SSL support for Sahara
Change-Id: Idd6711b1d31821d17256aaa096149aefe4a9668a
This commit is contained in:
parent
b2595c1763
commit
e67e122377
|
@ -1,5 +1,7 @@
|
|||
configs:
|
||||
sahara:
|
||||
tls:
|
||||
enabled: true
|
||||
debug: false
|
||||
enable_wait_condition: false
|
||||
port:
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
server {
|
||||
listen {{ network_topology["private"]["address"] }}:{{ sahara.port.cont }} ssl;
|
||||
include common/ssl.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://sahara_api;
|
||||
include common/proxy-headers.conf;
|
||||
}
|
||||
}
|
|
@ -7,9 +7,49 @@ use_stderr = true
|
|||
use_neutron = true
|
||||
plugins = {{ sahara.plugins | join(',') }}
|
||||
|
||||
{% if sahara.tls.enabled %}
|
||||
host = 127.0.0.1
|
||||
{% else %}
|
||||
host = {{ network_topology["private"]["address"] }}
|
||||
{% endif %}
|
||||
port = {{ sahara.port.cont }}
|
||||
|
||||
{% if sahara.tls.enabled %}
|
||||
#[oslo_middleware]
|
||||
#enable_proxy_headers_parsing = true
|
||||
#
|
||||
{% endif %}
|
||||
|
||||
{% if keystone.tls.enabled %}
|
||||
[keystone]
|
||||
ca_file = /opt/ccp/etc/tls/ca.pem
|
||||
{% endif %}
|
||||
|
||||
{% if cinder.tls.enabled %}
|
||||
[cinder]
|
||||
ca_file = /opt/ccp/etc/tls/ca.pem
|
||||
{% endif %}
|
||||
|
||||
{% if heat.tls.enabled %}
|
||||
[heat]
|
||||
ca_file = /opt/ccp/etc/tls/ca.pem
|
||||
{% endif %}
|
||||
|
||||
{% if glance.tls.enabled %}
|
||||
[glance]
|
||||
ca_file = /opt/ccp/etc/tls/ca.pem
|
||||
{% endif %}
|
||||
|
||||
{% if nova.tls.enabled %}
|
||||
[nova]
|
||||
ca_file = /opt/ccp/etc/tls/ca.pem
|
||||
{% endif %}
|
||||
|
||||
{% if neutron.tls.enabled %}
|
||||
[neutron]
|
||||
ca_file = /opt/ccp/etc/tls/ca.pem
|
||||
{% endif %}
|
||||
|
||||
periodic_coordinator_backend_url = memcached://{{ address("memcached", memcached.port) }}
|
||||
|
||||
heat_enable_wait_condition = {{ sahara.enable_wait_condition }}
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
{{ security.tls.server_cert }}
|
|
@ -0,0 +1 @@
|
|||
{{ security.tls.server_key }}
|
|
@ -0,0 +1,3 @@
|
|||
upstream sahara_api {
|
||||
server 127.0.0.1:{{ sahara.port.cont }};
|
||||
}
|
|
@ -61,8 +61,37 @@ service:
|
|||
dependencies:
|
||||
- rpc
|
||||
command: sahara-api --config-file /etc/sahara/sahara.conf
|
||||
# {% if sahara.tls.enabled %}
|
||||
- name: nginx-heat-api
|
||||
image: nginx
|
||||
daemon:
|
||||
files:
|
||||
- upstreams
|
||||
- servers
|
||||
- server-cert
|
||||
- server-key
|
||||
command: nginx
|
||||
# {% endif %}
|
||||
|
||||
files:
|
||||
sahara-conf:
|
||||
path: /etc/sahara/sahara.conf
|
||||
content: sahara.conf.j2
|
||||
# {% if sahara.tls.enabled %}
|
||||
servers:
|
||||
path: /etc/nginx/conf.d/servers.conf
|
||||
content: nginx-sahara-api.conf.j2
|
||||
perm: "0400"
|
||||
upstreams:
|
||||
path: /etc/nginx/conf.d/upstreams.conf
|
||||
content: upstreams.conf.j2
|
||||
perm: "0400"
|
||||
server-cert:
|
||||
path: /opt/ccp/etc/tls/server-cert.pem
|
||||
content: server-cert.pem.j2
|
||||
perm: "0400"
|
||||
server-key:
|
||||
path: /opt/ccp/etc/tls/server-key.pem
|
||||
content: server-key.pem.j2
|
||||
perm: "0400"
|
||||
# {% endif %}
|
||||
|
|
Loading…
Reference in New Issue