openstack/heat
Code Issues Proposed changes

Ensure ca_file is set for core services

Browse Source 
When tls-proxy is enabled, devstack enables SSL for the core services
(Cinder, Glance, Keystone, Nova, Neutron and Swift). This change
ensures that the ca_file parameter is properly defined in clients_*
section for these options, so that requests to these services pick up
the CA certificate.

Change-Id: Ib6278d95d1ce31dc86aa8784a621227e17dc0fe7
This commit is contained in:
Takashi Kajinami 2022-01-19 18:08:52 +09:00
parent 25c007636f
commit 964e15d68f
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
devstack/lib/heat
View File

@ -195,6 +195,9 @@ function configure_heat {
iniset $HEAT_CONF clients_keystone ca_file $SSL_BUNDLE_FILE iniset $HEAT_CONF clients_keystone ca_file $SSL_BUNDLE_FILE
iniset $HEAT_CONF clients_nova ca_file $SSL_BUNDLE_FILE iniset $HEAT_CONF clients_nova ca_file $SSL_BUNDLE_FILE
iniset $HEAT_CONF clients_cinder ca_file $SSL_BUNDLE_FILE iniset $HEAT_CONF clients_cinder ca_file $SSL_BUNDLE_FILE
iniset $HEAT_CONF clients_neutron ca_file $SSL_BUNDLE_FILE
iniset $HEAT_CONF clients_glance ca_file $SSL_BUNDLE_FILE
iniset $HEAT_CONF clients_swift ca_file $SSL_BUNDLE_FILE
fi fi
if [[ "$HEAT_ENABLE_ADOPT_ABANDON" = "True" ]]; then if [[ "$HEAT_ENABLE_ADOPT_ABANDON" = "True" ]]; then