openstack/tripleo-image-elements
Code Issues Proposed changes
00b986959c
tripleo-image-elements/elements/stunnel
History
shartapa cab65aebda Restart stunnel earlier in configure.d 
stunnel should be started as part of configure.d.
Delaying the restart in the post-configure.d causes
MySQL connection errors for keystone db_sync.  This is
required for MySQL connection over SSL to work successfully.

Change-Id: I2eb4af2f2dd8b302979384dbe17b63b3397d33bf
2014-11-18 11:54:12 +00:00
..
files/usr/lib/systemd/system Extract stunnel from openstack-ssl 2014-09-17 08:56:34 +01:00
install.d Extract stunnel from openstack-ssl 2014-09-17 08:56:34 +01:00
os-refresh-config/configure.d Restart stunnel earlier in configure.d 2014-11-18 11:54:12 +00:00
README.md Extract stunnel from openstack-ssl 2014-09-17 08:56:34 +01:00

README.md

Install stunnel4

Configuration

None, this is a low-level element. Elements which intend using stunnel4 should depend on this and provide their own configuration files. By default any file matching /etc/stunnel4/*.conf will be picked up by stunnel.

See the stunnel man page for documentation on configuration etc.

As an example, an element which wanted stunnel to bind to port 443 externally, and forward traffic to port 80 internally would use a config like:

cert = /etc/ssl/certs/overcloud-servercert.pem
key = /etc/ssl/private/overcloud-serverkey.key

options = NO_SSLv2

# Clients must have valid certs, according to our CA cert
verify = 2

[rmq-server]
  accept = {{local-ipv4}}:443
  connect = 127.0.0.1:80