Allow setting ca_certificate option for metadata api
This allows os-collect-config to pass a ca_certificate when making requests to an SSL metadata server. Change-Id: I06056c0d3a4f26f7483980305898e4e2b1e08c6e
This commit is contained in:
parent
2c52702d71
commit
71d9a26741
|
@ -21,6 +21,7 @@ Heat Metadata can be used to configure os-collect-config:
|
||||||
access_key_id: abcdefghijklmnop091234
|
access_key_id: abcdefghijklmnop091234
|
||||||
secret_access_key: fffeeeeddddccccaaaa99999
|
secret_access_key: fffeeeeddddccccaaaa99999
|
||||||
path: ThisResource.Metadata
|
path: ThisResource.Metadata
|
||||||
|
ca_certificate: /etc/ssl/ca.crt
|
||||||
ec2:
|
ec2:
|
||||||
metadata_url: http://169.254.169.254/latest/meta-data
|
metadata_url: http://169.254.169.254/latest/meta-data
|
||||||
heat_local:
|
heat_local:
|
||||||
|
@ -30,7 +31,8 @@ Note that `metadata_url` is optional, as it should be determined by the
|
||||||
file `heat_metadata_hint` refers to. This file is injected by Heat via
|
file `heat_metadata_hint` refers to. This file is injected by Heat via
|
||||||
cloud-init at first boot. Those two parameters are the only optional
|
cloud-init at first boot. Those two parameters are the only optional
|
||||||
parameters. All of the others are required for the cfn data source
|
parameters. All of the others are required for the cfn data source
|
||||||
to function.
|
to function. Note that `ca_certificate` is also optional but required
|
||||||
|
in many cases where the metadata api is behind ssl.
|
||||||
|
|
||||||
`ec2` and `heat_local` do not require any configuration to work.
|
`ec2` and `heat_local` do not require any configuration to work.
|
||||||
|
|
||||||
|
@ -54,6 +56,7 @@ template:
|
||||||
- SecretAccessKey
|
- SecretAccessKey
|
||||||
stack_name:
|
stack_name:
|
||||||
Ref: AWS::StackName
|
Ref: AWS::StackName
|
||||||
|
ca_certificate: /etc/ssl/ca.crt
|
||||||
|
|
||||||
The EC2 collector takes this metadata, passes it to os-apply-config
|
The EC2 collector takes this metadata, passes it to os-apply-config
|
||||||
which in turn writes it out to /etc/os-collect-config.conf.
|
which in turn writes it out to /etc/os-collect-config.conf.
|
||||||
|
|
|
@ -25,6 +25,9 @@ stack_name = {{stack_name}}
|
||||||
secret_access_key = {{secret_access_key}}
|
secret_access_key = {{secret_access_key}}
|
||||||
access_key_id = {{access_key_id}}
|
access_key_id = {{access_key_id}}
|
||||||
path = {{path}}
|
path = {{path}}
|
||||||
|
{{#ca_certificate}}
|
||||||
|
ca_certificate = {{.}}
|
||||||
|
{{/ca_certificate}}
|
||||||
{{/cfn}}
|
{{/cfn}}
|
||||||
|
|
||||||
{{#heat}}
|
{{#heat}}
|
||||||
|
|
Loading…
Reference in New Issue