x/fuel-plugin-contrail
Code Issues Proposed changes

Add option keystone_insecure to be parametized

Browse Source 
According to juniper recomendation, contrail services should always
use secure https connection.

Added parameter insecure=True\False, to require or dont require
certificate validation

[US838165]
[US835362]

Change-Id: I9d6f5a8c26a6987bfa2f36b63684076b71921f77
This commit is contained in:
Vlad Naboichenko
2016-12-21 14:37:43 -08:00
parent 8ed8b50ecf
commit 33499b9767
4 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
deployment_scripts/puppet/modules/contrail/manifests/analytics.pp
View File

@@ -143,7 +143,7 @@ class contrail::analytics {
'KEYSTONE/admin_user': value => $contrail::neutron_user;
'KEYSTONE/admin_password': value => $contrail::service_token;
'KEYSTONE/admin_tenant_name': value => $contrail::service_tenant;
'KEYSTONE/insecure': value => true;
'KEYSTONE/insecure': value => $contrail::keystone_insecure;
}
ini_setting { 'analytics-fdlimit':

2
deployment_scripts/puppet/modules/contrail/manifests/config.pp
View File

@@ -170,7 +170,7 @@ class contrail::config {
'KEYSTONE/admin_user': value => $contrail::neutron_user;
'KEYSTONE/admin_password': value => $contrail::service_token;
'KEYSTONE/admin_tenant_name': value => $contrail::service_tenant;
'KEYSTONE/insecure': value => true;
'KEYSTONE/insecure': value => $contrail::keystone_insecure;
'KEYSTONE/memcache_servers': value => '127.0.0.1:11211';
}

1
deployment_scripts/puppet/modules/contrail/manifests/init.pp
View File

@@ -110,6 +110,7 @@ class contrail {
$keystone_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
$keystone_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$mos_mgmt_vip])
$auth_url = "${keystone_protocol}://${keystone_address}:35357/v2.0"
$keystone_insecure = pick($settings['keystone_insecure'], true)
$neutron_ssl = get_ssl_property($ssl_hash, {}, 'neutron', 'admin', 'usage', false)
$neutron_protocol = get_ssl_property($ssl_hash, {}, 'neutron', 'admin', 'protocol', 'http')

1
deployment_scripts/puppet/modules/contrail/templates/vnc_api_lib.ini.erb
View File

@@ -14,3 +14,4 @@ AUTHN_PROTOCOL = <%= scope.lookupvar('contrail::keystone_protocol') %>
AUTHN_SERVER = <%= scope.lookupvar('contrail::keystone_address') %>
AUTHN_PORT = 35357
AUTHN_URL = /v2.0/tokens
insecure = <%= scope.lookupvar('contrail::keystone_insecure') %>