8b17c4939d
At present connect_host is specified by each port, individually, as
the same value. Move connect_host to be a direct child of the stunnel
element so it is only specified once.
Although previously we could theoretically specify a different
connect_host for each service, in practice they were the same and
that never would have worked.
This change means Mustache like {{#stunnel.connect_host}} will work.
Change-Id: I25c4bb09cf28a3728e959d4dd583af26a602ad90
Partial-Bug: #1391926
55 lines
1.6 KiB
YAML
55 lines
1.6 KiB
YAML
description: 'ssl-source: SSL endpoint metadata for openstack'
|
|
parameters:
|
|
SSLCACertificate:
|
|
default: ''
|
|
description: If set, the contents of an SSL certificate authority file.
|
|
type: string
|
|
SSLCertificate:
|
|
default: ''
|
|
description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
|
|
type: string
|
|
hidden: true
|
|
SSLKey:
|
|
default: ''
|
|
description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
|
|
type: string
|
|
hidden: true
|
|
resources:
|
|
SSLConfig:
|
|
type: OS::Heat::StructuredConfig
|
|
properties:
|
|
group: os-apply-config
|
|
config:
|
|
ssl:
|
|
ca_certificate: {get_input: ssl_ca_certificate}
|
|
stunnel:
|
|
cert: {get_input: ssl_certificate}
|
|
key: {get_input: ssl_key}
|
|
cacert: {get_input: ssl_ca_certificate}
|
|
connect_host: {get_input: controller_host}
|
|
ports:
|
|
- name: 'ec2'
|
|
accept: 13773
|
|
connect: 8773
|
|
- name: 'image'
|
|
accept: 13292
|
|
connect: 9292
|
|
- name: 'identity'
|
|
accept: 13000
|
|
connect: 5000
|
|
- name: 'network'
|
|
accept: 13696
|
|
connect: 9696
|
|
- name: 'compute'
|
|
accept: 13774
|
|
connect: 8774
|
|
- name: 'swift-proxy'
|
|
accept: 13080
|
|
connect: 8080
|
|
- name: 'cinder'
|
|
accept: 13776
|
|
connect: 8776
|
|
- name: 'ceilometer'
|
|
accept: 13777
|
|
connect: 8777
|