From 6a5d5992a5e46e359e84652973bfff125d04d875 Mon Sep 17 00:00:00 2001
From: Jan Provaznik <jprovazn@redhat.com>
Date: Wed, 21 May 2014 02:06:24 -0400
Subject: Add parameters for setting up keystone keys/certs

This will allow us distribute identical keys/certs to all
control nodes in HA mode.

Change-Id: Ie84f3897717c02e196a405746865996c0a929977
---
 overcloud-source.yaml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'overcloud-source.yaml')

diff --git a/overcloud-source.yaml b/overcloud-source.yaml
index cf1eecda..fc8c8bc4 100644
--- a/overcloud-source.yaml
+++ b/overcloud-source.yaml
@@ -244,6 +244,26 @@ Parameters:
     Default: []
     Description: Should be used for arbitrary ips.
     Type: Json
+  KeystoneCACertificate:
+    Default: ''
+    Description: Keystone self-signed certificate authority certificate.
+    Type: String
+    NoEcho: true
+  KeystoneCAKey:
+    Default: ''
+    Description: Keystone certificate authority key.
+    Type: String
+    NoEcho: true
+  KeystoneSigningCertificate:
+    Default: ''
+    Description: Keystone certificate for verifying token validity.
+    Type: String
+    NoEcho: true
+  KeystoneSigningKey:
+    Default: ''
+    Description: Keystone key for signing tokens.
+    Type: String
+    NoEcho: true
 Resources:
   ControlVirtualIP:
     Type: OS::Neutron::Port
@@ -404,6 +424,10 @@ Resources:
           db: mysql://keystone:unset@localhost/keystone
           host:
             get_input: controller_host
+          ca_key: {Ref: KeystoneCAKey}
+          ca_certificate: {Ref: KeystoneCACertificate}
+          signing_key: {Ref: KeystoneSigningKey}
+          signing_certificate: {Ref: KeystoneSigningCertificate}
         mysql:
           innodb_buffer_pool_size: {Ref: MysqlInnodbBufferPoolSize}
         neutron:
-- 
cgit 1.2.3-korg