Enable keystone handling of X-Forwarded-Proto header

If the X-Forwarded-Proto header is received by keystone, this option will make the service properly handle it. This is useful, for instance, if TLS is enabled for the admin endpoint. Change-Id: I31a1f51591e8423367e61eafc3af9b2d61278468
author: Juan Antonio Osorio Robles <jaosorior@redhat.com> 2016-01-14 17:17:27 +0200
committer: Juan Antonio Osorio Robles <jaosorior@redhat.com> 2016-01-14 17:17:27 +0200
commit: fd9208025eae0304fa5b6936749fbee96cf9b814 (patch)
tree: 5234e5d4c56487d20e40c0adad3f1e9bd9691274 /puppet/hieradata
parent: bdfdce52ad08d4ce70e7d4ca61b1c6d8409a8730 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index 7f30fe7a..f8ef6408 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -45,6 +45,11 @@ keystone::cron::token_flush::maxdelay: 3600
 keystone::roles::admin::service_tenant: 'service'
 keystone::roles::admin::admin_tenant: 'admin'
 keystone::cron::token_flush::destination: '/dev/null'
+keystone::config::keystone_config:
+  DEFAULT/secure_proxy_ssl_header:
+    value: 'HTTP_X_FORWARDED_PROTO'
+  ec2/driver:
+    value: 'keystone.contrib.ec2.backends.sql.Ec2'
 
 #swift
 swift::proxy::pipeline:
author	Juan Antonio Osorio Robles <jaosorior@redhat.com>	2016-01-14 17:17:27 +0200
committer	Juan Antonio Osorio Robles <jaosorior@redhat.com>	2016-01-14 17:17:27 +0200
commit	fd9208025eae0304fa5b6936749fbee96cf9b814 (patch)
tree	5234e5d4c56487d20e40c0adad3f1e9bd9691274 /puppet/hieradata
parent	bdfdce52ad08d4ce70e7d4ca61b1c6d8409a8730 (diff)