From 4f7e0f27e8e0f37f28f3da311c6f3c8866fb850f Mon Sep 17 00:00:00 2001 From: Andrew Lazarev Date: Fri, 6 Feb 2015 16:16:01 -0800 Subject: [PATCH] Configure sahara to work with other secured services Registering SSL parameters in sahara.conf for all openstack services. Change-Id: I63dd8a0f6e7b37cfd8140d2783af04505f29285f Closes-Bug: #1419195 --- lib/sahara | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/lib/sahara b/lib/sahara index 44c06d3c46..f2a506c81b 100644 --- a/lib/sahara +++ b/lib/sahara @@ -128,6 +128,10 @@ function configure_sahara { if is_service_enabled neutron; then iniset $SAHARA_CONF_FILE DEFAULT use_neutron true iniset $SAHARA_CONF_FILE DEFAULT use_floating_ips true + + if is_ssl_enabled_service "neutron" || is_service_enabled tls-proxy; then + iniset $SAHARA_CONF_FILE neutron ca_file $SSL_BUNDLE_FILE + fi else iniset $SAHARA_CONF_FILE DEFAULT use_neutron false iniset $SAHARA_CONF_FILE DEFAULT use_floating_ips false @@ -135,10 +139,30 @@ function configure_sahara { if is_service_enabled heat; then iniset $SAHARA_CONF_FILE DEFAULT infrastructure_engine heat + + if is_ssl_enabled_service "heat" || is_service_enabled tls-proxy; then + iniset $SAHARA_CONF_FILE heat ca_file $SSL_BUNDLE_FILE + fi else iniset $SAHARA_CONF_FILE DEFAULT infrastructure_engine direct fi + if is_ssl_enabled_service "cinder" || is_service_enabled tls-proxy; then + iniset $SAHARA_CONF_FILE cinder ca_file $SSL_BUNDLE_FILE + fi + + if is_ssl_enabled_service "nova" || is_service_enabled tls-proxy; then + iniset $SAHARA_CONF_FILE nova ca_file $SSL_BUNDLE_FILE + fi + + if is_ssl_enabled_service "swift" || is_service_enabled tls-proxy; then + iniset $SAHARA_CONF_FILE swift ca_file $SSL_BUNDLE_FILE + fi + + if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then + iniset $SAHARA_CONF_FILE keystone ca_file $SSL_BUNDLE_FILE + fi + iniset $SAHARA_CONF_FILE DEFAULT use_syslog $SYSLOG # Format logging