aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRobert Collins <rbtcollins@hp.com>2014-01-17 14:17:00 +1300
committerRobert Collins <rbtcollins@hp.com>2014-01-17 14:18:53 +1300
commite5d4ce3c5f1ff04e1d0910508fa3cf101893d3e6 (patch)
treeca8a274186395b9fed611ae0e11c27eb82a941d0
parent9e75c7e46022db0b6d9370701883e63ae455b759 (diff)
Add SSL configuration metadata for overclouds.
This passes SSL keys in via Heat which places a high cost on heat compromises or the use of a non-SSL heat to do deploys. We'll want to ensure that that is documented clearly. Change-Id: I14d441460116fda91fbd1d2097c5598b57155a6d
-rw-r--r--Makefile4
-rw-r--r--ssl-source.yaml43
2 files changed, 45 insertions, 2 deletions
diff --git a/Makefile b/Makefile
index a11a1089..6d5c8b73 100644
--- a/Makefile
+++ b/Makefile
@@ -10,8 +10,8 @@ overcloud_source_deps = nova-compute-instance.yaml
all: $(generated_templates)
-overcloud.yaml: overcloud-source.yaml swift-source.yaml $(overcloud_source_deps)
- python ./tripleo_heat_merge/merge.py overcloud-source.yaml swift-source.yaml > $@.tmp
+overcloud.yaml: overcloud-source.yaml swift-source.yaml ssl-source.yaml $(overcloud_source_deps)
+ python ./tripleo_heat_merge/merge.py overcloud-source.yaml swift-source.yaml ssl-source.yaml > $@.tmp
mv $@.tmp $@
undercloud-vm.yaml: undercloud-source.yaml undercloud-vm-source.yaml
diff --git a/ssl-source.yaml b/ssl-source.yaml
new file mode 100644
index 00000000..9127555a
--- /dev/null
+++ b/ssl-source.yaml
@@ -0,0 +1,43 @@
+Description: 'ssl-source: SSL endpoint metadata for openstack'
+Parameters:
+ SSLCertificate:
+ Default: ''
+ Description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
+ Type: String
+ NoEcho: true
+ SSLKey:
+ Default: ''
+ Description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
+ Type: String
+ NoEcho: true
+Resources:
+ notcomputeConfig:
+ Type: AWS::AutoScaling::LaunchConfiguration
+ Metadata:
+ stunnel:
+ cert:
+ Ref: SSLCertificate
+ key:
+ Ref: SSLKey
+ ports:
+ - name: 'ec2'
+ accept: 13773
+ connect: 8773
+ - name: 'image'
+ accept: 13292
+ connect: 9292
+ - name: 'identity'
+ accept: 13000
+ connect: 5000
+ - name: 'network'
+ accept: 13696
+ connect: 9696
+ - name: 'compute'
+ accept: 13774
+ connect: 8774
+ - name: 'swift-proxy'
+ accept: 13080
+ connect: 8080
+ - name: 'cinder'
+ accept: 13776
+ connect: 8776