Testing TLS everywhere with tripleo-quickstart
by Juan Antonio Osorio Robles
I’ve gotten the request for help deploying TLS everywhere with TripleO several times. Even though there’s documentation, deploying from scratch can be quite daunting, specially if all you want to do is test it out, or merely integrate your service to it.
However, for development purposes, there is tripleo-quickstart, which makes deploying such a scenario way simpler.
Here’s the magical incantation to deploy TripleO with TLS everywhere enabled:
./quickstart.sh --no-clone --teardown all --clean -p quickstart-extras.yml \
-N config/nodes/1ctlr_1comp_1supp.yml \
-c config/general_config/ipa.yml \
-R master-tripleo-ci \
--tags all \
$VIRTHOSTNote that this assumes that you’re in the tripleo-quickstart repository.
Assuming $VIRTHOST is the host where you’ll do the deployment, this will
leave you with a very minimal deployment: An undercloud, one controller, one
compute, and a supplemental node where we deploy FreeIPA.
Because we’re using the master-tripleo-ci, this setup also deploys the
latest promoted images. If you want to use the latest “stable” master
deployment, you can use master instead. If you want to deploy Queens,
you’ll merely use queens instead. So, for reference, here’s how to deploy a
Queens environment:
./quickstart.sh --no-clone --teardown all --clean -p quickstart-extras.yml \
-N config/nodes/1ctlr_1comp_1supp.yml \
-c config/general_config/ipa.yml \
-R queens \
--tags all \
$VIRTHOSTLets also note that --tags all deploys the “whole thing”; meaning, it’ll
also do the overcloud deployment. If you remove this, the quickstart will leave
you with a deployed undercloud, and you can do the overcloud deployment
yourself.
tags: tripleo - openstack