aboutsummaryrefslogtreecommitdiffstats
path: root/docker/services
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-05-08 09:38:16 +0000
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-05-08 10:41:20 +0000
commita378a01102a13ae336963d18aa7abba948711f8b (patch)
treee54894173616b3320da561e5851717a85c0fd4e5 /docker/services
parentdd6c1064eae369f672478a01f9fe2f835485fdc5 (diff)
Containers: Bind mount directories with the key/certs for heat
This is only done when TLS-everywhere is enabled, and depends on those directories being exclusive for services that run over httpd. bp tls-via-certmonger-containers Change-Id: I194c33992c7f3628f7858ecf5e472ecfdee969ed
Diffstat (limited to 'docker/services')
-rw-r--r--docker/services/heat-api-cfn.yaml16
-rw-r--r--docker/services/heat-api.yaml16
2 files changed, 32 insertions, 0 deletions
diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml
index fc228155..ff18f177 100644
--- a/docker/services/heat-api-cfn.yaml
+++ b/docker/services/heat-api-cfn.yaml
@@ -31,7 +31,13 @@ parameters:
DefaultPasswords:
default: {}
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -95,6 +101,16 @@ outputs:
- /var/lib/config-data/heat_api_cfn/etc/httpd/:/etc/httpd/:ro
- /var/lib/config-data/heat_api_cfn/var/www/:/var/www/:ro
- /var/log/containers/heat:/var/log/heat
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml
index fe565411..886a0d80 100644
--- a/docker/services/heat-api.yaml
+++ b/docker/services/heat-api.yaml
@@ -31,7 +31,13 @@ parameters:
DefaultPasswords:
default: {}
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -95,6 +101,16 @@ outputs:
- /var/lib/config-data/heat_api/etc/httpd/:/etc/httpd/:ro
- /var/lib/config-data/heat_api/var/www/:/var/www/:ro
- /var/log/containers/heat:/var/log/heat
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks: