97b12afbad
This is a first implementation of adding TLS termination to the load balancer in the controllers. The implementation was made so that the appropriate certificate/private key in PEM format is copied to the appropriate controller(s) via a software deployment resource. And the path is then referenced on the HAProxy configuration, but this part was left commented out because we need to be able to configure the keystone endpoints in order for this to work properly. Change-Id: I0ba8e38d75a0c628d8132a66dc25a30fc5183c79
29 lines
945 B
YAML
29 lines
945 B
YAML
heat_template_version: 2015-04-30
|
|
|
|
description: >
|
|
This is a default no-op template. This defines the parameters that
|
|
need to be passed in order to have TLS enabled in the controller
|
|
nodes. This template can be replaced with a different
|
|
implementation via the resource registry, such that deployers
|
|
may customize their configuration.
|
|
|
|
parameters:
|
|
DeployedSSLCertificatePath:
|
|
default: ''
|
|
description: >
|
|
The filepath of the certificate as it will be stored in the controller.
|
|
type: string
|
|
NodeIndex: # Here for compatibility with tls-cert-inject.yaml
|
|
default: 0
|
|
type: number
|
|
server: # Here for compatibility with tls-cert-inject.yaml
|
|
description: ID of the controller node to apply this config to
|
|
type: string
|
|
|
|
outputs:
|
|
deploy_stdout:
|
|
description: Deployment reference, used to trigger puppet apply on changes
|
|
value: 'TLS not enabled.'
|
|
deployed_ssl_certificate_path:
|
|
value: ''
|