diff options
| author |   Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2016-07-13 11:27:01 +0300 |
|---|---|---|
| committer |   Emilien Macchi <emilien@redhat.com> | 2016-07-29 20:37:14 +0000 |
| commit | f99294ceff6b2d66e047d7b48032347ddc1bd21d (patch) | |
| tree | 4d370fb973931412ac54b3f7fb62920c15f7ae2b /puppet | |
| parent | 03fbc98601a96c6bd51915a25ac1f73cbc53239c (diff) | |
Enable keystone to use the SSL middleware
The http_proxy_to_wsgi middleware was recently added to keystone as
default in the pipeline [1]. So this takes it into use instead of the
non-standard option we were using before, which will be deprecated.
We already enable this middleware for nova, cinder and heat.
[1] Iad628a863e55cbf20c89ef23ebc7527ba8e1a835
Depends-On: I0fec98a6e1d9c8be4d8b8df382b78ba2815790f9
Change-Id: I8c1b84adc828a2b8c9ea11c4e2b8349427b1b206
Diffstat (limited to 'puppet')
| -rw-r--r-- | puppet/services/keystone.yaml | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 48e74875..79c0dcc2 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -110,6 +110,7 @@ outputs: keystone_signing_certificate: {get_param: KeystoneSigningCertificate} keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} + keystone::enable_proxy_headers_parsing: true keystone::debug: {get_param: Debug} keystone::db::mysql::password: {get_param: AdminToken} keystone::rabbit_userid: {get_param: RabbitUserName} @@ -138,8 +139,6 @@ outputs: keystone::roles::admin::admin_tenant: 'admin' keystone::cron::token_flush::destination: '/dev/null' keystone::config::keystone_config: - DEFAULT/secure_proxy_ssl_header: - value: 'HTTP_X_FORWARDED_PROTO' ec2/driver: value: 'keystone.contrib.ec2.backends.sql.Ec2' keystone::service_name: 'httpd' |