docker/internal TLS: spawn extra container for glance API's TLS proxy
This spawns an extra container that runs httpd to run the TLS proxy that will go in front of glance-api. bp tls-via-certmonger-containers Change-Id: If902ac732479832b9aa3e4a8d063b5be68a42a9b
This commit is contained in:
parent
3b53db413a
commit
71efc9fcec
@ -26,6 +26,13 @@ parameters:
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
conditions:
|
||||
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
resources:
|
||||
|
||||
@ -63,6 +70,8 @@ outputs:
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/glance-api.json:
|
||||
command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf
|
||||
/var/lib/kolla/config_files/glance_api_tls_proxy.json:
|
||||
command: /usr/sbin/httpd -DFOREGROUND
|
||||
docker_config:
|
||||
# Kolla_bootstrap/db_sync runs before permissions set by kolla_config
|
||||
step_3:
|
||||
@ -91,15 +100,35 @@ outputs:
|
||||
- KOLLA_BOOTSTRAP=True
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
step_4:
|
||||
glance_api:
|
||||
start_order: 2
|
||||
image: *glance_image
|
||||
net: host
|
||||
privileged: false
|
||||
restart: always
|
||||
volumes: *glance_volumes
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
map_merge:
|
||||
- glance_api:
|
||||
start_order: 2
|
||||
image: *glance_image
|
||||
net: host
|
||||
privileged: false
|
||||
restart: always
|
||||
volumes: *glance_volumes
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- glance_api_tls_proxy:
|
||||
start_order: 2
|
||||
image: *glance_image
|
||||
net: host
|
||||
user: root
|
||||
restart: always
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/glance_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/glance_api/etc/httpd/:/etc/httpd/:ro
|
||||
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
||||
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
- {}
|
||||
host_prep_tasks:
|
||||
- name: create persistent logs directory
|
||||
file:
|
||||
|
@ -12,6 +12,7 @@ resource_registry:
|
||||
OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml
|
||||
OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml
|
||||
OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml
|
||||
OS::TripleO::Services::GlanceApi: ../docker/services/glance-api.yaml
|
||||
OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml
|
||||
OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml
|
||||
OS::TripleO::Services::GnocchiStatsd: ../docker/services/gnocchi-statsd.yaml
|
||||
@ -21,8 +22,8 @@ resource_registry:
|
||||
OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
|
||||
OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml
|
||||
OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
|
||||
OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml
|
||||
OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml
|
||||
OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml
|
||||
|
||||
OS::TripleO::PostDeploySteps: ../docker/post.yaml
|
||||
OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml
|
||||
|
Loading…
x
Reference in New Issue
Block a user