Enable TLS for nova api and placement containers

With these two services running over httpd in the containers, we can now enable TLS for them. bp tls-via-certmonger-containers Change-Id: Ib8fc37a391e3b32feef0ac6492492c0088866d21
author: Juan Antonio Osorio Robles <jaosorior@redhat.com> 2017-08-02 09:58:46 +0300
committer: Juan Antonio Osorio Robles <jaosorior@redhat.com> 2017-08-11 05:00:02 +0000
commit: 9d630f81798ff2cd3af092933d55a11f57838928 (patch)
tree: ccb1861e34287b48a15e6e0eab2844ea10099c5f
parent: f24d5d4c0237d2703cf2744aa6db65865401e94e (diff)
2 files changed, 34 insertions, 0 deletions
diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml
index c73ad046..45de265e 100644
--- a/docker/services/nova-api.yaml
+++ b/docker/services/nova-api.yaml
@@ -36,6 +36,13 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 resources:
 
@@ -170,6 +177,16 @@ outputs:
                   - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
                   - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
                   - /var/log/containers/nova:/var/log/nova
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                      - ''
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                      - ''
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
           nova_api_cron:
diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml
index d784ace3..26d17560 100644
--- a/docker/services/nova-placement.yaml
+++ b/docker/services/nova-placement.yaml
@@ -36,6 +36,13 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 resources:
 
@@ -104,6 +111,16 @@ outputs:
                   - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
                   - /var/lib/config-data/puppet-generated/nova_placement/:/var/lib/kolla/config_files/src:ro
                   - /var/log/containers/nova:/var/log/nova
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                      - ''
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                      - ''
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
       metadata_settings:
author	Juan Antonio Osorio Robles <jaosorior@redhat.com>	2017-08-02 09:58:46 +0300
committer	Juan Antonio Osorio Robles <jaosorior@redhat.com>	2017-08-11 05:00:02 +0000
commit	9d630f81798ff2cd3af092933d55a11f57838928 (patch)
tree	ccb1861e34287b48a15e6e0eab2844ea10099c5f
parent	f24d5d4c0237d2703cf2744aa6db65865401e94e (diff)