Allow setting ca_certificate option for metadata api
This allows os-collect-config to pass a ca_certificate when making requests to an SSL metadata server. Change-Id: I06056c0d3a4f26f7483980305898e4e2b1e08c6e
This commit is contained in:
parent
2c52702d71
commit
71d9a26741
|
@ -21,6 +21,7 @@ Heat Metadata can be used to configure os-collect-config:
|
|||
access_key_id: abcdefghijklmnop091234
|
||||
secret_access_key: fffeeeeddddccccaaaa99999
|
||||
path: ThisResource.Metadata
|
||||
ca_certificate: /etc/ssl/ca.crt
|
||||
ec2:
|
||||
metadata_url: http://169.254.169.254/latest/meta-data
|
||||
heat_local:
|
||||
|
@ -30,7 +31,8 @@ Note that `metadata_url` is optional, as it should be determined by the
|
|||
file `heat_metadata_hint` refers to. This file is injected by Heat via
|
||||
cloud-init at first boot. Those two parameters are the only optional
|
||||
parameters. All of the others are required for the cfn data source
|
||||
to function.
|
||||
to function. Note that `ca_certificate` is also optional but required
|
||||
in many cases where the metadata api is behind ssl.
|
||||
|
||||
`ec2` and `heat_local` do not require any configuration to work.
|
||||
|
||||
|
@ -54,6 +56,7 @@ template:
|
|||
- SecretAccessKey
|
||||
stack_name:
|
||||
Ref: AWS::StackName
|
||||
ca_certificate: /etc/ssl/ca.crt
|
||||
|
||||
The EC2 collector takes this metadata, passes it to os-apply-config
|
||||
which in turn writes it out to /etc/os-collect-config.conf.
|
||||
|
|
|
@ -25,6 +25,9 @@ stack_name = {{stack_name}}
|
|||
secret_access_key = {{secret_access_key}}
|
||||
access_key_id = {{access_key_id}}
|
||||
path = {{path}}
|
||||
{{#ca_certificate}}
|
||||
ca_certificate = {{.}}
|
||||
{{/ca_certificate}}
|
||||
{{/cfn}}
|
||||
|
||||
{{#heat}}
|
||||
|
|
Loading…
Reference in New Issue