aboutsummaryrefslogtreecommitdiffstats
path: root/docker
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-08-02 09:58:46 +0300
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-08-11 05:00:02 +0000
commit9d630f81798ff2cd3af092933d55a11f57838928 (patch)
treeccb1861e34287b48a15e6e0eab2844ea10099c5f /docker
parentf24d5d4c0237d2703cf2744aa6db65865401e94e (diff)
Enable TLS for nova api and placement containers
With these two services running over httpd in the containers, we can now enable TLS for them. bp tls-via-certmonger-containers Change-Id: Ib8fc37a391e3b32feef0ac6492492c0088866d21
Diffstat (limited to 'docker')
-rw-r--r--docker/services/nova-api.yaml17
-rw-r--r--docker/services/nova-placement.yaml17
2 files changed, 34 insertions, 0 deletions
diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml
index c73ad04..45de265 100644
--- a/docker/services/nova-api.yaml
+++ b/docker/services/nova-api.yaml
@@ -36,6 +36,13 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -170,6 +177,16 @@ outputs:
- /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
nova_api_cron:
diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml
index d784ace..26d1756 100644
--- a/docker/services/nova-placement.yaml
+++ b/docker/services/nova-placement.yaml
@@ -36,6 +36,13 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -104,6 +111,16 @@ outputs:
- /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova_placement/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings: