Code Review / apex-tripleo-heat-templates.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: b5b8503)
Add parameters for setting up keystone keys/certs in undercloud
authorJan Provaznik <jprovazn@redhat.com>
Tue, 24 Jun 2014 10:55:20 +0000 (12:55 +0200)
committerJan Provaznik <jprovazn@redhat.com>
Wed, 25 Jun 2014 07:23:35 +0000 (09:23 +0200)
This will allow us distribute identical keys/certs to all
control nodes in HA mode.

CAKey was removed because it's not required by keystone.

Change-Id: I187492d5fac448e57f8cd687f9cb751520df5921

overcloud-source.yaml patch | blob | history
undercloud-source.yaml patch | blob | history

diff --git a/overcloud-source.yaml b/overcloud-source.yaml
index 7ecb92c..496b243 100644 (file)
--- a/overcloud-source.yaml
+++ b/overcloud-source.yaml
@@ -248,17 +248,10 @@ Parameters:
     Default: ''
     Description: Keystone self-signed certificate authority certificate.
     Type: String
-    NoEcho: true
-  KeystoneCAKey:
-    Default: ''
-    Description: Keystone certificate authority key.
-    Type: String
-    NoEcho: true
   KeystoneSigningCertificate:
     Default: ''
     Description: Keystone certificate for verifying token validity.
     Type: String
-    NoEcho: true
   KeystoneSigningKey:
     Default: ''
     Description: Keystone key for signing tokens.
@@ -440,7 +433,6 @@ Resources:
           db: mysql://keystone:unset@localhost/keystone
           host:
             get_input: controller_host
-          ca_key: {Ref: KeystoneCAKey}
           ca_certificate: {Ref: KeystoneCACertificate}
           signing_key: {Ref: KeystoneSigningKey}
           signing_certificate: {Ref: KeystoneSigningCertificate}
diff --git a/undercloud-source.yaml b/undercloud-source.yaml
index ee8cf0b..a78e069 100644 (file)
--- a/undercloud-source.yaml
+++ b/undercloud-source.yaml
@@ -160,6 +160,19 @@ Parameters:
         lower level default.
     Type: Number
     Default: 0
+  KeystoneCACertificate:
+    Default: ''
+    Description: Keystone self-signed certificate authority certificate.
+    Type: String
+  KeystoneSigningCertificate:
+    Default: ''
+    Description: Keystone certificate for verifying token validity.
+    Type: String
+  KeystoneSigningKey:
+    Default: ''
+    Description: Keystone key for signing tokens.
+    Type: String
+    NoEcho: true
 Resources:
   RabbitCookie:
     Type: OS::Heat::RandomString
@@ -229,6 +242,9 @@ Resources:
         keystone:
           db: mysql://keystone:unset@localhost/keystone
           host: 127.0.0.1
+          ca_certificate: {Ref: KeystoneCACertificate}
+          signing_key: {Ref: KeystoneSigningKey}
+          signing_certificate: {Ref: KeystoneSigningCertificate}
         mysql:
           innodb_buffer_pool_size: {Ref: MysqlInnodbBufferPoolSize}
         neutron: