diff options
| author |   Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2016-01-14 17:17:27 +0200 |
|---|---|---|
| committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2016-01-14 17:17:27 +0200 |
| commit | fd9208025eae0304fa5b6936749fbee96cf9b814 (patch) | |
| tree | 5234e5d4c56487d20e40c0adad3f1e9bd9691274 /puppet | |
| parent | bdfdce52ad08d4ce70e7d4ca61b1c6d8409a8730 (diff) | |
Enable keystone handling of X-Forwarded-Proto header
If the X-Forwarded-Proto header is received by keystone, this option
will make the service properly handle it. This is useful, for instance,
if TLS is enabled for the admin endpoint.
Change-Id: I31a1f51591e8423367e61eafc3af9b2d61278468
Diffstat (limited to 'puppet')
| -rw-r--r-- | puppet/hieradata/controller.yaml | 5 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller.pp | 5 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller_pacemaker.pp | 5 |
3 files changed, 9 insertions, 6 deletions
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 7f30fe7a..f8ef6408 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -45,6 +45,11 @@ keystone::cron::token_flush::maxdelay: 3600 keystone::roles::admin::service_tenant: 'service' keystone::roles::admin::admin_tenant: 'admin' keystone::cron::token_flush::destination: '/dev/null' +keystone::config::keystone_config: + DEFAULT/secure_proxy_ssl_header: + value: 'HTTP_X_FORWARDED_PROTO' + ec2/driver: + value: 'keystone.contrib.ec2.backends.sql.Ec2' #swift swift::proxy::pipeline: diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 29af6ca2..ea63b1a8 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -167,13 +167,12 @@ if hiera('step') >= 2 { if hiera('step') >= 3 { include ::keystone + include ::keystone::config include ::keystone::roles::admin include ::keystone::endpoint #TODO: need a cleanup-keystone-tokens.sh solution here - keystone_config { - 'ec2/driver': value => 'keystone.contrib.ec2.backends.sql.Ec2'; - } + file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]: ensure => 'directory', owner => 'keystone', diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 583a4fd4..f8d3fd76 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -496,11 +496,10 @@ if hiera('step') >= 3 { manage_service => false, enabled => false, } + include ::keystone::config #TODO: need a cleanup-keystone-tokens.sh solution here - keystone_config { - 'ec2/driver': value => 'keystone.contrib.ec2.backends.sql.Ec2'; - } + file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]: ensure => 'directory', owner => 'keystone', |