diff options
author | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-05-08 09:38:16 +0000 |
---|---|---|
committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-05-08 10:41:20 +0000 |
commit | a378a01102a13ae336963d18aa7abba948711f8b (patch) | |
tree | e54894173616b3320da561e5851717a85c0fd4e5 /docker/services | |
parent | dd6c1064eae369f672478a01f9fe2f835485fdc5 (diff) |
Containers: Bind mount directories with the key/certs for heat
This is only done when TLS-everywhere is enabled, and depends on those
directories being exclusive for services that run over httpd.
bp tls-via-certmonger-containers
Change-Id: I194c33992c7f3628f7858ecf5e472ecfdee969ed
Diffstat (limited to 'docker/services')
-rw-r--r-- | docker/services/heat-api-cfn.yaml | 16 | ||||
-rw-r--r-- | docker/services/heat-api.yaml | 16 |
2 files changed, 32 insertions, 0 deletions
diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml index fc228155..ff18f177 100644 --- a/docker/services/heat-api-cfn.yaml +++ b/docker/services/heat-api-cfn.yaml @@ -31,7 +31,13 @@ parameters: DefaultPasswords: default: {} type: json + EnableInternalTLS: + type: boolean + default: false +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -95,6 +101,16 @@ outputs: - /var/lib/config-data/heat_api_cfn/etc/httpd/:/etc/httpd/:ro - /var/lib/config-data/heat_api_cfn/var/www/:/var/www/:ro - /var/log/containers/heat:/var/log/heat + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index fe565411..886a0d80 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -31,7 +31,13 @@ parameters: DefaultPasswords: default: {} type: json + EnableInternalTLS: + type: boolean + default: false +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -95,6 +101,16 @@ outputs: - /var/lib/config-data/heat_api/etc/httpd/:/etc/httpd/:ro - /var/lib/config-data/heat_api/var/www/:/var/www/:ro - /var/log/containers/heat:/var/log/heat + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: |