aboutsummaryrefslogtreecommitdiffstats
path: root/docker/services
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-05-12 08:44:47 +0000
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-05-16 13:00:52 +0000
commita37debd3dfc590f4d4b3a10369a26ad36c4add91 (patch)
treecce9b62997a7310a70017b1166d26f6d581ca1c1 /docker/services
parent563a900be04934e53da7f1f693e0747f29f37f33 (diff)
docker/internal TLS: spawn extra container for neutron server's TLS proxy
This spawns an extra container that runs httpd to run the TLS proxy that will go in front of neutron server. bp tls-via-certmonger-containers Change-Id: I2529d78e889835f48c51e12d28ecd7c48739b02b
Diffstat (limited to 'docker/services')
-rw-r--r--docker/services/neutron-api.yaml56
1 files changed, 42 insertions, 14 deletions
diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml
index 9d266b0b..748371d5 100644
--- a/docker/services/neutron-api.yaml
+++ b/docker/services/neutron-api.yaml
@@ -39,6 +39,13 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -81,6 +88,8 @@ outputs:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
+ /var/lib/kolla/config_files/neutron_server_tls_proxy.json:
+ command: /usr/sbin/httpd -DFOREGROUND
docker_config:
# db sync runs before permissions set by kolla_config
step_3:
@@ -113,20 +122,39 @@ outputs:
- /var/log/containers/neutron:/var/log/neutron
command: ['neutron-db-manage', 'upgrade', 'heads']
step_4:
- neutron_api:
- image: *neutron_api_image
- net: host
- privileged: false
- restart: always
- volumes:
- list_concat:
- - {get_attr: [ContainersCommon, volumes]}
- -
- - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
- - /var/log/containers/neutron:/var/log/neutron
- environment:
- - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ map_merge:
+ - neutron_api:
+ image: *neutron_api_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
+ - /var/log/containers/neutron:/var/log/neutron
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ - if:
+ - internal_tls_enabled
+ - neutron_server_tls_proxy:
+ image: *neutron_api_image
+ net: host
+ user: root
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/neutron/etc/httpd/:/etc/httpd/:ro
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ - {}
host_prep_tasks:
- name: create persistent logs directory
file: