Code Review / apex-tripleo-heat-templates.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 1d1ad78)
TLS for containerized horizon
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>
Fri, 18 Aug 2017 05:42:59 +0000 (05:42 +0000)
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>
Mon, 21 Aug 2017 12:30:58 +0000 (12:30 +0000)
bind mount the certificates needed for TLS.

bp tls-via-certmonger-containers

Change-Id: Ib9b533249be37665b77396a76133cc42fd15ee2b

docker/services/horizon.yaml patch | blob | history
environments/docker-services-tls-everywhere.yaml patch | blob | history

diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml
index 3d3bc7c..f2f2b8d 100644 (file)
--- a/docker/services/horizon.yaml
+++ b/docker/services/horizon.yaml
@@ -36,6 +36,13 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 resources:
 
@@ -117,6 +124,16 @@ outputs:
                   - /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro
                   - /var/lib/config-data/puppet-generated/horizon/:/var/lib/kolla/config_files/src:ro
                   - /var/log/containers/horizon:/var/log/horizon
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                      - ''
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                      - ''
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
       host_prep_tasks:
diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml
index 519e57d..19a4362 100644 (file)
--- a/environments/docker-services-tls-everywhere.yaml
+++ b/environments/docker-services-tls-everywhere.yaml
@@ -21,6 +21,7 @@ resource_registry:
   OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml
   OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml
   OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml
+  OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml
   OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
   OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml
   OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml