
HorizonPublic: {protocol: http, port: '80', host: CLOUDNAME}
IronicAdmin: {protocol: http, port: '6385', host: IP_ADDRESS}
IronicInternal: {protocol: http, port: '6385', host: IP_ADDRESS}
IronicPublic: {protocol: https, port: '13385', host: CLOUDNAME}
IronicPublic: {protocol: http, port: '6385', host: CLOUDNAME}
IronicUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
IronicInspectorAdmin: {protocol: http, port: '5050', host: IP_ADDRESS}
IronicInspectorInternal: {protocol: http, port: '5050', host: IP_ADDRESS}
IronicInspectorPublic: {protocol: https, port: '13050', host: CLOUDNAME}
IronicInspectorPublic: {protocol: http, port: '5050', host: CLOUDNAME}
IronicInspectorUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS}
KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS}
KeystonePublic: {protocol: https, port: '13000', host: CLOUDNAME}
KeystonePublic: {protocol: http, port: '5000', host: CLOUDNAME}
KeystoneUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
ManilaAdmin: {protocol: http, port: '8786', host: IP_ADDRESS}
ManilaInternal: {protocol: http, port: '8786', host: IP_ADDRESS}
ManilaPublic: {protocol: https, port: '13786', host: CLOUDNAME}
ManilaPublic: {protocol: http, port: '8786', host: CLOUDNAME}
MistralAdmin: {protocol: http, port: '8989', host: IP_ADDRESS}
MistralInternal: {protocol: http, port: '8989', host: IP_ADDRESS}
MistralPublic: {protocol: https, port: '13989', host: CLOUDNAME}
MistralPublic: {protocol: http, port: '8989', host: CLOUDNAME}
MistralUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
MysqlInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS}
NeutronAdmin: {protocol: http, port: '9696', host: IP_ADDRESS}
NeutronInternal: {protocol: http, port: '9696', host: IP_ADDRESS}
NeutronPublic: {protocol: https, port: '13696', host: CLOUDNAME}
NeutronPublic: {protocol: http, port: '9696', host: CLOUDNAME}
NovaAdmin: {protocol: http, port: '8774', host: IP_ADDRESS}
NovaInternal: {protocol: http, port: '8774', host: IP_ADDRESS}
NovaPublic: {protocol: https, port: '13774', host: CLOUDNAME}
NovaPublic: {protocol: http, port: '8774', host: CLOUDNAME}
NovaUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
NovaPlacementAdmin: {protocol: http, port: '8778', host: IP_ADDRESS}
NovaPlacementInternal: {protocol: http, port: '8778', host: IP_ADDRESS}
NovaPlacementPublic: {protocol: https, port: '13778', host: CLOUDNAME}
NovaPlacementPublic: {protocol: http, port: '8778', host: CLOUDNAME}
NovaVNCProxyAdmin: {protocol: http, port: '6080', host: IP_ADDRESS}
NovaVNCProxyInternal: {protocol: http, port: '6080', host: IP_ADDRESS}
NovaVNCProxyPublic: {protocol: https, port: '13080', host: CLOUDNAME}
NovaVNCProxyPublic: {protocol: http, port: '6080', host: CLOUDNAME}
OctaviaAdmin: {protocol: http, port: '9876', host: IP_ADDRESS}
OctaviaInternal: {protocol: http, port: '9876', host: IP_ADDRESS}
OctaviaPublic: {protocol: https, port: '13876', host: CLOUDNAME}
OctaviaPublic: {protocol: http, port: '9876', host: CLOUDNAME}
OpenDaylightAdmin: {protocol: http, port: '8081', host: IP_ADDRESS}
OpenDaylightInternal: {protocol: http, port: '8081', host: IP_ADDRESS}
PankoAdmin: {protocol: http, port: '8977', host: IP_ADDRESS}
PankoInternal: {protocol: http, port: '8977', host: IP_ADDRESS}
PankoPublic: {protocol: https, port: '8977', host: CLOUDNAME}
PankoPublic: {protocol: http, port: '8977', host: CLOUDNAME}
SaharaAdmin: {protocol: http, port: '8386', host: IP_ADDRESS}
SaharaInternal: {protocol: http, port: '8386', host: IP_ADDRESS}
SaharaPublic: {protocol: https, port: '13386', host: CLOUDNAME}
SaharaPublic: {protocol: http, port: '8386', host: CLOUDNAME}
SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS}
SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS}
SwiftPublic: {protocol: https, port: '13808', host: CLOUDNAME}
SwiftPublic: {protocol: http, port: '8080', host: CLOUDNAME}
SwiftUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
TackerAdmin: {protocol: http, port: '9890', host: IP_ADDRESS}
TackerInternal: {protocol: http, port: '9890', host: IP_ADDRESS}
TackerPublic: {protocol: https, port: '13989', host: CLOUDNAME}
TackerPublic: {protocol: http, port: '9890', host: CLOUDNAME}
ZaqarAdmin: {protocol: http, port: '8888', host: IP_ADDRESS}
ZaqarInternal: {protocol: http, port: '8888', host: IP_ADDRESS}
ZaqarPublic: {protocol: https, port: '13888', host: CLOUDNAME}
ZaqarPublic: {protocol: http, port: '8888', host: CLOUDNAME}
ZaqarWebSocketAdmin: {protocol: ws, port: '9000', host: IP_ADDRESS}
ZaqarWebSocketInternal: {protocol: ws, port: '9000', host: IP_ADDRESS}
ZaqarWebSocketPublic: {protocol: https, port: '9000', host: CLOUDNAME}
ZaqarWebSocketPublic: {protocol: ws, port: '9000', host: CLOUDNAME}
ZaqarWebSocketUIConfig: {protocol: ws, port: '3000', host: IP_ADDRESS}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.

7
releasenotes/notes/Use-TLS-endpoints-by-default-6f70ef3c82c547de.yaml

@ -1,7 +0,0 @@
---
features:
- |
TripleO now uses TLS on the public interfaces by default. This is reflected
on the EndpointMap, as now the default entries have 'https' endpoints.
Note that it's still possible to deploy TripleO without TLS, using the
environments/no-tls-endpoints-public-ip.yaml environment file.