Add parameters for setting up keystone keys/certs in undercloud

This will allow us distribute identical keys/certs to all control nodes in HA mode. CAKey was removed because it's not required by keystone. Change-Id: I187492d5fac448e57f8cd687f9cb751520df5921
2014-06-24 12:55:20 +02:00 · 2014-06-24 12:55:20 +02:00 · 8fc307cc22
parent b5b85036c4
commit 8fc307cc22
2 changed files with 16 additions and 8 deletions
--- a/overcloud-source.yaml
+++ b/overcloud-source.yaml
@ -248,17 +248,10 @@ Parameters:
    Default: ''
    Description: Keystone self-signed certificate authority certificate.
    Type: String
-    NoEcho: true
-  KeystoneCAKey:
-    Default: ''
-    Description: Keystone certificate authority key.
-    Type: String
-    NoEcho: true
  KeystoneSigningCertificate:
    Default: ''
    Description: Keystone certificate for verifying token validity.
    Type: String
-    NoEcho: true
  KeystoneSigningKey:
    Default: ''
    Description: Keystone key for signing tokens.
@ -440,7 +433,6 @@ Resources:
          db: mysql://keystone:unset@localhost/keystone
          host:
            get_input: controller_host
-          ca_key: {Ref: KeystoneCAKey}
          ca_certificate: {Ref: KeystoneCACertificate}
          signing_key: {Ref: KeystoneSigningKey}
          signing_certificate: {Ref: KeystoneSigningCertificate}
--- a/undercloud-source.yaml
+++ b/undercloud-source.yaml
@ -160,6 +160,19 @@ Parameters:
        lower level default.
    Type: Number
    Default: 0
+  KeystoneCACertificate:
+    Default: ''
+    Description: Keystone self-signed certificate authority certificate.
+    Type: String
+  KeystoneSigningCertificate:
+    Default: ''
+    Description: Keystone certificate for verifying token validity.
+    Type: String
+  KeystoneSigningKey:
+    Default: ''
+    Description: Keystone key for signing tokens.
+    Type: String
+    NoEcho: true
 Resources:
  RabbitCookie:
    Type: OS::Heat::RandomString
@ -229,6 +242,9 @@ Resources:
        keystone:
          db: mysql://keystone:unset@localhost/keystone
          host: 127.0.0.1
+          ca_certificate: {Ref: KeystoneCACertificate}
+          signing_key: {Ref: KeystoneSigningKey}
+          signing_certificate: {Ref: KeystoneSigningCertificate}
        mysql:
          innodb_buffer_pool_size: {Ref: MysqlInnodbBufferPoolSize}
        neutron: