Use barbican for certificates storage
Octavia can do SSL termination only in case when barbican is available.
We should be able to add required configuration section only when barbican
is also present in inventory
Change-Id: Ie319fd02cdd60f8a8ac65f0508e9075f40839ae9
(cherry picked from commit 78d204afb8
)
This commit is contained in:
parent
1a5e9d67f9
commit
3d0ca7da88
|
@ -58,6 +58,9 @@ octavia_clients_endpoint: internalURL
|
|||
|
||||
octavia_auth_strategy: keystone
|
||||
|
||||
## Barbican certificates
|
||||
octavia_barbican_enabled: false
|
||||
|
||||
## Cinder Volume
|
||||
octavia_cinder_enabled: False
|
||||
|
||||
|
|
|
@ -66,14 +66,15 @@ memcache_security_strategy = ENCRYPT
|
|||
memcache_secret_key = {{ memcached_encryption_key }}
|
||||
|
||||
[certificates]
|
||||
# cert_generator = local_cert_generator
|
||||
|
||||
# For local certificate signing (development only):
|
||||
ca_certificate = /etc/octavia/certs/ca.pem
|
||||
ca_private_key = /etc/octavia/certs/ca_key.pem
|
||||
ca_private_key_passphrase = {{ octavia_ca_private_key_passphrase }}
|
||||
signing_digest = {{ octavia_signing_digest }}
|
||||
{% if octavia_barbican_enabled %}
|
||||
cert_manager = barbican_cert_manager
|
||||
endpoint_type = {{ octavia_clients_endpoint }}
|
||||
region_name = {{ keystone_service_region }}
|
||||
{% endif %}
|
||||
|
||||
[haproxy_amphora]
|
||||
{% if octavia_haproxy_amphora_template is defined %}
|
||||
|
|
Loading…
Reference in New Issue