x/fuel-plugin-contrail
Code Issues Proposed changes

TLS for XMPP support

Browse Source 
XMPP communication can be encrypted using TLS. This change adds
support of TLS encryption to Contrail-Config, Contrail-DNS and
Contrail vRouter agent. It will use wildcard certificates.

[US839748]

Change-Id: Ia2427f5a63bba94e86e4317473c007f0160291ec
Signed-off-by: Illia Polliul <ipolliul@mirantis.com>
This commit is contained in:
Illia Polliul
2017-01-03 17:46:59 +02:00
parent d62de6ab77
commit a10e4d3e35
3 changed files with 94 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
deployment_scripts/puppet/modules/contrail/manifests/compute/vrouter.pp
View File

@@ -133,7 +133,47 @@ class contrail::compute::vrouter {
'VIRTUAL-HOST-INTERFACE/physical_interface': value => $contrail::phys_dev;
'SERVICE-INSTANCE/netns_command': value => '/usr/bin/opencontrail-vrouter-netns';
}
if $::contrail::tls_xmpp_enable {
file { '/etc/contrail/ssl/':
ensure => directory,
owner => 'contrail',
group => 'contrail',
tag => 'tls_xmpp',
}
file { '/etc/contrail/ssl/xmpp_wildcard.crt':
content => $contrail::tls_xmpp_wildcard_crt,
owner => 'contrail',
group => 'contrail',
tag => 'tls_xmpp',
}
file { '/etc/contrail/ssl/xmpp_wildcard.key':
content => $contrail::tls_xmpp_wildcard_key,
owner => 'contrail',
group => 'contrail',
tag => 'tls_xmpp',
}
file { '/etc/contrail/ssl/xmpp_ca.crt':
content => $contrail::tls_xmpp_ca_crt,
owner => 'contrail',
group => 'contrail',
tag => 'tls_xmpp',
}
contrail_vrouter_agent_config {
'DEFAULT/xmpp_auth_enable': value => true;
'DEFAULT/xmpp_dns_auth_enable': value => true;
'DEFAULT/xmpp_server_cert': value => '/etc/contrail/ssl/xmpp_wildcard.crt';
'DEFAULT/xmpp_server_key': value => '/etc/contrail/ssl/xmpp_wildcard.key';
'DEFAULT/xmpp_ca_cert': value => '/etc/contrail/ssl/xmpp_ca.crt';
}
Package[$install_packages] -> File<| tag == 'tls_xmpp' |> -> Contrail_vrouter_agent_config <||> ~> Service['supervisor-vrouter']
}
if $contrail::gateway {
contrail_vrouter_agent_config { 'VIRTUAL-HOST-INTERFACE/gateway': value => $contrail::gateway; }
}