3874255b9f
* Deploy Self-Signed Certificates for both IPv6 & IPv4 deployments. * Disable IPv6 for RabbitMQ now, for SSL reasons, will be enabled again later in a next iteration. * Deploy Ironic API under WSGI instead of eventlet. * Switch Glance API, Ironic API and Keystone to SSL. * Configure Tempest with SSL endpoints when needed. * Reduce the Ironic tests because of [1]. [1] https://bugs.launchpad.net/ironic/+bug/1554237 Note #1: puppet-swift, and puppet-cinder will require some work to support SSL, so it's not implemented in this patch. Note #2: we don't enable SSL for Neutron because of https://bugs.launchpad.net/neutron/+bug/1514424 Change-Id: Ib2b5289b6f5e82f43cf60dee3152b2c2ddd5a014
46 lines
1.3 KiB
Puppet
46 lines
1.3 KiB
Puppet
# Deploy SSL private keys
|
|
#
|
|
# [*key_path*]
|
|
# (optional) Path of SSL private key
|
|
# Defaults to undef.
|
|
#
|
|
define openstack_integration::ssl_key(
|
|
$key_path = undef,
|
|
) {
|
|
|
|
include ::openstack_integration::config
|
|
|
|
if $key_path == undef {
|
|
$_key_path = "/etc/${name}/ssl/private/${::fqdn}.pem"
|
|
} else {
|
|
$_key_path = $key_path
|
|
}
|
|
|
|
# If the user isn't providing an unexpected path, create the directory
|
|
# structure.
|
|
if $key_path == undef {
|
|
file { "/etc/${name}/ssl":
|
|
ensure => directory,
|
|
owner => $name,
|
|
mode => '0775',
|
|
selinux_ignore_defaults => true,
|
|
}
|
|
file { "/etc/${name}/ssl/private":
|
|
ensure => directory,
|
|
owner => $name,
|
|
mode => '0755',
|
|
require => File["/etc/${name}/ssl"],
|
|
selinux_ignore_defaults => true,
|
|
before => File[$_key_path]
|
|
}
|
|
}
|
|
|
|
file { $_key_path:
|
|
ensure => present,
|
|
owner => $name,
|
|
source => "puppet:///modules/openstack_integration/ipv${openstack_integration::config::ip_version}.key",
|
|
selinux_ignore_defaults => true,
|
|
mode => '0600',
|
|
}
|
|
}
|