Add SSL PKI properties for keystone

To implement the SSL PKI spec we need to change the keystone ssl cert and cert key properties to be more generalizable. We also need to support the old properties for backwards compatibility. Change-Id: Icf46132230512a31b6dec3c07164c95b13dd8f73
author: Gregory Haynes <greg@greghaynes.net> 2014-10-16 14:10:43 -0700
committer: Gregory Haynes <greg@greghaynes.net> 2014-10-22 08:09:04 -0700
commit: 0064f5e8b66dd42788b454df7e467bac8fe96db4 (patch)
tree: 51078ed9f172f9e883a40535cfcb524ac85b8681
parent: 6f3f9ec6da71fec349856e719d0606a6d8b33d91 (diff)
2 files changed, 24 insertions, 0 deletions
diff --git a/overcloud-source.yaml b/overcloud-source.yaml
index b2042d00..ff8cddcb 100644
--- a/overcloud-source.yaml
+++ b/overcloud-source.yaml
@@ -173,6 +173,15 @@ parameters:
     description: Keystone key for signing tokens.
     type: string
     hidden: true
+  KeystoneSSLCertificate:
+    default: ''
+    description: Keystone certificate for verifying token validity.
+    type: string
+  KeystoneSSLCertificateKey:
+    default: ''
+    description: Keystone key for signing tokens.
+    type: string
+    hidden: true
   LiveUpdateComputeImage:
     type: string
     description: The image ID for live-updates to the overcloud compute nodes.
@@ -558,6 +567,9 @@ resources:
           ca_certificate: {get_param: KeystoneCACertificate}
           signing_key: {get_param: KeystoneSigningKey}
           signing_certificate: {get_param: KeystoneSigningCertificate}
+          ssl:
+              certificate: {get_param: KeystoneSSLCertificate}
+              certificate_key: {get_param: KeystoneSSLCertificateKey}
         mysql:
           innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
           local_bind: true
diff --git a/undercloud-source.yaml b/undercloud-source.yaml
index 5ddf51b5..62775c05 100644
--- a/undercloud-source.yaml
+++ b/undercloud-source.yaml
@@ -115,6 +115,15 @@ parameters:
     description: Keystone key for signing tokens.
     type: string
     hidden: true
+  KeystoneSSLCertificate:
+    default: ''
+    description: Keystone certificate for verifying token validity.
+    type: string
+  KeystoneSSLCertificateKey:
+    default: ''
+    description: Keystone key for signing tokens.
+    type: string
+    hidden: true
   HeatPassword:
     default: unset
     description: The password for the Heat service account, used by the Heat services.
@@ -291,6 +300,9 @@ resources:
           ca_certificate: {get_param: KeystoneCACertificate}
           signing_key: {get_param: KeystoneSigningKey}
           signing_certificate: {get_param: KeystoneSigningCertificate}
+          ssl:
+              certificate: {get_param: KeystoneSSLCertificate}
+              certificate_key: {get_param: KeystoneSSLCertificateKey}
         mysql:
           innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
           root-password: {get_resource: MysqlRootPassword}
author	Gregory Haynes <greg@greghaynes.net>	2014-10-16 14:10:43 -0700
committer	Gregory Haynes <greg@greghaynes.net>	2014-10-22 08:09:04 -0700
commit	0064f5e8b66dd42788b454df7e467bac8fe96db4 (patch)
tree	51078ed9f172f9e883a40535cfcb524ac85b8681
parent	6f3f9ec6da71fec349856e719d0606a6d8b33d91 (diff)