Merge "Enable internal TLS for Cinder API"

This commit is contained in:
Jenkins 2016-11-11 21:04:52 +00:00 committed by Gerrit Code Review
commit e90a43895b

@ -43,6 +43,9 @@ parameters:
type: string
description: Set the number of workers for cinder::wsgi::apache
default: '"%{::os_workers}"'
EnableInternalTLS:
type: boolean
default: false
conditions:
cinder_workers_zero: {equals : [{get_param: CinderWorkers}, 0]}
@ -55,6 +58,7 @@ resources:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
EnableInternalTLS: {get_param: EnableInternalTLS}
CinderBase:
type: ./cinder-base.yaml
@ -94,21 +98,26 @@ outputs:
dport:
- 8776
- 13776
cinder::api::bind_host:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
params:
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS}
cinder::api::service_name: 'httpd'
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
cinder::api::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
cinder::api::service_name: 'httpd'
cinder::wsgi::apache::ssl: false
cinder::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
cinder::wsgi::apache::servername:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
-
if:
- cinder_workers_zero