diff options
| author |   Jan Provaznik <jprovazn@redhat.com> | 2014-06-24 12:55:20 +0200 |
|---|---|---|
| committer | Jan Provaznik <jprovazn@redhat.com> | 2014-06-25 09:23:35 +0200 |
| commit | 8fc307cc22da5375e9808ffa853cf1af04554078 (patch) | |
| tree | b4968e31a22a9b803bdea98d3f39a2a70a0612e2 | |
| parent | b5b85036c4c514d75dfec63b5f87dcd9d497ee79 (diff) | |
Add parameters for setting up keystone keys/certs in undercloud
This will allow us distribute identical keys/certs to all
control nodes in HA mode.
CAKey was removed because it's not required by keystone.
Change-Id: I187492d5fac448e57f8cd687f9cb751520df5921
| -rw-r--r-- | overcloud-source.yaml | 8 | ||||
| -rw-r--r-- | undercloud-source.yaml | 16 |
2 files changed, 16 insertions, 8 deletions
diff --git a/overcloud-source.yaml b/overcloud-source.yaml index 7ecb92ce..496b2431 100644 --- a/overcloud-source.yaml +++ b/overcloud-source.yaml @@ -248,17 +248,10 @@ Parameters: Default: '' Description: Keystone self-signed certificate authority certificate. Type: String - NoEcho: true - KeystoneCAKey: - Default: '' - Description: Keystone certificate authority key. - Type: String - NoEcho: true KeystoneSigningCertificate: Default: '' Description: Keystone certificate for verifying token validity. Type: String - NoEcho: true KeystoneSigningKey: Default: '' Description: Keystone key for signing tokens. @@ -440,7 +433,6 @@ Resources: db: mysql://keystone:unset@localhost/keystone host: get_input: controller_host - ca_key: {Ref: KeystoneCAKey} ca_certificate: {Ref: KeystoneCACertificate} signing_key: {Ref: KeystoneSigningKey} signing_certificate: {Ref: KeystoneSigningCertificate} diff --git a/undercloud-source.yaml b/undercloud-source.yaml index ee8cf0b1..a78e069b 100644 --- a/undercloud-source.yaml +++ b/undercloud-source.yaml @@ -160,6 +160,19 @@ Parameters: lower level default. Type: Number Default: 0 + KeystoneCACertificate: + Default: '' + Description: Keystone self-signed certificate authority certificate. + Type: String + KeystoneSigningCertificate: + Default: '' + Description: Keystone certificate for verifying token validity. + Type: String + KeystoneSigningKey: + Default: '' + Description: Keystone key for signing tokens. + Type: String + NoEcho: true Resources: RabbitCookie: Type: OS::Heat::RandomString @@ -229,6 +242,9 @@ Resources: keystone: db: mysql://keystone:unset@localhost/keystone host: 127.0.0.1 + ca_certificate: {Ref: KeystoneCACertificate} + signing_key: {Ref: KeystoneSigningKey} + signing_certificate: {Ref: KeystoneSigningCertificate} mysql: innodb_buffer_pool_size: {Ref: MysqlInnodbBufferPoolSize} neutron: |