diff options
| author |   Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-08-18 05:42:59 +0000 |
|---|---|---|
| committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-08-21 12:30:58 +0000 |
| commit | 8ba30a1912979925fa37e210df5ecaab47b07c33 (patch) | |
| tree | 6bf3af52c619481ce1ad429c9c8a591b6e55cfb3 | |
| parent | 1d1ad7849b65e5ecbaf3e0f260b4ad1827dc6f22 (diff) | |
TLS for containerized horizon
bind mount the certificates needed for TLS.
bp tls-via-certmonger-containers
Change-Id: Ib9b533249be37665b77396a76133cc42fd15ee2b
| -rw-r--r-- | docker/services/horizon.yaml | 17 | ||||
| -rw-r--r-- | environments/docker-services-tls-everywhere.yaml | 1 |
2 files changed, 18 insertions, 0 deletions
diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml index 3d3bc7c3..f2f2b8dc 100644 --- a/docker/services/horizon.yaml +++ b/docker/services/horizon.yaml @@ -36,6 +36,13 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -117,6 +124,16 @@ outputs: - /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/horizon/:/var/lib/kolla/config_files/src:ro - /var/log/containers/horizon:/var/log/horizon + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml index 519e57db..19a43623 100644 --- a/environments/docker-services-tls-everywhere.yaml +++ b/environments/docker-services-tls-everywhere.yaml @@ -21,6 +21,7 @@ resource_registry: OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml + OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml |