Merge "Enable TLS for nova api and placement containers"

author: Jenkins <jenkins@review.openstack.org> 2017-08-14 22:02:25 +0000
committer: Gerrit Code Review <review@openstack.org> 2017-08-14 22:02:25 +0000
commit: 2614962c471ed4ab890383cb63836260227e0010 (patch)
tree: 645fd9b6fa57b8508afd18805c43c7d4571acfc6 /docker
parent: ebaa982f0e1c764efa457e4ca7dfb4d1da7e5776 (diff)
parent: 9d630f81798ff2cd3af092933d55a11f57838928 (diff)
2 files changed, 34 insertions, 0 deletions
diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml
index c73ad046..45de265e 100644
--- a/docker/services/nova-api.yaml
+++ b/docker/services/nova-api.yaml
@@ -36,6 +36,13 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 resources:
 
@@ -170,6 +177,16 @@ outputs:
                   - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
                   - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
                   - /var/log/containers/nova:/var/log/nova
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                      - ''
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                      - ''
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
           nova_api_cron:
diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml
index d784ace3..26d17560 100644
--- a/docker/services/nova-placement.yaml
+++ b/docker/services/nova-placement.yaml
@@ -36,6 +36,13 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 resources:
 
@@ -104,6 +111,16 @@ outputs:
                   - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
                   - /var/lib/config-data/puppet-generated/nova_placement/:/var/lib/kolla/config_files/src:ro
                   - /var/log/containers/nova:/var/log/nova
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                      - ''
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                      - ''
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
       metadata_settings:
author	Jenkins <jenkins@review.openstack.org>	2017-08-14 22:02:25 +0000
committer	Gerrit Code Review <review@openstack.org>	2017-08-14 22:02:25 +0000
commit	2614962c471ed4ab890383cb63836260227e0010 (patch)
tree	645fd9b6fa57b8508afd18805c43c7d4571acfc6 /docker
parent	ebaa982f0e1c764efa457e4ca7dfb4d1da7e5776 (diff)
parent	9d630f81798ff2cd3af092933d55a11f57838928 (diff)