summaryrefslogtreecommitdiffstats
path: root/environments/enable-tls.yaml
AgeCommit message (Collapse)AuthorFilesLines
2016-03-08Update enable-tls.yaml with new endpointsBen Nemec1-0/+6
A couple of new endpoints have been added, and if they're not in the configured value for EndpointMap it will cause problems. Sahara is not added as ssl-enabled because I don't believe it has been added to the loadbalancer yet. Note that there is work underway to CI overcloud SSL, which should catch problems like this in the future. Change-Id: Ia8a106fd94da7be8675ea84f5fbb9ac959771d10
2016-01-15Allow vncproxy to work with ssl enabledBen Nemec1-0/+3
Right now our vncproxy settings are hard-coded to http and the non-ssl port. This change adds a vncproxy entry to the endpoint map and uses those values to configure the proxy correctly on compute nodes. This is sufficient to get it working in my environment with ssl enabled. Change-Id: I9d69b088eef4700959b33c7e0eb44932949d7b71
2015-12-08Enable TLS in loadbalancer if cert path is detectedJuan Antonio Osorio Robles1-0/+32
If there is a value for the certificate path (which should only happen if the environment for enabling TLS is used) then the loadbalancer will detect it and configure it's front ends correctly. On the other hand a proper override for the example environment was given, since this will be needed because we want to pass the hosts and protocols correctly so the tripleoclient will catch it and pass it to os-cloud-config Change-Id: Ifba51495f0c99398291cfd29d10c04ec33b8fc34 Depends-On: Ie2428093b270ab8bc19fcb2130bb16a41ca0ce09
2015-11-23Inject TLS certificate and keys for the OvercloudJuan Antonio Osorio Robles1-0/+9
This is a first implementation of adding TLS termination to the load balancer in the controllers. The implementation was made so that the appropriate certificate/private key in PEM format is copied to the appropriate controller(s) via a software deployment resource. And the path is then referenced on the HAProxy configuration, but this part was left commented out because we need to be able to configure the keystone endpoints in order for this to work properly. Change-Id: I0ba8e38d75a0c628d8132a66dc25a30fc5183c79