diff options
| author |   Robert Collins <rbtcollins@hp.com> | 2014-01-17 14:17:00 +1300 |
|---|---|---|
| committer | Robert Collins <rbtcollins@hp.com> | 2014-01-17 14:18:53 +1300 |
| commit | e5d4ce3c5f1ff04e1d0910508fa3cf101893d3e6 (patch) | |
| tree | ca8a274186395b9fed611ae0e11c27eb82a941d0 | |
| parent | 9e75c7e46022db0b6d9370701883e63ae455b759 (diff) | |
Add SSL configuration metadata for overclouds.
This passes SSL keys in via Heat which places a high cost on heat
compromises or the use of a non-SSL heat to do deploys. We'll want
to ensure that that is documented clearly.
Change-Id: I14d441460116fda91fbd1d2097c5598b57155a6d
| -rw-r--r-- | Makefile | 4 | ||||
| -rw-r--r-- | ssl-source.yaml | 43 |
2 files changed, 45 insertions, 2 deletions
@@ -10,8 +10,8 @@ overcloud_source_deps = nova-compute-instance.yaml all: $(generated_templates) -overcloud.yaml: overcloud-source.yaml swift-source.yaml $(overcloud_source_deps) - python ./tripleo_heat_merge/merge.py overcloud-source.yaml swift-source.yaml > $@.tmp +overcloud.yaml: overcloud-source.yaml swift-source.yaml ssl-source.yaml $(overcloud_source_deps) + python ./tripleo_heat_merge/merge.py overcloud-source.yaml swift-source.yaml ssl-source.yaml > $@.tmp mv $@.tmp $@ undercloud-vm.yaml: undercloud-source.yaml undercloud-vm-source.yaml diff --git a/ssl-source.yaml b/ssl-source.yaml new file mode 100644 index 00000000..9127555a --- /dev/null +++ b/ssl-source.yaml @@ -0,0 +1,43 @@ +Description: 'ssl-source: SSL endpoint metadata for openstack' +Parameters: + SSLCertificate: + Default: '' + Description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints. + Type: String + NoEcho: true + SSLKey: + Default: '' + Description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints. + Type: String + NoEcho: true +Resources: + notcomputeConfig: + Type: AWS::AutoScaling::LaunchConfiguration + Metadata: + stunnel: + cert: + Ref: SSLCertificate + key: + Ref: SSLKey + ports: + - name: 'ec2' + accept: 13773 + connect: 8773 + - name: 'image' + accept: 13292 + connect: 9292 + - name: 'identity' + accept: 13000 + connect: 5000 + - name: 'network' + accept: 13696 + connect: 9696 + - name: 'compute' + accept: 13774 + connect: 8774 + - name: 'swift-proxy' + accept: 13080 + connect: 8080 + - name: 'cinder' + accept: 13776 + connect: 8776 |