Code Review / apex-tripleo-heat-templates.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 6f3f9ec)
Add SSL PKI properties for keystone
authorGregory Haynes <greg@greghaynes.net>
Thu, 16 Oct 2014 21:10:43 +0000 (14:10 -0700)
committerGregory Haynes <greg@greghaynes.net>
Wed, 22 Oct 2014 15:09:04 +0000 (08:09 -0700)
To implement the SSL PKI spec we need to change the keystone ssl cert
and cert key properties to be more generalizable. We also need to
support the old properties for backwards compatibility.

Change-Id: Icf46132230512a31b6dec3c07164c95b13dd8f73

overcloud-source.yaml patch | blob | history
undercloud-source.yaml patch | blob | history

diff --git a/overcloud-source.yaml b/overcloud-source.yaml
index b2042d0..ff8cddc 100644 (file)
--- a/overcloud-source.yaml
+++ b/overcloud-source.yaml
@@ -173,6 +173,15 @@ parameters:
     description: Keystone key for signing tokens.
     type: string
     hidden: true
+  KeystoneSSLCertificate:
+    default: ''
+    description: Keystone certificate for verifying token validity.
+    type: string
+  KeystoneSSLCertificateKey:
+    default: ''
+    description: Keystone key for signing tokens.
+    type: string
+    hidden: true
   LiveUpdateComputeImage:
     type: string
     description: The image ID for live-updates to the overcloud compute nodes.
@@ -558,6 +567,9 @@ resources:
           ca_certificate: {get_param: KeystoneCACertificate}
           signing_key: {get_param: KeystoneSigningKey}
           signing_certificate: {get_param: KeystoneSigningCertificate}
+          ssl:
+              certificate: {get_param: KeystoneSSLCertificate}
+              certificate_key: {get_param: KeystoneSSLCertificateKey}
         mysql:
           innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
           local_bind: true
diff --git a/undercloud-source.yaml b/undercloud-source.yaml
index 5ddf51b..62775c0 100644 (file)
--- a/undercloud-source.yaml
+++ b/undercloud-source.yaml
@@ -115,6 +115,15 @@ parameters:
     description: Keystone key for signing tokens.
     type: string
     hidden: true
+  KeystoneSSLCertificate:
+    default: ''
+    description: Keystone certificate for verifying token validity.
+    type: string
+  KeystoneSSLCertificateKey:
+    default: ''
+    description: Keystone key for signing tokens.
+    type: string
+    hidden: true
   HeatPassword:
     default: unset
     description: The password for the Heat service account, used by the Heat services.
@@ -291,6 +300,9 @@ resources:
           ca_certificate: {get_param: KeystoneCACertificate}
           signing_key: {get_param: KeystoneSigningKey}
           signing_certificate: {get_param: KeystoneSigningCertificate}
+          ssl:
+              certificate: {get_param: KeystoneSSLCertificate}
+              certificate_key: {get_param: KeystoneSSLCertificateKey}
         mysql:
           innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
           root-password: {get_resource: MysqlRootPassword}