Misc updates for SSL NGINX configuration

Updates based on SSL testing for NGINX secure server
configuration.

Enable xenial-pike testing as gnocchi 4.0.3 is now
in pike/edge.

Change-Id: Ifc371a07e5d6a09210db5ccc18e895d4c014512f
This commit is contained in:
James Page 2017-10-25 13:33:47 +01:00
parent ecaea903e7
commit eac3e026e7
2 changed files with 28 additions and 5 deletions

View File

@ -13,15 +13,13 @@ server {
{% if options.endpoints -%}
{% for address, endpoint, ext, int in options.endpoints -%}
server {
listen {{ ext }} {% if options.ssl -%}ssl{% endif -%};
listen {{ address }}:{{ ext }} ssl;
{% if options.ssl -%}
ssl on;
ssl_certificate /var/snap/gnocchi/common/etc/nginx/ssl/cert_{{ address }};
ssl_certificate_key /var/snap/gnocchi/common/etc/nginx/ssl/key_{{ address }};
ssl_certificate /var/snap/gnocchi/common/etc/nginx/ssl/cert_{{ endpoint }};
ssl_certificate_key /var/snap/gnocchi/common/etc/nginx/ssl/key_{{ endpoint }};
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM;
{% endif -%}
server_name {{ endpoint }};

View File

@ -0,0 +1,25 @@
#!/usr/bin/env python
#
# Copyright 2016 Canonical Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Amulet tests on a basic Gnocchi Charm deployment on xenial-pike."""
from basic_deployment import GnocchiCharmSnapDeployment
if __name__ == '__main__':
deployment = GnocchiCharmSnapDeployment(series='xenial',
openstack='cloud:xenial-pike',
snap_source='snap:pike/edge')
deployment.run_tests()