From 5ccbd0ae0fd9d8caace3a9e0533b9c7a2f0ff579 Mon Sep 17 00:00:00 2001 From: Andrew Lazarev Date: Fri, 6 Feb 2015 16:22:12 -0800 Subject: [PATCH] Switching Sahara to https in case of USE_SSL=True Sahara will work over https in case if USE_SSL is set. Note, this patch requires https://review.openstack.org/#/c/145383/ which is not merged yet. Change-Id: I9e0069cfe72323a069a4205ca2f882c7a3ad17e0 Closes-Bug: #1419162 --- lib/sahara | 11 +++++++++++ stack.sh | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/lib/sahara b/lib/sahara index 0651b0a633..6a3a5180bf 100644 --- a/lib/sahara +++ b/lib/sahara @@ -33,6 +33,9 @@ SAHARA_DIR=$DEST/sahara SAHARA_CONF_DIR=${SAHARA_CONF_DIR:-/etc/sahara} SAHARA_CONF_FILE=${SAHARA_CONF_DIR}/sahara.conf +if is_ssl_enabled_service "sahara"; then + SAHARA_SERVICE_PROTOCOL="https" +fi SAHARA_SERVICE_HOST=${SAHARA_SERVICE_HOST:-$SERVICE_HOST} SAHARA_SERVICE_PORT=${SAHARA_SERVICE_PORT:-8386} SAHARA_SERVICE_PROTOCOL=${SAHARA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL} @@ -165,6 +168,14 @@ function configure_sahara { iniset $SAHARA_CONF_FILE keystone ca_file $SSL_BUNDLE_FILE fi + # Register SSL certificates if provided + if is_ssl_enabled_service sahara; then + ensure_certificates SAHARA + + iniset $SAHARA_CONF_FILE ssl cert_file "$SAHARA_SSL_CERT" + iniset $SAHARA_CONF_FILE ssl key_file "$SAHARA_SSL_KEY" + fi + iniset $SAHARA_CONF_FILE DEFAULT use_syslog $SYSLOG # Format logging diff --git a/stack.sh b/stack.sh index 5cdcbdf9d8..a9d958de5e 100755 --- a/stack.sh +++ b/stack.sh @@ -505,7 +505,7 @@ source $TOP_DIR/lib/rpc_backend check_rpc_backend # Service to enable with SSL if ``USE_SSL`` is True -SSL_ENABLED_SERVICES="key,nova,cinder,glance,s-proxy,neutron" +SSL_ENABLED_SERVICES="key,nova,cinder,glance,s-proxy,neutron,sahara" if is_service_enabled tls-proxy && [ "$USE_SSL" == "True" ]; then die $LINENO "tls-proxy and SSL are mutually exclusive"