From 5cd1495665d5ff02311de33b57ba468cab86e4e1 Mon Sep 17 00:00:00 2001 From: Shih-Hao Li Date: Tue, 14 Mar 2017 14:51:10 -0700 Subject: [PATCH] NSXv3: Add support for secure metadata-proxy access This will allow the edge-cluster running metadata-proxy to talk to Nova API via https. Change-Id: Ibb1fe8fbd976aef4539673da132c38a12c12beb4 --- devstack/lib/vmware_nsx_v3 | 9 +++++++++ devstack/nsx_v3/controller_local.conf.sample | 3 +++ 2 files changed, 12 insertions(+) diff --git a/devstack/lib/vmware_nsx_v3 b/devstack/lib/vmware_nsx_v3 index 2bf62efed6..a14eb3d59a 100644 --- a/devstack/lib/vmware_nsx_v3 +++ b/devstack/lib/vmware_nsx_v3 @@ -94,6 +94,15 @@ function neutron_plugin_create_nova_conf { iniset $NOVA_CONF neutron service_metadata_proxy True if [[ "$NATIVE_DHCP_METADATA" == "True" ]]; then iniset $NOVA_CONF neutron metadata_proxy_shared_secret $METADATA_PROXY_SHARED_SECRET + if [[ "$METADATA_PROXY_USE_HTTPS" == "True" ]]; then + iniset $NOVA_CONF DEFAULT enabled_ssl_apis metadata + if [[ "$METADATA_PROXY_CERT_FILE" != "" ]]; then + iniset $NOVA_CONF wsgi ssl_cert_file $METADATA_PROXY_CERT_FILE + fi + if [[ "$METADATA_PROXY_PRIV_KEY_FILE" != "" ]]; then + iniset $NOVA_CONF wsgi ssl_key_file $METADATA_PROXY_PRIV_KEY_FILE + fi + fi fi fi } diff --git a/devstack/nsx_v3/controller_local.conf.sample b/devstack/nsx_v3/controller_local.conf.sample index c4ee4cc764..9359cf547d 100644 --- a/devstack/nsx_v3/controller_local.conf.sample +++ b/devstack/nsx_v3/controller_local.conf.sample @@ -111,4 +111,7 @@ DEFAULT_EDGE_CLUSTER_UUID= DHCP_PROFILE_UUID= METADATA_PROXY_UUID= METADATA_PROXY_SHARED_SECRET= +METADATA_PROXY_USE_HTTPS=False +METADATA_PROXY_CERT_FILE= +METADATA_PROXY_PRIV_KEY_FILE= NATIVE_DHCP_METADATA=True