summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2016-07-13 11:27:01 +0300
committerEmilien Macchi <emilien@redhat.com>2016-07-29 20:37:14 +0000
commitf99294ceff6b2d66e047d7b48032347ddc1bd21d (patch)
tree4d370fb973931412ac54b3f7fb62920c15f7ae2b
parent03fbc98601a96c6bd51915a25ac1f73cbc53239c (diff)
Enable keystone to use the SSL middleware
The http_proxy_to_wsgi middleware was recently added to keystone as default in the pipeline [1]. So this takes it into use instead of the non-standard option we were using before, which will be deprecated. We already enable this middleware for nova, cinder and heat. [1] Iad628a863e55cbf20c89ef23ebc7527ba8e1a835 Depends-On: I0fec98a6e1d9c8be4d8b8df382b78ba2815790f9 Change-Id: I8c1b84adc828a2b8c9ea11c4e2b8349427b1b206
-rw-r--r--puppet/services/keystone.yaml3
1 files changed, 1 insertions, 2 deletions
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 48e74875..79c0dcc2 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -110,6 +110,7 @@ outputs:
keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
+ keystone::enable_proxy_headers_parsing: true
keystone::debug: {get_param: Debug}
keystone::db::mysql::password: {get_param: AdminToken}
keystone::rabbit_userid: {get_param: RabbitUserName}
@@ -138,8 +139,6 @@ outputs:
keystone::roles::admin::admin_tenant: 'admin'
keystone::cron::token_flush::destination: '/dev/null'
keystone::config::keystone_config:
- DEFAULT/secure_proxy_ssl_header:
- value: 'HTTP_X_FORWARDED_PROTO'
ec2/driver:
value: 'keystone.contrib.ec2.backends.sql.Ec2'
keystone::service_name: 'httpd'