openstack/tripleo-heat-templates
Code Issues Proposed changes

Merge "SSL support for haproxy -> novnc proxy connection"

Browse Source
This commit is contained in:
Zuul
2018-08-21 11:17:59 +00:00
committed by Gerrit Code Review
parent 84f395f034 8d163a21f5
commit a53eb67bf8
3 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
puppet/services/nova-vnc-proxy.yaml
View File

@@ -140,6 +140,9 @@ outputs:
nova::vncproxy::vencrypt_key: /etc/pki/libvirt-vnc/client-key.pem
nova::vncproxy::vencrypt_cert: /etc/pki/libvirt-vnc/client-cert.pem
nova::vncproxy::vencrypt_ca: /etc/pki/libvirt-vnc/ca-cert.pem
nova::ssl_only: true
nova::cert: /etc/pki/tls/certs/novnc_proxy.crt
nova::key: /etc/pki/tls/private/novnc_proxy.key
generate_service_certificates: true
tripleo::certmonger::ca::libvirt_vnc::origin_ca_pem:
if:
@@ -167,6 +170,19 @@ outputs:
template: "libvirt-vnc/%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
novnc_proxy_certificates_specs:
service_certificate: '/etc/pki/tls/certs/novnc_proxy.crt'
service_key: '/etc/pki/tls/private/novnc_proxy.key'
hostname:
str_replace:
template: "%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
principal:
str_replace:
template: "novnc-proxy/%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
- {}
service_config_settings:
fluentd:
@@ -187,4 +203,7 @@ outputs:
- service: libvirt-vnc
network: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
type: node
- service: novnc-proxy
network: {get_param: [ServiceNetMap, NovaApiNetwork]}
type: node
- null