aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2016-01-14 17:17:27 +0200
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2016-01-14 17:17:27 +0200
commitfd9208025eae0304fa5b6936749fbee96cf9b814 (patch)
tree5234e5d4c56487d20e40c0adad3f1e9bd9691274
parentbdfdce52ad08d4ce70e7d4ca61b1c6d8409a8730 (diff)
Enable keystone handling of X-Forwarded-Proto header
If the X-Forwarded-Proto header is received by keystone, this option will make the service properly handle it. This is useful, for instance, if TLS is enabled for the admin endpoint. Change-Id: I31a1f51591e8423367e61eafc3af9b2d61278468
-rw-r--r--puppet/hieradata/controller.yaml5
-rw-r--r--puppet/manifests/overcloud_controller.pp5
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp5
3 files changed, 9 insertions, 6 deletions
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index 7f30fe7a..f8ef6408 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -45,6 +45,11 @@ keystone::cron::token_flush::maxdelay: 3600
keystone::roles::admin::service_tenant: 'service'
keystone::roles::admin::admin_tenant: 'admin'
keystone::cron::token_flush::destination: '/dev/null'
+keystone::config::keystone_config:
+ DEFAULT/secure_proxy_ssl_header:
+ value: 'HTTP_X_FORWARDED_PROTO'
+ ec2/driver:
+ value: 'keystone.contrib.ec2.backends.sql.Ec2'
#swift
swift::proxy::pipeline:
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 29af6ca2..ea63b1a8 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -167,13 +167,12 @@ if hiera('step') >= 2 {
if hiera('step') >= 3 {
include ::keystone
+ include ::keystone::config
include ::keystone::roles::admin
include ::keystone::endpoint
#TODO: need a cleanup-keystone-tokens.sh solution here
- keystone_config {
- 'ec2/driver': value => 'keystone.contrib.ec2.backends.sql.Ec2';
- }
+
file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]:
ensure => 'directory',
owner => 'keystone',
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 583a4fd4..f8d3fd76 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -496,11 +496,10 @@ if hiera('step') >= 3 {
manage_service => false,
enabled => false,
}
+ include ::keystone::config
#TODO: need a cleanup-keystone-tokens.sh solution here
- keystone_config {
- 'ec2/driver': value => 'keystone.contrib.ec2.backends.sql.Ec2';
- }
+
file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]:
ensure => 'directory',
owner => 'keystone',