3.2.2. 将 overcloud 配置为使用 novajoin
要启用 IdM 集成,请创建一个
/usr/share/openstack-tripleo-heat-templates/environments/predictable-placement/custom-domain.yaml
环境文件的副本:$ cp /usr/share/openstack-tripleo-heat-templates/environments/predictable-placement/custom-domain.yaml \ /home/stack/templates/custom-domain.yaml
编辑
/home/stack/templates/custom-domain.yaml
环境文件,并将CloudDomain
和CloudName*
值设置为适合您的部署。例如:parameter_defaults: CloudDomain: lab.local CloudName: overcloud.lab.local CloudNameInternal: overcloud.internalapi.lab.local CloudNameStorage: overcloud.storage.lab.local CloudNameStorageManagement: overcloud.storagemgmt.lab.local CloudNameCtlplane: overcloud.ctlplane.lab.local
在 overcloud 部署过程中包含以下环境文件:
-
/usr/share/openstack-tripleo-heat-templates/environments/ssl/enable-internal-tls.yaml
-
/usr/share/openstack-tripleo-heat-templates/environments/ssl/tls-everywhere-endpoints-dns.yaml
/home/stack/templates/custom-domain.yaml
例如:
openstack overcloud deploy \ --templates \ -e /usr/share/openstack-tripleo-heat-templates/environments/ssl/enable-internal-tls.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/ssl/tls-everywhere-endpoints-dns.yaml \ -e /home/stack/templates/custom-domain.yaml \
因此,部署的 overcloud 节点将自动注册到 IdM。
-
这仅为内部端点设置 TLS。对于外部端点,您可以使用普通的方法为
/usr/share/openstack-tripleo-heat-templates/environments/ssl/enable-tls.yaml
环境文件(必须修改它来添加自定义证书和密钥)。因此,您的openstack deploy
命令与此类似:openstack overcloud deploy \ --templates \ -e /usr/share/openstack-tripleo-heat-templates/environments/ssl/enable-internal-tls.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/ssl/tls-everywhere-endpoints-dns.yaml \ -e /home/stack/templates/custom-domain.yaml \ -e /home/stack/templates/enable-tls.yaml
另外,您还可以使用 IdM 发布公共证书。在这种情况下,您需要使用
/usr/share/openstack-tripleo-heat-templates/environments/services/haproxy-public-tls-certmonger.yaml
环境文件。例如:openstack overcloud deploy \ --templates \ -e /usr/share/openstack-tripleo-heat-templates/environments/ssl/enable-internal-tls.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/ssl/tls-everywhere-endpoints-dns.yaml \ -e /home/stack/templates/custom-domain.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/services/haproxy-public-tls-certmonger.yaml