aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Provaznik <jprovazn@redhat.com>2014-06-24 12:55:20 +0200
committerJan Provaznik <jprovazn@redhat.com>2014-06-25 09:23:35 +0200
commit8fc307cc22da5375e9808ffa853cf1af04554078 (patch)
treeb4968e31a22a9b803bdea98d3f39a2a70a0612e2
parentb5b85036c4c514d75dfec63b5f87dcd9d497ee79 (diff)
Add parameters for setting up keystone keys/certs in undercloud
This will allow us distribute identical keys/certs to all control nodes in HA mode. CAKey was removed because it's not required by keystone. Change-Id: I187492d5fac448e57f8cd687f9cb751520df5921
-rw-r--r--overcloud-source.yaml8
-rw-r--r--undercloud-source.yaml16
2 files changed, 16 insertions, 8 deletions
diff --git a/overcloud-source.yaml b/overcloud-source.yaml
index 7ecb92ce..496b2431 100644
--- a/overcloud-source.yaml
+++ b/overcloud-source.yaml
@@ -248,17 +248,10 @@ Parameters:
Default: ''
Description: Keystone self-signed certificate authority certificate.
Type: String
- NoEcho: true
- KeystoneCAKey:
- Default: ''
- Description: Keystone certificate authority key.
- Type: String
- NoEcho: true
KeystoneSigningCertificate:
Default: ''
Description: Keystone certificate for verifying token validity.
Type: String
- NoEcho: true
KeystoneSigningKey:
Default: ''
Description: Keystone key for signing tokens.
@@ -440,7 +433,6 @@ Resources:
db: mysql://keystone:unset@localhost/keystone
host:
get_input: controller_host
- ca_key: {Ref: KeystoneCAKey}
ca_certificate: {Ref: KeystoneCACertificate}
signing_key: {Ref: KeystoneSigningKey}
signing_certificate: {Ref: KeystoneSigningCertificate}
diff --git a/undercloud-source.yaml b/undercloud-source.yaml
index ee8cf0b1..a78e069b 100644
--- a/undercloud-source.yaml
+++ b/undercloud-source.yaml
@@ -160,6 +160,19 @@ Parameters:
lower level default.
Type: Number
Default: 0
+ KeystoneCACertificate:
+ Default: ''
+ Description: Keystone self-signed certificate authority certificate.
+ Type: String
+ KeystoneSigningCertificate:
+ Default: ''
+ Description: Keystone certificate for verifying token validity.
+ Type: String
+ KeystoneSigningKey:
+ Default: ''
+ Description: Keystone key for signing tokens.
+ Type: String
+ NoEcho: true
Resources:
RabbitCookie:
Type: OS::Heat::RandomString
@@ -229,6 +242,9 @@ Resources:
keystone:
db: mysql://keystone:unset@localhost/keystone
host: 127.0.0.1
+ ca_certificate: {Ref: KeystoneCACertificate}
+ signing_key: {Ref: KeystoneSigningKey}
+ signing_certificate: {Ref: KeystoneSigningCertificate}
mysql:
innodb_buffer_pool_size: {Ref: MysqlInnodbBufferPoolSize}
neutron: