James Kirsch 93ad57f47e Add support for encrypting backend Neutron API Server
Add TLS support for backend Neutron API Server communication using
HAProxy to perform TLS termination. When used in conjunction with
enabling TLS for service API endpoints, network communication will be
encrypted end to end, from client through HAProxy to the Neutron
service.

Change-Id: Ib333a1f1bd12491df72a9e52d961161210e2d330
Partially-Implements: blueprint add-ssl-internal-network
2020-10-12 17:27:44 +00:00

274 lines
9.6 KiB
YAML

---
- name: Restart neutron-server container
vars:
service_name: "neutron-server"
service: "{{ neutron_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
dimensions: "{{ service.dimensions }}"
privileged: "{{ service.privileged | default(False) }}"
healthcheck: "{{ service.healthcheck | default(omit) }}"
when:
- kolla_action != "config"
- name: Restart neutron-openvswitch-agent container
vars:
service_name: "neutron-openvswitch-agent"
service: "{{ neutron_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
environment: "{{ service.environment }}"
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
dimensions: "{{ service.dimensions }}"
privileged: "{{ service.privileged | default(False) }}"
healthcheck: "{{ service.healthcheck | default(omit) }}"
when:
- kolla_action != "config"
- name: Restart fake neutron-openvswitch-agent container
vars:
service_name: "neutron-openvswitch-agent"
service: "{{ neutron_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
dimensions: "{{ service.dimensions }}"
privileged: "{{ service.privileged | default(False) }}"
healthcheck: "{{ service.healthcheck | default(omit) }}"
with_sequence: "start=1 end={{ num_nova_fake_per_node }}"
when:
- kolla_action != "config"
- name: Restart neutron-linuxbridge-agent container
vars:
service_name: "neutron-linuxbridge-agent"
service: "{{ neutron_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
environment: "{{ service.environment }}"
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
dimensions: "{{ service.dimensions }}"
privileged: "{{ service.privileged | default(False) }}"
healthcheck: "{{ service.healthcheck | default(omit) }}"
when:
- kolla_action != "config"
- name: Restart neutron-dhcp-agent container
vars:
service_name: "neutron-dhcp-agent"
service: "{{ neutron_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
dimensions: "{{ service.dimensions }}"
privileged: "{{ service.privileged | default(False) }}"
healthcheck: "{{ service.healthcheck | default(omit) }}"
when:
- kolla_action != "config"
- name: Restart neutron-l3-agent container
vars:
service_name: "neutron-l3-agent"
service: "{{ neutron_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
environment: "{{ service.environment }}"
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
dimensions: "{{ service.dimensions }}"
privileged: "{{ service.privileged | default(False) }}"
healthcheck: "{{ service.healthcheck | default(omit) }}"
when:
- kolla_action != "config"
- name: Restart neutron-sriov-agent container
vars:
service_name: "neutron-sriov-agent"
service: "{{ neutron_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
dimensions: "{{ service.dimensions }}"
privileged: "{{ service.privileged | default(False) }}"
healthcheck: "{{ service.healthcheck | default(omit) }}"
when:
- kolla_action != "config"
- name: Restart neutron-mlnx-agent container
vars:
service_name: "neutron-mlnx-agent"
service: "{{ neutron_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
dimensions: "{{ service.dimensions }}"
privileged: "{{ service.privileged | default(False) }}"
when:
- kolla_action != "config"
- name: Restart neutron-eswitchd container
vars:
service_name: "neutron-eswitchd"
service: "{{ neutron_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
dimensions: "{{ service.dimensions }}"
privileged: "{{ service.privileged | default(False) }}"
when:
- kolla_action != "config"
- name: Restart neutron-tls-proxy container
vars:
service_name: "neutron-tls-proxy"
service: "{{ neutron_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
dimensions: "{{ service.dimensions }}"
healthcheck: "{{ service.healthcheck | default(omit) }}"
when:
- kolla_action != "config"
- name: Restart neutron-metadata-agent container
vars:
service_name: "neutron-metadata-agent"
service: "{{ neutron_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
dimensions: "{{ service.dimensions }}"
privileged: "{{ service.privileged | default(False) }}"
healthcheck: "{{ service.healthcheck | default(omit) }}"
when:
- kolla_action != "config"
- name: Restart neutron-ovn-metadata-agent container
vars:
service_name: "neutron-ovn-metadata-agent"
service: "{{ neutron_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
dimensions: "{{ service.dimensions }}"
privileged: "{{ service.privileged | default(False) }}"
healthcheck: "{{ service.healthcheck | default(omit) }}"
when:
- kolla_action != "config"
- name: Restart neutron-bgp-dragent container
vars:
service_name: "neutron-bgp-dragent"
service: "{{ neutron_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes }}"
dimensions: "{{ service.dimensions }}"
privileged: "{{ service.privileged | default(False) }}"
healthcheck: "{{ service.healthcheck | default(omit) }}"
when:
- kolla_action != "config"
- name: Restart neutron-infoblox-ipam-agent container
vars:
service_name: "neutron-infoblox-ipam-agent"
service: "{{ neutron_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes }}"
dimensions: "{{ service.dimensions }}"
privileged: "{{ service.privileged | default(False) }}"
healthcheck: "{{ service.healthcheck | default(omit) }}"
when:
- kolla_action != "config"
- name: Restart neutron-metering-agent container
vars:
service_name: "neutron-metering-agent"
service: "{{ neutron_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
dimensions: "{{ service.dimensions }}"
privileged: "{{ service.privileged | default(False) }}"
healthcheck: "{{ service.healthcheck | default(omit) }}"
when:
- kolla_action != "config"
- name: Restart ironic-neutron-agent container
vars:
service_name: "ironic-neutron-agent"
service: "{{ neutron_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes }}"
dimensions: "{{ service.dimensions }}"
privileged: "{{ service.privileged | default(False) }}"
healthcheck: "{{ service.healthcheck | default(omit) }}"
when:
- kolla_action != "config"