Merge lp:~openstack-charmers/charms/precise/cinder/ssl-everywhere into lp:~openstack-charmers-archive/charms/precise/cinder/trunk
- Precise Pangolin (12.04)
- ssl-everywhere
- Merge into trunk
Proposed by
Kapil Thangavelu
Status: | Merged |
---|---|
Merged at revision: | 33 |
Proposed branch: | lp:~openstack-charmers/charms/precise/cinder/ssl-everywhere |
Merge into: | lp:~openstack-charmers-archive/charms/precise/cinder/trunk |
Diff against target: |
391 lines (+130/-41) 9 files modified
charm-helpers.yaml (+1/-1) config.yaml (+5/-0) hooks/charmhelpers/contrib/hahelpers/apache.py (+9/-8) hooks/charmhelpers/contrib/openstack/context.py (+88/-23) hooks/charmhelpers/contrib/openstack/templates/ceph.conf (+3/-0) hooks/charmhelpers/contrib/storage/linux/ceph.py (+6/-2) hooks/cinder_utils.py (+5/-4) templates/cinder.conf (+10/-3) templates/havana/api-paste.ini (+3/-0) |
To merge this branch: | bzr merge lp:~openstack-charmers/charms/precise/cinder/ssl-everywhere |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Marco Ceppi | Pending | ||
Edward Hope-Morley | Pending | ||
Review via email: mp+209300@code.launchpad.net |
Commit message
Description of the change
SSL client support for mysql and rabbitmq
Sync of charm helpers and config template changes
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'charm-helpers.yaml' | |||
2 | --- charm-helpers.yaml 2013-10-17 21:48:08 +0000 | |||
3 | +++ charm-helpers.yaml 2014-03-04 16:53:59 +0000 | |||
4 | @@ -1,4 +1,4 @@ | |||
6 | 1 | branch: lp:charm-helpers | 1 | branch: lp:~openstack-charmers/charm-helpers/ssl-everywhere |
7 | 2 | destination: hooks/charmhelpers | 2 | destination: hooks/charmhelpers |
8 | 3 | include: | 3 | include: |
9 | 4 | - core | 4 | - core |
10 | 5 | 5 | ||
11 | === modified file 'config.yaml' | |||
12 | --- config.yaml 2014-02-03 10:44:24 +0000 | |||
13 | +++ config.yaml 2014-03-04 16:53:59 +0000 | |||
14 | @@ -121,6 +121,11 @@ | |||
15 | 121 | ssl_key: | 121 | ssl_key: |
16 | 122 | type: string | 122 | type: string |
17 | 123 | description: SSL key to use with certificate specified as ssl_cert. | 123 | description: SSL key to use with certificate specified as ssl_cert. |
18 | 124 | ssl_ca: | ||
19 | 125 | type: string | ||
20 | 126 | description: | | ||
21 | 127 | SSL CA to use with the certificate and key provided - this is only | ||
22 | 128 | required if you are providing a privately signed ssl_cert and ssl_key. | ||
23 | 124 | config-flags: | 129 | config-flags: |
24 | 125 | type: string | 130 | type: string |
25 | 126 | description: Comma separated list of key=value config flags to be set in cinder.conf. | 131 | description: Comma separated list of key=value config flags to be set in cinder.conf. |
26 | 127 | 132 | ||
27 | === modified file 'hooks/charmhelpers/contrib/hahelpers/apache.py' | |||
28 | --- hooks/charmhelpers/contrib/hahelpers/apache.py 2013-10-17 21:48:08 +0000 | |||
29 | +++ hooks/charmhelpers/contrib/hahelpers/apache.py 2014-03-04 16:53:59 +0000 | |||
30 | @@ -39,14 +39,15 @@ | |||
31 | 39 | 39 | ||
32 | 40 | 40 | ||
33 | 41 | def get_ca_cert(): | 41 | def get_ca_cert(): |
42 | 42 | ca_cert = None | 42 | ca_cert = config_get('ssl_ca') |
43 | 43 | log("Inspecting identity-service relations for CA SSL certificate.", | 43 | if ca_cert is None: |
44 | 44 | level=INFO) | 44 | log("Inspecting identity-service relations for CA SSL certificate.", |
45 | 45 | for r_id in relation_ids('identity-service'): | 45 | level=INFO) |
46 | 46 | for unit in relation_list(r_id): | 46 | for r_id in relation_ids('identity-service'): |
47 | 47 | if not ca_cert: | 47 | for unit in relation_list(r_id): |
48 | 48 | ca_cert = relation_get('ca_cert', | 48 | if ca_cert is None: |
49 | 49 | rid=r_id, unit=unit) | 49 | ca_cert = relation_get('ca_cert', |
50 | 50 | rid=r_id, unit=unit) | ||
51 | 50 | return ca_cert | 51 | return ca_cert |
52 | 51 | 52 | ||
53 | 52 | 53 | ||
54 | 53 | 54 | ||
55 | === modified file 'hooks/charmhelpers/contrib/openstack/context.py' | |||
56 | --- hooks/charmhelpers/contrib/openstack/context.py 2014-02-19 10:44:30 +0000 | |||
57 | +++ hooks/charmhelpers/contrib/openstack/context.py 2014-03-04 16:53:59 +0000 | |||
58 | @@ -1,5 +1,6 @@ | |||
59 | 1 | import json | 1 | import json |
60 | 2 | import os | 2 | import os |
61 | 3 | import time | ||
62 | 3 | 4 | ||
63 | 4 | from base64 import b64decode | 5 | from base64 import b64decode |
64 | 5 | 6 | ||
65 | @@ -29,6 +30,7 @@ | |||
66 | 29 | determine_apache_port, | 30 | determine_apache_port, |
67 | 30 | determine_api_port, | 31 | determine_api_port, |
68 | 31 | https, | 32 | https, |
69 | 33 | is_clustered | ||
70 | 32 | ) | 34 | ) |
71 | 33 | 35 | ||
72 | 34 | from charmhelpers.contrib.hahelpers.apache import ( | 36 | from charmhelpers.contrib.hahelpers.apache import ( |
73 | @@ -112,7 +114,8 @@ | |||
74 | 112 | class SharedDBContext(OSContextGenerator): | 114 | class SharedDBContext(OSContextGenerator): |
75 | 113 | interfaces = ['shared-db'] | 115 | interfaces = ['shared-db'] |
76 | 114 | 116 | ||
78 | 115 | def __init__(self, database=None, user=None, relation_prefix=None): | 117 | def __init__(self, |
79 | 118 | database=None, user=None, relation_prefix=None, ssl_dir=None): | ||
80 | 116 | ''' | 119 | ''' |
81 | 117 | Allows inspecting relation for settings prefixed with relation_prefix. | 120 | Allows inspecting relation for settings prefixed with relation_prefix. |
82 | 118 | This is useful for parsing access for multiple databases returned via | 121 | This is useful for parsing access for multiple databases returned via |
83 | @@ -121,6 +124,7 @@ | |||
84 | 121 | self.relation_prefix = relation_prefix | 124 | self.relation_prefix = relation_prefix |
85 | 122 | self.database = database | 125 | self.database = database |
86 | 123 | self.user = user | 126 | self.user = user |
87 | 127 | self.ssl_dir = ssl_dir | ||
88 | 124 | 128 | ||
89 | 125 | def __call__(self): | 129 | def __call__(self): |
90 | 126 | self.database = self.database or config('database') | 130 | self.database = self.database or config('database') |
91 | @@ -138,19 +142,44 @@ | |||
92 | 138 | 142 | ||
93 | 139 | for rid in relation_ids('shared-db'): | 143 | for rid in relation_ids('shared-db'): |
94 | 140 | for unit in related_units(rid): | 144 | for unit in related_units(rid): |
96 | 141 | passwd = relation_get(password_setting, rid=rid, unit=unit) | 145 | rdata = relation_get(rid=rid, unit=unit) |
97 | 142 | ctxt = { | 146 | ctxt = { |
100 | 143 | 'database_host': relation_get('db_host', rid=rid, | 147 | 'database_host': rdata.get('db_host'), |
99 | 144 | unit=unit), | ||
101 | 145 | 'database': self.database, | 148 | 'database': self.database, |
102 | 146 | 'database_user': self.user, | 149 | 'database_user': self.user, |
104 | 147 | 'database_password': passwd, | 150 | 'database_password': rdata.get(password_setting) |
105 | 148 | } | 151 | } |
106 | 149 | if context_complete(ctxt): | 152 | if context_complete(ctxt): |
107 | 153 | db_ssl(rdata, ctxt, self.ssl_dir) | ||
108 | 150 | return ctxt | 154 | return ctxt |
109 | 151 | return {} | 155 | return {} |
110 | 152 | 156 | ||
111 | 153 | 157 | ||
112 | 158 | def db_ssl(rdata, ctxt, ssl_dir): | ||
113 | 159 | if 'ssl_ca' in rdata and ssl_dir: | ||
114 | 160 | ca_path = os.path.join(ssl_dir, 'db-client.ca') | ||
115 | 161 | with open(ca_path, 'w') as fh: | ||
116 | 162 | fh.write(b64decode(rdata['ssl_ca'])) | ||
117 | 163 | ctxt['database_ssl_ca'] = ca_path | ||
118 | 164 | elif 'ssl_ca' in rdata: | ||
119 | 165 | log("Charm not setup for ssl support but ssl ca found") | ||
120 | 166 | return ctxt | ||
121 | 167 | if 'ssl_cert' in rdata: | ||
122 | 168 | cert_path = os.path.join( | ||
123 | 169 | ssl_dir, 'db-client.cert') | ||
124 | 170 | if not os.path.exists(cert_path): | ||
125 | 171 | log("Waiting 1m for ssl client cert validity") | ||
126 | 172 | time.sleep(60) | ||
127 | 173 | with open(cert_path, 'w') as fh: | ||
128 | 174 | fh.write(b64decode(rdata['ssl_cert'])) | ||
129 | 175 | ctxt['database_ssl_cert'] = cert_path | ||
130 | 176 | key_path = os.path.join(ssl_dir, 'db-client.key') | ||
131 | 177 | with open(key_path, 'w') as fh: | ||
132 | 178 | fh.write(b64decode(rdata['ssl_key'])) | ||
133 | 179 | ctxt['database_ssl_key'] = key_path | ||
134 | 180 | return ctxt | ||
135 | 181 | |||
136 | 182 | |||
137 | 154 | class IdentityServiceContext(OSContextGenerator): | 183 | class IdentityServiceContext(OSContextGenerator): |
138 | 155 | interfaces = ['identity-service'] | 184 | interfaces = ['identity-service'] |
139 | 156 | 185 | ||
140 | @@ -160,22 +189,19 @@ | |||
141 | 160 | 189 | ||
142 | 161 | for rid in relation_ids('identity-service'): | 190 | for rid in relation_ids('identity-service'): |
143 | 162 | for unit in related_units(rid): | 191 | for unit in related_units(rid): |
144 | 192 | rdata = relation_get(rid=rid, unit=unit) | ||
145 | 163 | ctxt = { | 193 | ctxt = { |
161 | 164 | 'service_port': relation_get('service_port', rid=rid, | 194 | 'service_port': rdata.get('service_port'), |
162 | 165 | unit=unit), | 195 | 'service_host': rdata.get('service_host'), |
163 | 166 | 'service_host': relation_get('service_host', rid=rid, | 196 | 'auth_host': rdata.get('auth_host'), |
164 | 167 | unit=unit), | 197 | 'auth_port': rdata.get('auth_port'), |
165 | 168 | 'auth_host': relation_get('auth_host', rid=rid, unit=unit), | 198 | 'admin_tenant_name': rdata.get('service_tenant'), |
166 | 169 | 'auth_port': relation_get('auth_port', rid=rid, unit=unit), | 199 | 'admin_user': rdata.get('service_username'), |
167 | 170 | 'admin_tenant_name': relation_get('service_tenant', | 200 | 'admin_password': rdata.get('service_password'), |
168 | 171 | rid=rid, unit=unit), | 201 | 'service_protocol': |
169 | 172 | 'admin_user': relation_get('service_username', rid=rid, | 202 | rdata.get('service_protocol') or 'http', |
170 | 173 | unit=unit), | 203 | 'auth_protocol': |
171 | 174 | 'admin_password': relation_get('service_password', rid=rid, | 204 | rdata.get('auth_protocol') or 'http', |
157 | 175 | unit=unit), | ||
158 | 176 | # XXX: Hard-coded http. | ||
159 | 177 | 'service_protocol': 'http', | ||
160 | 178 | 'auth_protocol': 'http', | ||
172 | 179 | } | 205 | } |
173 | 180 | if context_complete(ctxt): | 206 | if context_complete(ctxt): |
174 | 181 | return ctxt | 207 | return ctxt |
175 | @@ -185,6 +211,9 @@ | |||
176 | 185 | class AMQPContext(OSContextGenerator): | 211 | class AMQPContext(OSContextGenerator): |
177 | 186 | interfaces = ['amqp'] | 212 | interfaces = ['amqp'] |
178 | 187 | 213 | ||
179 | 214 | def __init__(self, ssl_dir=None): | ||
180 | 215 | self.ssl_dir = ssl_dir | ||
181 | 216 | |||
182 | 188 | def __call__(self): | 217 | def __call__(self): |
183 | 189 | log('Generating template context for amqp') | 218 | log('Generating template context for amqp') |
184 | 190 | conf = config() | 219 | conf = config() |
185 | @@ -195,7 +224,6 @@ | |||
186 | 195 | log('Could not generate shared_db context. ' | 224 | log('Could not generate shared_db context. ' |
187 | 196 | 'Missing required charm config options: %s.' % e) | 225 | 'Missing required charm config options: %s.' % e) |
188 | 197 | raise OSContextError | 226 | raise OSContextError |
189 | 198 | |||
190 | 199 | ctxt = {} | 227 | ctxt = {} |
191 | 200 | for rid in relation_ids('amqp'): | 228 | for rid in relation_ids('amqp'): |
192 | 201 | for unit in related_units(rid): | 229 | for unit in related_units(rid): |
193 | @@ -212,7 +240,24 @@ | |||
194 | 212 | unit=unit), | 240 | unit=unit), |
195 | 213 | 'rabbitmq_virtual_host': vhost, | 241 | 'rabbitmq_virtual_host': vhost, |
196 | 214 | }) | 242 | }) |
197 | 243 | ssl_port = relation_get('ssl_port', rid=rid, unit=unit) | ||
198 | 244 | if ssl_port: | ||
199 | 245 | ctxt['rabbit_ssl_port'] = ssl_port | ||
200 | 246 | ssl_ca = relation_get('ssl_ca', rid=rid, unit=unit) | ||
201 | 247 | if ssl_ca: | ||
202 | 248 | ctxt['rabbit_ssl_ca'] = ssl_ca | ||
203 | 249 | |||
204 | 215 | if context_complete(ctxt): | 250 | if context_complete(ctxt): |
205 | 251 | if 'rabbit_ssl_ca' in ctxt: | ||
206 | 252 | if not self.ssl_dir: | ||
207 | 253 | log(("Charm not setup for ssl support " | ||
208 | 254 | "but ssl ca found")) | ||
209 | 255 | break | ||
210 | 256 | ca_path = os.path.join( | ||
211 | 257 | self.ssl_dir, 'rabbit-client-ca.pem') | ||
212 | 258 | with open(ca_path, 'w') as fh: | ||
213 | 259 | fh.write(b64decode(ctxt['rabbit_ssl_ca'])) | ||
214 | 260 | ctxt['rabbit_ssl_ca'] = ca_path | ||
215 | 216 | # Sufficient information found = break out! | 261 | # Sufficient information found = break out! |
216 | 217 | break | 262 | break |
217 | 218 | # Used for active/active rabbitmq >= grizzly | 263 | # Used for active/active rabbitmq >= grizzly |
218 | @@ -240,10 +285,13 @@ | |||
219 | 240 | '''This generates context for /etc/ceph/ceph.conf templates''' | 285 | '''This generates context for /etc/ceph/ceph.conf templates''' |
220 | 241 | if not relation_ids('ceph'): | 286 | if not relation_ids('ceph'): |
221 | 242 | return {} | 287 | return {} |
222 | 288 | |||
223 | 243 | log('Generating template context for ceph') | 289 | log('Generating template context for ceph') |
224 | 290 | |||
225 | 244 | mon_hosts = [] | 291 | mon_hosts = [] |
226 | 245 | auth = None | 292 | auth = None |
227 | 246 | key = None | 293 | key = None |
228 | 294 | use_syslog = str(config('use-syslog')).lower() | ||
229 | 247 | for rid in relation_ids('ceph'): | 295 | for rid in relation_ids('ceph'): |
230 | 248 | for unit in related_units(rid): | 296 | for unit in related_units(rid): |
231 | 249 | mon_hosts.append(relation_get('private-address', rid=rid, | 297 | mon_hosts.append(relation_get('private-address', rid=rid, |
232 | @@ -255,6 +303,7 @@ | |||
233 | 255 | 'mon_hosts': ' '.join(mon_hosts), | 303 | 'mon_hosts': ' '.join(mon_hosts), |
234 | 256 | 'auth': auth, | 304 | 'auth': auth, |
235 | 257 | 'key': key, | 305 | 'key': key, |
236 | 306 | 'use_syslog': use_syslog | ||
237 | 258 | } | 307 | } |
238 | 259 | 308 | ||
239 | 260 | if not os.path.isdir('/etc/ceph'): | 309 | if not os.path.isdir('/etc/ceph'): |
240 | @@ -391,7 +440,7 @@ | |||
241 | 391 | return ctxt | 440 | return ctxt |
242 | 392 | 441 | ||
243 | 393 | 442 | ||
245 | 394 | class NeutronContext(object): | 443 | class NeutronContext(OSContextGenerator): |
246 | 395 | interfaces = [] | 444 | interfaces = [] |
247 | 396 | 445 | ||
248 | 397 | @property | 446 | @property |
249 | @@ -452,6 +501,22 @@ | |||
250 | 452 | 501 | ||
251 | 453 | return nvp_ctxt | 502 | return nvp_ctxt |
252 | 454 | 503 | ||
253 | 504 | def neutron_ctxt(self): | ||
254 | 505 | if https(): | ||
255 | 506 | proto = 'https' | ||
256 | 507 | else: | ||
257 | 508 | proto = 'http' | ||
258 | 509 | if is_clustered(): | ||
259 | 510 | host = config('vip') | ||
260 | 511 | else: | ||
261 | 512 | host = unit_get('private-address') | ||
262 | 513 | url = '%s://%s:%s' % (proto, host, '9292') | ||
263 | 514 | ctxt = { | ||
264 | 515 | 'network_manager': self.network_manager, | ||
265 | 516 | 'neutron_url': url, | ||
266 | 517 | } | ||
267 | 518 | return ctxt | ||
268 | 519 | |||
269 | 455 | def __call__(self): | 520 | def __call__(self): |
270 | 456 | self._ensure_packages() | 521 | self._ensure_packages() |
271 | 457 | 522 | ||
272 | @@ -461,7 +526,7 @@ | |||
273 | 461 | if not self.plugin: | 526 | if not self.plugin: |
274 | 462 | return {} | 527 | return {} |
275 | 463 | 528 | ||
277 | 464 | ctxt = {'network_manager': self.network_manager} | 529 | ctxt = self.neutron_ctxt() |
278 | 465 | 530 | ||
279 | 466 | if self.plugin == 'ovs': | 531 | if self.plugin == 'ovs': |
280 | 467 | ctxt.update(self.ovs_ctxt()) | 532 | ctxt.update(self.ovs_ctxt()) |
281 | 468 | 533 | ||
282 | === modified file 'hooks/charmhelpers/contrib/openstack/templates/ceph.conf' | |||
283 | --- hooks/charmhelpers/contrib/openstack/templates/ceph.conf 2013-10-17 21:48:08 +0000 | |||
284 | +++ hooks/charmhelpers/contrib/openstack/templates/ceph.conf 2014-03-04 16:53:59 +0000 | |||
285 | @@ -9,3 +9,6 @@ | |||
286 | 9 | keyring = /etc/ceph/$cluster.$name.keyring | 9 | keyring = /etc/ceph/$cluster.$name.keyring |
287 | 10 | mon host = {{ mon_hosts }} | 10 | mon host = {{ mon_hosts }} |
288 | 11 | {% endif -%} | 11 | {% endif -%} |
289 | 12 | log to syslog = {{ use_syslog }} | ||
290 | 13 | err to syslog = {{ use_syslog }} | ||
291 | 14 | clog to syslog = {{ use_syslog }} | ||
292 | 12 | 15 | ||
293 | === modified file 'hooks/charmhelpers/contrib/storage/linux/ceph.py' | |||
294 | --- hooks/charmhelpers/contrib/storage/linux/ceph.py 2013-11-06 03:53:17 +0000 | |||
295 | +++ hooks/charmhelpers/contrib/storage/linux/ceph.py 2014-03-04 16:53:59 +0000 | |||
296 | @@ -49,6 +49,9 @@ | |||
297 | 49 | auth supported = {auth} | 49 | auth supported = {auth} |
298 | 50 | keyring = {keyring} | 50 | keyring = {keyring} |
299 | 51 | mon host = {mon_hosts} | 51 | mon host = {mon_hosts} |
300 | 52 | log to syslog = {use_syslog} | ||
301 | 53 | err to syslog = {use_syslog} | ||
302 | 54 | clog to syslog = {use_syslog} | ||
303 | 52 | """ | 55 | """ |
304 | 53 | 56 | ||
305 | 54 | 57 | ||
306 | @@ -194,7 +197,7 @@ | |||
307 | 194 | return hosts | 197 | return hosts |
308 | 195 | 198 | ||
309 | 196 | 199 | ||
311 | 197 | def configure(service, key, auth): | 200 | def configure(service, key, auth, use_syslog): |
312 | 198 | ''' Perform basic configuration of Ceph ''' | 201 | ''' Perform basic configuration of Ceph ''' |
313 | 199 | create_keyring(service, key) | 202 | create_keyring(service, key) |
314 | 200 | create_key_file(service, key) | 203 | create_key_file(service, key) |
315 | @@ -202,7 +205,8 @@ | |||
316 | 202 | with open('/etc/ceph/ceph.conf', 'w') as ceph_conf: | 205 | with open('/etc/ceph/ceph.conf', 'w') as ceph_conf: |
317 | 203 | ceph_conf.write(CEPH_CONF.format(auth=auth, | 206 | ceph_conf.write(CEPH_CONF.format(auth=auth, |
318 | 204 | keyring=_keyring_path(service), | 207 | keyring=_keyring_path(service), |
320 | 205 | mon_hosts=",".join(map(str, hosts)))) | 208 | mon_hosts=",".join(map(str, hosts)), |
321 | 209 | use_syslog=use_syslog)) | ||
322 | 206 | modprobe('rbd') | 210 | modprobe('rbd') |
323 | 207 | 211 | ||
324 | 208 | 212 | ||
325 | 209 | 213 | ||
326 | === modified file 'hooks/cinder_utils.py' | |||
327 | --- hooks/cinder_utils.py 2014-02-17 07:53:12 +0000 | |||
328 | +++ hooks/cinder_utils.py 2014-03-04 16:53:59 +0000 | |||
329 | @@ -83,8 +83,9 @@ | |||
330 | 83 | class CinderCharmError(Exception): | 83 | class CinderCharmError(Exception): |
331 | 84 | pass | 84 | pass |
332 | 85 | 85 | ||
335 | 86 | CINDER_CONF = '/etc/cinder/cinder.conf' | 86 | CINDER_CONF_DIR = "/etc/cinder" |
336 | 87 | CINDER_API_CONF = '/etc/cinder/api-paste.ini' | 87 | CINDER_CONF = '%s/cinder.conf' % CINDER_CONF_DIR |
337 | 88 | CINDER_API_CONF = '%s/api-paste.ini' % CINDER_CONF_DIR | ||
338 | 88 | CEPH_CONF = '/etc/ceph/ceph.conf' | 89 | CEPH_CONF = '/etc/ceph/ceph.conf' |
339 | 89 | HAPROXY_CONF = '/etc/haproxy/haproxy.cfg' | 90 | HAPROXY_CONF = '/etc/haproxy/haproxy.cfg' |
340 | 90 | APACHE_SITE_CONF = '/etc/apache2/sites-available/openstack_https_frontend' | 91 | APACHE_SITE_CONF = '/etc/apache2/sites-available/openstack_https_frontend' |
341 | @@ -96,8 +97,8 @@ | |||
342 | 96 | # with file in restart_on_changes()'s service map. | 97 | # with file in restart_on_changes()'s service map. |
343 | 97 | CONFIG_FILES = OrderedDict([ | 98 | CONFIG_FILES = OrderedDict([ |
344 | 98 | (CINDER_CONF, { | 99 | (CINDER_CONF, { |
347 | 99 | 'hook_contexts': [context.SharedDBContext(), | 100 | 'hook_contexts': [context.SharedDBContext(ssl_dir=CINDER_CONF_DIR), |
348 | 100 | context.AMQPContext(), | 101 | context.AMQPContext(ssl_dir=CINDER_CONF_DIR), |
349 | 101 | context.ImageServiceContext(), | 102 | context.ImageServiceContext(), |
350 | 102 | context.OSConfigFlagContext(), | 103 | context.OSConfigFlagContext(), |
351 | 103 | context.SyslogContext(), | 104 | context.SyslogContext(), |
352 | 104 | 105 | ||
353 | === modified file 'templates/cinder.conf' | |||
354 | --- templates/cinder.conf 2014-02-03 10:44:24 +0000 | |||
355 | +++ templates/cinder.conf 2014-03-04 16:53:59 +0000 | |||
356 | @@ -16,11 +16,18 @@ | |||
357 | 16 | lock_path = /var/lock/cinder | 16 | lock_path = /var/lock/cinder |
358 | 17 | volumes_dir = /var/lib/cinder/volumes | 17 | volumes_dir = /var/lib/cinder/volumes |
359 | 18 | {% if database_host -%} | 18 | {% if database_host -%} |
363 | 19 | sql_connection = mysql://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }} | 19 | sql_connection = mysql://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %} |
364 | 20 | {% endif -%} | 20 | {% endif %} |
365 | 21 | {% if rabbitmq_host -%} | 21 | {% if rabbitmq_host %} |
366 | 22 | notification_driver = cinder.openstack.common.notifier.rabbit_notifier | 22 | notification_driver = cinder.openstack.common.notifier.rabbit_notifier |
367 | 23 | control_exchange = cinder | 23 | control_exchange = cinder |
368 | 24 | {% if rabbit_ssl_port %} | ||
369 | 25 | rabbit_use_ssl=True | ||
370 | 26 | rabbit_port={{ rabbit_ssl_port }} | ||
371 | 27 | {% if rabbit_ssl_ca %} | ||
372 | 28 | kombu_ssl_ca_certs={{rabbit_ssl_ca}} | ||
373 | 29 | {% endif %} | ||
374 | 30 | {% endif %} | ||
375 | 24 | rabbit_host = {{ rabbitmq_host }} | 31 | rabbit_host = {{ rabbitmq_host }} |
376 | 25 | rabbit_userid = {{ rabbitmq_user }} | 32 | rabbit_userid = {{ rabbitmq_user }} |
377 | 26 | rabbit_password = {{ rabbitmq_password }} | 33 | rabbit_password = {{ rabbitmq_password }} |
378 | 27 | 34 | ||
379 | === modified file 'templates/havana/api-paste.ini' | |||
380 | --- templates/havana/api-paste.ini 2013-10-17 21:48:08 +0000 | |||
381 | +++ templates/havana/api-paste.ini 2014-03-04 16:53:59 +0000 | |||
382 | @@ -58,6 +58,9 @@ | |||
383 | 58 | [filter:authtoken] | 58 | [filter:authtoken] |
384 | 59 | paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory | 59 | paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory |
385 | 60 | {% if service_host -%} | 60 | {% if service_host -%} |
386 | 61 | service_protocol = {{ service_protocol }} | ||
387 | 62 | service_host = {{ service_host }} | ||
388 | 63 | service_port = {{ service_port }} | ||
389 | 61 | auth_host = {{ auth_host }} | 64 | auth_host = {{ auth_host }} |
390 | 62 | auth_port = {{ auth_port }} | 65 | auth_port = {{ auth_port }} |
391 | 63 | auth_protocol = {{ auth_protocol }} | 66 | auth_protocol = {{ auth_protocol }} |