From f99294ceff6b2d66e047d7b48032347ddc1bd21d Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Wed, 13 Jul 2016 11:27:01 +0300 Subject: Enable keystone to use the SSL middleware The http_proxy_to_wsgi middleware was recently added to keystone as default in the pipeline [1]. So this takes it into use instead of the non-standard option we were using before, which will be deprecated. We already enable this middleware for nova, cinder and heat. [1] Iad628a863e55cbf20c89ef23ebc7527ba8e1a835 Depends-On: I0fec98a6e1d9c8be4d8b8df382b78ba2815790f9 Change-Id: I8c1b84adc828a2b8c9ea11c4e2b8349427b1b206 --- puppet/services/keystone.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'puppet') diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 48e74875..79c0dcc2 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -110,6 +110,7 @@ outputs: keystone_signing_certificate: {get_param: KeystoneSigningCertificate} keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} + keystone::enable_proxy_headers_parsing: true keystone::debug: {get_param: Debug} keystone::db::mysql::password: {get_param: AdminToken} keystone::rabbit_userid: {get_param: RabbitUserName} @@ -138,8 +139,6 @@ outputs: keystone::roles::admin::admin_tenant: 'admin' keystone::cron::token_flush::destination: '/dev/null' keystone::config::keystone_config: - DEFAULT/secure_proxy_ssl_header: - value: 'HTTP_X_FORWARDED_PROTO' ec2/driver: value: 'keystone.contrib.ec2.backends.sql.Ec2' keystone::service_name: 'httpd' -- cgit 1.2.3-korg