[Devstack]Add ability to enable shellinabox SSL certificate

Change-Id: Ib6781fb7241fba7bd52bf6c47fd1851d569ebf8a Closes-Bug: #1552045
2016-03-08 10:53:14 +08:00 · 2016-03-08 10:53:14 +08:00 · 843ce0a161
commit 843ce0a161
parent 0ad5b13b5a
1 changed files with 19 additions and 0 deletions
--- a/devstack/lib/ironic
+++ b/devstack/lib/ironic
@ -157,6 +157,10 @@ IRONIC_LIBVIRT_HOOKS_PATH=${IRONIC_LIBVIRT_HOOKS_PATH:-/etc/libvirt/hooks/}
 # keystone and noauth.
 IRONIC_AUTH_STRATEGY=${IRONIC_AUTH_STRATEGY:-keystone}
 # By default, terminal SSL certificate is disabled.
 IRONIC_TERMINAL_SSL=${IRONIC_TERMINAL_SSL:-False}
 IRONIC_TERMINAL_CERT_DIR=${IRONIC_TERMINAL_CERT_DIR:-$IRONIC_DATA_DIR/terminal_cert/}
 # get_pxe_boot_file() - Get the PXE/iPXE boot file path
 function get_pxe_boot_file {
    local relpath=syslinux/pxelinux.0
@ -384,6 +388,21 @@ function configure_ironic_conductor {
    iniset $IRONIC_CONF_FILE pxe tftp_server $IRONIC_TFTPSERVER_IP
    iniset $IRONIC_CONF_FILE pxe tftp_root $IRONIC_TFTPBOOT_DIR
    iniset $IRONIC_CONF_FILE pxe tftp_master_path $IRONIC_TFTPBOOT_DIR/master_images
    if [[ "$IRONIC_TERMINAL_SSL" == "True" ]]; then
        # Make sure the cert directory exist
        sudo mkdir -p $IRONIC_TERMINAL_CERT_DIR
        sudo chown $STACK_USER $IRONIC_TERMINAL_CERT_DIR
        iniset $IRONIC_CONF_FILE console terminal_cert_dir $IRONIC_TERMINAL_CERT_DIR
        # Generate the SSL certificate
        openssl req \
            -x509 \
            -days 3650 \
            -newkey rsa:1024 \
            -nodes \
            -keyout $IRONIC_TERMINAL_CERT_DIR/certificate.pem.key \
            -out $IRONIC_TERMINAL_CERT_DIR/certificate.pem \
            -subj '/O=OpenStack/OU=DevStack Servers'
    fi
    local pxe_params="nofb nomodeset vga=normal console=ttyS0"
    if is_deployed_with_ipa_ramdisk; then