openstack/openstack-ansible
Code Issues Proposed changes

Merge "Change keystone admin/internal insecure flags"

Browse Source
This commit is contained in:
Jenkins
2016-04-26 20:24:35 +00:00
committed by Gerrit Code Review
parent 2fc728daa7 8387b680f7
commit 7b362cf749
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
doc/source/install-guide/configure-keystone.rst
View File

@@ -21,6 +21,11 @@ provide their own certificates by using the following Ansible variables in
keystone_user_ssl_key: # Path to private key keystone_user_ssl_key: # Path to private key
keystone_user_ssl_ca_cert: # Path to CA certificate keystone_user_ssl_ca_cert: # Path to CA certificate
.. note:: If the deployer is providing certificate, key, and ca file for a
CA without chain of trust (or an invalid/self-generated ca), the variables
`keystone_service_internaluri_insecure` and
`keystone_service_adminuri_insecure` should be set to True.
Refer to `Securing services with SSL certificates`_ for more information on Refer to `Securing services with SSL certificates`_ for more information on
these configuration options and how deployers can provide their own these configuration options and how deployers can provide their own
certificates and keys to use with Keystone. certificates and keys to use with Keystone.

4
playbooks/inventory/group_vars/hosts.yml
View File

@@ -199,8 +199,8 @@ keystone_service_region: "{{ service_region }}"
keystone_rabbitmq_userid: keystone keystone_rabbitmq_userid: keystone
keystone_rabbitmq_vhost: /keystone keystone_rabbitmq_vhost: /keystone
keystone_service_internaluri_insecure: "{% if keystone_service_internaluri_proto == 'https' and (keystone_ssl_cert is not defined or haproxy_ssl_cert is not defined) | bool %}true{% else %}false{% endif %}" keystone_service_internaluri_insecure: "{% if keystone_service_internaluri_proto == 'https' and (keystone_user_ssl_cert is not defined or haproxy_user_ssl_cert is not defined) | bool %}true{% else %}false{% endif %}"
keystone_service_adminuri_insecure: "{% if keystone_service_adminuri_proto == 'https' and (keystone_ssl_cert is not defined or haproxy_ssl_cert is not defined) | bool %}true{% else %}false{% endif %}" keystone_service_adminuri_insecure: "{% if keystone_service_adminuri_proto == 'https' and (keystone_user_ssl_cert is not defined or haproxy_user_ssl_cert is not defined) | bool %}true{% else %}false{% endif %}"
keystone_service_publicuri: "{{ keystone_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ keystone_service_port }}" keystone_service_publicuri: "{{ keystone_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ keystone_service_port }}"
keystone_service_internaluri: "{{ keystone_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}" keystone_service_internaluri: "{{ keystone_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"