Ozznotes

This is a blog with random OpenShift, Kubernetes, OpenStack and Linux related notes so I don't forget things. If you find something inaccurate or that could be fixed, please file a bug report here.

View on GitHub

Back to home

18 September 2018

Testing TLS everywhere with tripleo-quickstart

by Juan Antonio Osorio Robles

I’ve gotten the request for help deploying TLS everywhere with TripleO several times. Even though there’s documentation, deploying from scratch can be quite daunting, specially if all you want to do is test it out, or merely integrate your service to it.

However, for development purposes, there is tripleo-quickstart, which makes deploying such a scenario way simpler.

Here’s the magical incantation to deploy TripleO with TLS everywhere enabled:

./quickstart.sh --no-clone --teardown all --clean -p quickstart-extras.yml \
    -N config/nodes/1ctlr_1comp_1supp.yml \
    -c config/general_config/ipa.yml \
    -R master-tripleo-ci \
    --tags all \
    $VIRTHOST

Note that this assumes that you’re in the tripleo-quickstart repository.

Assuming $VIRTHOST is the host where you’ll do the deployment, this will leave you with a very minimal deployment: An undercloud, one controller, one compute, and a supplemental node where we deploy FreeIPA.

Because we’re using the master-tripleo-ci, this setup also deploys the latest promoted images. If you want to use the latest “stable” master deployment, you can use master instead. If you want to deploy Queens, you’ll merely use queens instead. So, for reference, here’s how to deploy a Queens environment:

./quickstart.sh --no-clone --teardown all --clean -p quickstart-extras.yml \
    -N config/nodes/1ctlr_1comp_1supp.yml \
    -c config/general_config/ipa.yml \
    -R queens \
    --tags all \
    $VIRTHOST

Lets also note that --tags all deploys the “whole thing”; meaning, it’ll also do the overcloud deployment. If you remove this, the quickstart will leave you with a deployed undercloud, and you can do the overcloud deployment yourself.

tags: tripleo - openstack

Back to home