Enable TLS for nova api and placement containers
With these two services running over httpd in the containers, we can now enable TLS for them. bp tls-via-certmonger-containers Change-Id: Ib8fc37a391e3b32feef0ac6492492c0088866d21
This commit is contained in:
Juan Antonio Osorio Robles
parent
f24d5d4c02
commit
9d630f8179
@ -36,6 +36,13 @@ parameters:
|
|||||||
default: {}
|
default: {}
|
||||||
description: Parameters specific to the role
|
description: Parameters specific to the role
|
||||||
type: json
|
type: json
|
||||||
|
EnableInternalTLS:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
|
||||||
|
conditions:
|
||||||
|
|
||||||
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
@ -170,6 +177,16 @@ outputs:
|
|||||||
- /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
|
- /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
|
||||||
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
|
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
|
||||||
- /var/log/containers/nova:/var/log/nova
|
- /var/log/containers/nova:/var/log/nova
|
||||||
|
-
|
||||||
|
if:
|
||||||
|
- internal_tls_enabled
|
||||||
|
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
||||||
|
- ''
|
||||||
|
-
|
||||||
|
if:
|
||||||
|
- internal_tls_enabled
|
||||||
|
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
||||||
|
- ''
|
||||||
environment:
|
environment:
|
||||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||||
nova_api_cron:
|
nova_api_cron:
|
||||||
|
|||||||
@ -36,6 +36,13 @@ parameters:
|
|||||||
default: {}
|
default: {}
|
||||||
description: Parameters specific to the role
|
description: Parameters specific to the role
|
||||||
type: json
|
type: json
|
||||||
|
EnableInternalTLS:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
|
||||||
|
conditions:
|
||||||
|
|
||||||
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
@ -104,6 +111,16 @@ outputs:
|
|||||||
- /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
|
- /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
|
||||||
- /var/lib/config-data/puppet-generated/nova_placement/:/var/lib/kolla/config_files/src:ro
|
- /var/lib/config-data/puppet-generated/nova_placement/:/var/lib/kolla/config_files/src:ro
|
||||||
- /var/log/containers/nova:/var/log/nova
|
- /var/log/containers/nova:/var/log/nova
|
||||||
|
-
|
||||||
|
if:
|
||||||
|
- internal_tls_enabled
|
||||||
|
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
||||||
|
- ''
|
||||||
|
-
|
||||||
|
if:
|
||||||
|
- internal_tls_enabled
|
||||||
|
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
||||||
|
- ''
|
||||||
environment:
|
environment:
|
||||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user