Generate per-site SSL intermediate CA, fix cred/pki paths
Change-Id: I0bda0791d82142acac8c6af0e152d8d0954ef719
diff --git a/roles/juju-setup/templates/juju_config.yml.j2 b/roles/juju-setup/templates/juju_config.yml.j2
new file mode 100644
index 0000000..bf157ea
--- /dev/null
+++ b/roles/juju-setup/templates/juju_config.yml.j2
@@ -0,0 +1,60 @@
+---
+# juju configuration file for CORD deployments
+
+ceilometer:
+ openstack-origin: "cloud:trusty-kilo"
+
+ceilometer-agent: {}
+
+glance:
+ openstack-origin: "cloud:trusty-kilo"
+ ha-mcastport: 5402
+
+keystone:
+ openstack-origin: "cloud:trusty-kilo"
+ admin-password: "{{ keystone_admin_password }}"
+ os-public-hostname: "keystone.{{ site_suffix }}"
+ ha-mcastport: 5403
+ use-https: "yes"
+ ssl_key: {{ lookup('file', '{{ pki_dir }}/{{ site_name }}_im_ca/private/keystone.{{ site_suffix }}_key.pem') | b64encode }}
+ ssl_cert: {{ lookup('file', '{{ pki_dir }}/{{ site_name }}_im_ca/certs/keystone.{{ site_suffix }}_cert.pem') | b64encode }}
+ ssl_ca: {{ lookup('file', '{{ pki_dir }}//{{ site_name }}_im_ca/certs/im_cert_chain.pem') | b64encode }}
+
+mongodb: {}
+
+nagios: {}
+
+neutron-api:
+ openstack-origin: "cloud:trusty-kilo"
+ neutron-plugin: onosvtn
+ onos-vtn-ip: onos-cord
+ onos-vtn-port: 8182
+ neutron-security-groups: "True"
+ overlay-network-type: vxlan
+
+neutron-openvswitch: {}
+
+nova-cloud-controller:
+ openstack-origin: "cloud:trusty-kilo"
+ config-flags: "force_config_drive=always"
+ console-access-protocol: novnc
+ network-manager: Neutron
+
+nova-compute:
+ openstack-origin: "cloud:trusty-kilo"
+ virt-type: kvm
+ config-flags: "firewall_driver=nova.virt.firewall.NoopFirewallDriver"
+ disable-neutron-security-groups: "True"
+
+nrpe: {}
+
+ntp: {}
+
+openstack-dashboard:
+ openstack-origin: "cloud:trusty-kilo"
+
+percona-cluster:
+ max-connections: 20000
+
+rabbitmq-server:
+ ssl: "on"