Permit specification of host in stunnel templates

While we can in principle do this already, there is a bug (1344284) in heat which breaks our ability to calculate an appropriate unified line from within heat. Instead, we can pass separate metadata to os-apply-config and avoid this bug (which has no straight forward fix). Change-Id: I820862982afee07d85f1f0ad02b08cd5b0f35e49 Related-Bug: #1344284
2014-07-19 19:38:07 +12:00 · 2014-07-19 19:38:07 +12:00 · 0a1d6dbaeb
commit 0a1d6dbaeb
parent c7d5246a75
2 changed files with 4 additions and 1 deletions
--- a/elements/openstack-ssl/README.md
+++ b/elements/openstack-ssl/README.md
@ -28,6 +28,7 @@ stunnel:
   - name: 'cinder'
     accept: 13776
     connect: 8776
+     connect_host: localhost

 The certificate and key data will be written to /etc/ssl/from-heat.{crt,key}.

@ -37,3 +38,5 @@ from this implementation.

 Note that the public API endpoints in keystone need to be registered with https
 urls, which is outside the scope of the local machine configuration process.
+
+See the stunnel man page for documentation on crt and key formats etc.
--- a/elements/openstack-ssl/os-apply-config/etc/stunnel/from-heat.conf
+++ b/elements/openstack-ssl/os-apply-config/etc/stunnel/from-heat.conf
@ -6,5 +6,5 @@ options = NO_SSLv2
 {{#stunnel.ports}}
 [{{name}}]
 accept = {{accept}}
-connect = {{connect}}
+connect = {{#connect_host}}{{.}}:{{/connect_host}}{{connect}}
 {{/stunnel.ports}}