3daded6242
TLS can be used to encrypt and authenticate the connection with OpenStack endpoints. This patch provides the necessary parameters and changes the resulting service configurations to enable TLS for the Kolla deployed OpenStack cloud. The new input parameters are: kolla_enable_tls_external: "yes" or "no" (default is "no") kolla_external_fqdn_cert: "/etc/kolla/certificates/haproxy.pem" kolla_external_fqdn_cacert: "/etc/kolla/certificates/haproxy-ca.crt" Implements: blueprint kolla-ssl Change-Id: I48ef8a781c3035d58817f9bf6f36d59a488bab41
44 lines
1.1 KiB
YAML
44 lines
1.1 KiB
YAML
---
|
|
- name: Allowing non-local IP binding
|
|
sysctl: name="net.ipv4.ip_nonlocal_bind" value=1 sysctl_set=yes
|
|
when: set_sysctl | bool
|
|
|
|
- name: Ensuring config directories exist
|
|
file:
|
|
path: "{{ node_config_directory }}/{{ item }}"
|
|
state: "directory"
|
|
recurse: yes
|
|
with_items:
|
|
- "keepalived"
|
|
- "haproxy"
|
|
|
|
- name: Copying over config.json files for services
|
|
template:
|
|
src: "{{ item }}.json.j2"
|
|
dest: "{{ node_config_directory }}/{{ item }}/config.json"
|
|
with_items:
|
|
- "keepalived"
|
|
- "haproxy"
|
|
|
|
- name: Copying over haproxy.cfg
|
|
template:
|
|
src: "{{ item }}.cfg.j2"
|
|
dest: "{{ node_config_directory }}/{{ item }}/{{ item }}.cfg"
|
|
with_items:
|
|
- "haproxy"
|
|
|
|
- name: Copying over keepalived.conf
|
|
template:
|
|
src: "{{ item }}.conf.j2"
|
|
dest: "{{ node_config_directory }}/{{ item }}/{{ item }}.conf"
|
|
with_items:
|
|
- "keepalived"
|
|
|
|
- name: Copying over haproxy.pem
|
|
when: kolla_enable_tls_external | bool
|
|
copy:
|
|
src: "{{ kolla_external_fqdn_cert }}"
|
|
dest: "{{ node_config_directory }}/haproxy/{{ item }}"
|
|
with_items:
|
|
- "haproxy.pem"
|