Add SSL configuration metadata for overclouds.

This passes SSL keys in via Heat which places a high cost on heat
compromises or the use of a non-SSL heat to do deploys. We'll want
to ensure that that is documented clearly.

Change-Id: I14d441460116fda91fbd1d2097c5598b57155a6d
This commit is contained in:
Robert Collins 2014-01-17 14:17:00 +13:00
parent 9e75c7e460
commit e5d4ce3c5f
2 changed files with 45 additions and 2 deletions

@ -10,8 +10,8 @@ overcloud_source_deps = nova-compute-instance.yaml
all: $(generated_templates)
overcloud.yaml: overcloud-source.yaml swift-source.yaml $(overcloud_source_deps)
python ./tripleo_heat_merge/merge.py overcloud-source.yaml swift-source.yaml > $@.tmp
overcloud.yaml: overcloud-source.yaml swift-source.yaml ssl-source.yaml $(overcloud_source_deps)
python ./tripleo_heat_merge/merge.py overcloud-source.yaml swift-source.yaml ssl-source.yaml > $@.tmp
mv $@.tmp $@
undercloud-vm.yaml: undercloud-source.yaml undercloud-vm-source.yaml

43
ssl-source.yaml Normal file

@ -0,0 +1,43 @@
Description: 'ssl-source: SSL endpoint metadata for openstack'
Parameters:
SSLCertificate:
Default: ''
Description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
Type: String
NoEcho: true
SSLKey:
Default: ''
Description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
Type: String
NoEcho: true
Resources:
notcomputeConfig:
Type: AWS::AutoScaling::LaunchConfiguration
Metadata:
stunnel:
cert:
Ref: SSLCertificate
key:
Ref: SSLKey
ports:
- name: 'ec2'
accept: 13773
connect: 8773
- name: 'image'
accept: 13292
connect: 9292
- name: 'identity'
accept: 13000
connect: 5000
- name: 'network'
accept: 13696
connect: 9696
- name: 'compute'
accept: 13774
connect: 8774
- name: 'swift-proxy'
accept: 13080
connect: 8080
- name: 'cinder'
accept: 13776
connect: 8776