Add TLS support for placement api
Change-Id: I30d5c8e3e226cddaa795ea864f12b4dbb5e3ab90
This commit is contained in:
parent
6271ff2f1a
commit
f8e2969f59
|
@ -1,5 +1,10 @@
|
|||
{% if placement.tls.enabled %}
|
||||
Listen 127.0.0.1:{{ placement.port.cont }}
|
||||
<VirtualHost 127.0.0.1:{{ placement.port.cont }}>
|
||||
{% else %}
|
||||
Listen {{ placement.port.cont }}
|
||||
<VirtualHost *:{{ placement.port.cont }}>
|
||||
{% endif %}
|
||||
WSGIDaemonProcess placement-api processes={{ placement.wsgi.processes }} threads={{ placement.wsgi.threads }} user=nova display-name=%{GROUP} python-path=/var/lib/microservices/venv/lib/python2.7/site-packages
|
||||
WSGIProcessGroup placement-api
|
||||
WSGIScriptAlias / /var/lib/microservices/venv/bin/nova-placement-api
|
||||
|
|
|
@ -219,6 +219,8 @@ configs:
|
|||
port:
|
||||
cont: 8780
|
||||
ingress: placement
|
||||
tls:
|
||||
enabled: true
|
||||
wsgi:
|
||||
processes: 4
|
||||
threads: 4
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
server {
|
||||
listen {{ network_topology["private"]["address"] }}:{{ placement.port.cont }} ssl;
|
||||
include common/ssl.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://nova_placement_api;
|
||||
include common/proxy-headers.conf;
|
||||
}
|
||||
}
|
|
@ -208,6 +208,9 @@ username = {{ placement.account.username }}
|
|||
password = {{ placement.account.password }}
|
||||
memcached_servers = {{ address("memcached", memcached.port) }}
|
||||
os_region_name = RegionOne
|
||||
{% if keystone.tls.enabled %}
|
||||
cafile = /opt/ccp/etc/tls/ca.pem
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{# messaging macros templates #}
|
||||
|
|
|
@ -9,3 +9,7 @@ upstream nova_api {
|
|||
upstream nova_metadata {
|
||||
server 127.0.0.1:{{ nova.metadata.port.cont }};
|
||||
}
|
||||
|
||||
upstream nova_placement_api {
|
||||
server 127.0.0.1:{{ placement.port.cont }};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
server {
|
||||
listen {{ network_topology["private"]["address"] }}:{{ placement.port.cont }} ssl;
|
||||
include common/ssl.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://nova_placement_api;
|
||||
include common/proxy-headers.conf;
|
||||
}
|
||||
}
|
|
@ -47,6 +47,21 @@ service:
|
|||
files:
|
||||
- nova.conf
|
||||
- apache-placement-api.conf
|
||||
# {% if keystone.tls.enabled %}
|
||||
- ca-cert
|
||||
# {% endif %}
|
||||
|
||||
# {% if placement.tls.enabled %}
|
||||
- name: nginx-placement-api
|
||||
image: nginx
|
||||
daemon:
|
||||
files:
|
||||
- upstreams
|
||||
- servers
|
||||
- server-cert
|
||||
- server-key
|
||||
command: nginx
|
||||
# {% endif %}
|
||||
|
||||
files:
|
||||
nova.conf:
|
||||
|
@ -57,3 +72,27 @@ files:
|
|||
path: /etc/apache2/conf-enabled/nova-placement-api.conf
|
||||
content: apache-placement-api.conf.j2
|
||||
perm: "0600"
|
||||
# {% if placement.tls.enabled %}
|
||||
servers:
|
||||
path: /etc/nginx/conf.d/servers.conf
|
||||
content: nginx-placement-api.conf.j2
|
||||
perm: "0400"
|
||||
upstreams:
|
||||
path: /etc/nginx/conf.d/upstreams.conf
|
||||
content: upstreams.conf.j2
|
||||
perm: "0400"
|
||||
server-cert:
|
||||
path: /opt/ccp/etc/tls/server-cert.pem
|
||||
content: server-cert.pem.j2
|
||||
perm: "0400"
|
||||
server-key:
|
||||
path: /opt/ccp/etc/tls/server-key.pem
|
||||
content: server-key.pem.j2
|
||||
perm: "0400"
|
||||
# {% endif %}
|
||||
# {% if keystone.tls.enabled %}
|
||||
ca-cert:
|
||||
path: /opt/ccp/etc/tls/ca.pem
|
||||
content: ca-cert.pem.j2
|
||||
perm: "0400"
|
||||
# {% endif %}
|
||||
|
|
Loading…
Reference in New Issue