Add SSL PKI properties for keystone

To implement the SSL PKI spec we need to change the keystone ssl cert and cert key properties to be more generalizable. We also need to support the old properties for backwards compatibility. Change-Id: Icf46132230512a31b6dec3c07164c95b13dd8f73
2014-10-16 14:10:43 -07:00 · 2014-10-16 14:10:43 -07:00 · 0064f5e8b6
commit 0064f5e8b6
parent 6f3f9ec6da
2 changed files with 24 additions and 0 deletions
--- a/overcloud-source.yaml
+++ b/overcloud-source.yaml
@ -173,6 +173,15 @@ parameters:
    description: Keystone key for signing tokens.
    type: string
    hidden: true
+  KeystoneSSLCertificate:
+    default: ''
+    description: Keystone certificate for verifying token validity.
+    type: string
+  KeystoneSSLCertificateKey:
+    default: ''
+    description: Keystone key for signing tokens.
+    type: string
+    hidden: true
  LiveUpdateComputeImage:
    type: string
    description: The image ID for live-updates to the overcloud compute nodes.
@ -558,6 +567,9 @@ resources:
          ca_certificate: {get_param: KeystoneCACertificate}
          signing_key: {get_param: KeystoneSigningKey}
          signing_certificate: {get_param: KeystoneSigningCertificate}
+          ssl:
+              certificate: {get_param: KeystoneSSLCertificate}
+              certificate_key: {get_param: KeystoneSSLCertificateKey}
        mysql:
          innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
          local_bind: true
--- a/undercloud-source.yaml
+++ b/undercloud-source.yaml
@ -115,6 +115,15 @@ parameters:
    description: Keystone key for signing tokens.
    type: string
    hidden: true
+  KeystoneSSLCertificate:
+    default: ''
+    description: Keystone certificate for verifying token validity.
+    type: string
+  KeystoneSSLCertificateKey:
+    default: ''
+    description: Keystone key for signing tokens.
+    type: string
+    hidden: true
  HeatPassword:
    default: unset
    description: The password for the Heat service account, used by the Heat services.
@ -291,6 +300,9 @@ resources:
          ca_certificate: {get_param: KeystoneCACertificate}
          signing_key: {get_param: KeystoneSigningKey}
          signing_certificate: {get_param: KeystoneSigningCertificate}
+          ssl:
+              certificate: {get_param: KeystoneSSLCertificate}
+              certificate_key: {get_param: KeystoneSSLCertificateKey}
        mysql:
          innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
          root-password: {get_resource: MysqlRootPassword}