Permit specification of host in stunnel templates
While we can in principle do this already, there is a bug (1344284) in heat which breaks our ability to calculate an appropriate unified line from within heat. Instead, we can pass separate metadata to os-apply-config and avoid this bug (which has no straight forward fix). Change-Id: I820862982afee07d85f1f0ad02b08cd5b0f35e49 Related-Bug: #1344284
This commit is contained in:
parent
c7d5246a75
commit
0a1d6dbaeb
@ -28,6 +28,7 @@ stunnel:
|
|||||||
- name: 'cinder'
|
- name: 'cinder'
|
||||||
accept: 13776
|
accept: 13776
|
||||||
connect: 8776
|
connect: 8776
|
||||||
|
connect_host: localhost
|
||||||
|
|
||||||
The certificate and key data will be written to /etc/ssl/from-heat.{crt,key}.
|
The certificate and key data will be written to /etc/ssl/from-heat.{crt,key}.
|
||||||
|
|
||||||
@ -37,3 +38,5 @@ from this implementation.
|
|||||||
|
|
||||||
Note that the public API endpoints in keystone need to be registered with https
|
Note that the public API endpoints in keystone need to be registered with https
|
||||||
urls, which is outside the scope of the local machine configuration process.
|
urls, which is outside the scope of the local machine configuration process.
|
||||||
|
|
||||||
|
See the stunnel man page for documentation on crt and key formats etc.
|
||||||
|
@ -6,5 +6,5 @@ options = NO_SSLv2
|
|||||||
{{#stunnel.ports}}
|
{{#stunnel.ports}}
|
||||||
[{{name}}]
|
[{{name}}]
|
||||||
accept = {{accept}}
|
accept = {{accept}}
|
||||||
connect = {{connect}}
|
connect = {{#connect_host}}{{.}}:{{/connect_host}}{{connect}}
|
||||||
{{/stunnel.ports}}
|
{{/stunnel.ports}}
|
||||||
|
Loading…
Reference in New Issue
Block a user