From: Jan Provaznik <jprovazn@redhat.com>
Date: Wed, 21 May 2014 06:06:24 +0000 (-0400)
Subject: Add parameters for setting up keystone keys/certs
X-Git-Tag: opnfv-6.0.0~2818^2
X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=6a5d5992a5e46e359e84652973bfff125d04d875;p=apex-tripleo-heat-templates.git

Add parameters for setting up keystone keys/certs

This will allow us distribute identical keys/certs to all
control nodes in HA mode.

Change-Id: Ie84f3897717c02e196a405746865996c0a929977
---

diff --git a/overcloud-source.yaml b/overcloud-source.yaml
index cf1eecda..fc8c8bc4 100644
--- a/overcloud-source.yaml
+++ b/overcloud-source.yaml
@@ -244,6 +244,26 @@ Parameters:
     Default: []
     Description: Should be used for arbitrary ips.
     Type: Json
+  KeystoneCACertificate:
+    Default: ''
+    Description: Keystone self-signed certificate authority certificate.
+    Type: String
+    NoEcho: true
+  KeystoneCAKey:
+    Default: ''
+    Description: Keystone certificate authority key.
+    Type: String
+    NoEcho: true
+  KeystoneSigningCertificate:
+    Default: ''
+    Description: Keystone certificate for verifying token validity.
+    Type: String
+    NoEcho: true
+  KeystoneSigningKey:
+    Default: ''
+    Description: Keystone key for signing tokens.
+    Type: String
+    NoEcho: true
 Resources:
   ControlVirtualIP:
     Type: OS::Neutron::Port
@@ -404,6 +424,10 @@ Resources:
           db: mysql://keystone:unset@localhost/keystone
           host:
             get_input: controller_host
+          ca_key: {Ref: KeystoneCAKey}
+          ca_certificate: {Ref: KeystoneCACertificate}
+          signing_key: {Ref: KeystoneSigningKey}
+          signing_certificate: {Ref: KeystoneSigningCertificate}
         mysql:
           innodb_buffer_pool_size: {Ref: MysqlInnodbBufferPoolSize}
         neutron: