summaryrefslogtreecommitdiffstats
path: root/docker/services
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-05-17 17:39:30 +0000
committerGerrit Code Review <review@openstack.org>2017-05-17 17:39:30 +0000
commit86a355865c8f2eea102601be125cbb58f283f04d (patch)
tree8958f7162c9fcab73c99607ce10d279ac6ca5b10 /docker/services
parenta482e69d8fd312f817bee75e0ecae968c7fd5ca4 (diff)
parenta37debd3dfc590f4d4b3a10369a26ad36c4add91 (diff)
Merge "docker/internal TLS: spawn extra container for neutron server's TLS proxy"
Diffstat (limited to 'docker/services')
-rw-r--r--docker/services/neutron-api.yaml56
1 files changed, 42 insertions, 14 deletions
diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml
index 9d266b0b..748371d5 100644
--- a/docker/services/neutron-api.yaml
+++ b/docker/services/neutron-api.yaml
@@ -39,6 +39,13 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -81,6 +88,8 @@ outputs:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
+ /var/lib/kolla/config_files/neutron_server_tls_proxy.json:
+ command: /usr/sbin/httpd -DFOREGROUND
docker_config:
# db sync runs before permissions set by kolla_config
step_3:
@@ -113,20 +122,39 @@ outputs:
- /var/log/containers/neutron:/var/log/neutron
command: ['neutron-db-manage', 'upgrade', 'heads']
step_4:
- neutron_api:
- image: *neutron_api_image
- net: host
- privileged: false
- restart: always
- volumes:
- list_concat:
- - {get_attr: [ContainersCommon, volumes]}
- -
- - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
- - /var/log/containers/neutron:/var/log/neutron
- environment:
- - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ map_merge:
+ - neutron_api:
+ image: *neutron_api_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
+ - /var/log/containers/neutron:/var/log/neutron
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ - if:
+ - internal_tls_enabled
+ - neutron_server_tls_proxy:
+ image: *neutron_api_image
+ net: host
+ user: root
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/neutron/etc/httpd/:/etc/httpd/:ro
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ - {}
host_prep_tasks:
- name: create persistent logs directory
file: