From: Gregory Haynes <greg@greghaynes.net>
Date: Thu, 16 Oct 2014 21:10:43 +0000 (-0700)
Subject: Add SSL PKI properties for keystone
X-Git-Tag: opnfv-6.0.0~2729^2
X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=0064f5e8b66dd42788b454df7e467bac8fe96db4;p=apex-tripleo-heat-templates.git

Add SSL PKI properties for keystone

To implement the SSL PKI spec we need to change the keystone ssl cert
and cert key properties to be more generalizable. We also need to
support the old properties for backwards compatibility.

Change-Id: Icf46132230512a31b6dec3c07164c95b13dd8f73
---

diff --git a/overcloud-source.yaml b/overcloud-source.yaml
index b2042d00..ff8cddcb 100644
--- a/overcloud-source.yaml
+++ b/overcloud-source.yaml
@@ -173,6 +173,15 @@ parameters:
     description: Keystone key for signing tokens.
     type: string
     hidden: true
+  KeystoneSSLCertificate:
+    default: ''
+    description: Keystone certificate for verifying token validity.
+    type: string
+  KeystoneSSLCertificateKey:
+    default: ''
+    description: Keystone key for signing tokens.
+    type: string
+    hidden: true
   LiveUpdateComputeImage:
     type: string
     description: The image ID for live-updates to the overcloud compute nodes.
@@ -558,6 +567,9 @@ resources:
           ca_certificate: {get_param: KeystoneCACertificate}
           signing_key: {get_param: KeystoneSigningKey}
           signing_certificate: {get_param: KeystoneSigningCertificate}
+          ssl:
+              certificate: {get_param: KeystoneSSLCertificate}
+              certificate_key: {get_param: KeystoneSSLCertificateKey}
         mysql:
           innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
           local_bind: true
diff --git a/undercloud-source.yaml b/undercloud-source.yaml
index 5ddf51b5..62775c05 100644
--- a/undercloud-source.yaml
+++ b/undercloud-source.yaml
@@ -115,6 +115,15 @@ parameters:
     description: Keystone key for signing tokens.
     type: string
     hidden: true
+  KeystoneSSLCertificate:
+    default: ''
+    description: Keystone certificate for verifying token validity.
+    type: string
+  KeystoneSSLCertificateKey:
+    default: ''
+    description: Keystone key for signing tokens.
+    type: string
+    hidden: true
   HeatPassword:
     default: unset
     description: The password for the Heat service account, used by the Heat services.
@@ -291,6 +300,9 @@ resources:
           ca_certificate: {get_param: KeystoneCACertificate}
           signing_key: {get_param: KeystoneSigningKey}
           signing_certificate: {get_param: KeystoneSigningCertificate}
+          ssl:
+              certificate: {get_param: KeystoneSSLCertificate}
+              certificate_key: {get_param: KeystoneSSLCertificateKey}
         mysql:
           innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
           root-password: {get_resource: MysqlRootPassword}