Add parameters for setting up keystone keys/certs

This will allow us distribute identical keys/certs to all
control nodes in HA mode.

Change-Id: Ie84f3897717c02e196a405746865996c0a929977

1 files changed, 24 insertions, 0 deletions

diff --git a/overcloud-source.yaml b/overcloud-source.yaml
index cf1eecda..fc8c8bc4 100644
--- a/overcloud-source.yaml
+++ b/overcloud-source.yaml
@@ -244,6 +244,26 @@ Parameters:
     Default: []
     Description: Should be used for arbitrary ips.
     Type: Json
+  KeystoneCACertificate:
+    Default: ''
+    Description: Keystone self-signed certificate authority certificate.
+    Type: String
+    NoEcho: true
+  KeystoneCAKey:
+    Default: ''
+    Description: Keystone certificate authority key.
+    Type: String
+    NoEcho: true
+  KeystoneSigningCertificate:
+    Default: ''
+    Description: Keystone certificate for verifying token validity.
+    Type: String
+    NoEcho: true
+  KeystoneSigningKey:
+    Default: ''
+    Description: Keystone key for signing tokens.
+    Type: String
+    NoEcho: true
 Resources:
   ControlVirtualIP:
     Type: OS::Neutron::Port
@@ -404,6 +424,10 @@ Resources:
           db: mysql://keystone:unset@localhost/keystone
           host:
             get_input: controller_host
+          ca_key: {Ref: KeystoneCAKey}
+          ca_certificate: {Ref: KeystoneCACertificate}
+          signing_key: {Ref: KeystoneSigningKey}
+          signing_certificate: {Ref: KeystoneSigningCertificate}
         mysql:
           innodb_buffer_pool_size: {Ref: MysqlInnodbBufferPoolSize}
         neutron: