Browse code
Set up Cinder for TLS
* Start c-api proxy if 'tls-proxy' is enabled
* Configure Cinder service catalog for TLS
Change-Id: Ic692a0a16ffa51bfd4bfb67f827cd941ac0e72a4
Dean Troyer authored on 2012/12/14 08:05:24Showing 1 changed files
| ... | ... |
@@ -37,6 +37,12 @@ CINDER_CONF_DIR=/etc/cinder |
| 37 | 37 |
CINDER_CONF=$CINDER_CONF_DIR/cinder.conf |
| 38 | 38 |
CINDER_API_PASTE_INI=$CINDER_CONF_DIR/api-paste.ini |
| 39 | 39 |
|
| 40 |
+# Public facing bits |
|
| 41 |
+CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST}
|
|
| 42 |
+CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776}
|
|
| 43 |
+CINDER_SERVICE_PORT_INT=${CINDER_SERVICE_PORT_INT:-18776}
|
|
| 44 |
+CINDER_SERVICE_PROTOCOL=${CINDER_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
|
|
| 45 |
+ |
|
| 40 | 46 |
# Support entry points installation of console scripts |
| 41 | 47 |
if [[ -d $CINDER_DIR/bin ]]; then |
| 42 | 48 |
CINDER_BIN_DIR=$CINDER_DIR/bin |
| ... | ... |
@@ -122,6 +128,11 @@ function configure_cinder() {
|
| 122 | 122 |
iniset $CINDER_CONF DEFAULT osapi_volume_extension cinder.api.openstack.volume.contrib.standard_extensions |
| 123 | 123 |
iniset $CINDER_CONF DEFAULT state_path $CINDER_STATE_PATH |
| 124 | 124 |
|
| 125 |
+ if is_service_enabled tls-proxy; then |
|
| 126 |
+ # Set the service port for a proxy to take the original |
|
| 127 |
+ iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT |
|
| 128 |
+ fi |
|
| 129 |
+ |
|
| 125 | 130 |
if [ "$SYSLOG" != "False" ]; then |
| 126 | 131 |
iniset $CINDER_CONF DEFAULT use_syslog True |
| 127 | 132 |
fi |
| ... | ... |
@@ -193,9 +204,9 @@ create_cinder_accounts() {
|
| 193 | 193 |
keystone endpoint-create \ |
| 194 | 194 |
--region RegionOne \ |
| 195 | 195 |
--service_id $CINDER_SERVICE \ |
| 196 |
- --publicurl "http://$SERVICE_HOST:8776/v1/\$(tenant_id)s" \ |
|
| 197 |
- --adminurl "http://$SERVICE_HOST:8776/v1/\$(tenant_id)s" \ |
|
| 198 |
- --internalurl "http://$SERVICE_HOST:8776/v1/\$(tenant_id)s" |
|
| 196 |
+ --publicurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \ |
|
| 197 |
+ --adminurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \ |
|
| 198 |
+ --internalurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" |
|
| 199 | 199 |
fi |
| 200 | 200 |
fi |
| 201 | 201 |
} |
| ... | ... |
@@ -297,6 +308,11 @@ function start_cinder() {
|
| 297 | 297 |
screen_it c-api "cd $CINDER_DIR && $CINDER_BIN_DIR/cinder-api --config-file $CINDER_CONF" |
| 298 | 298 |
screen_it c-vol "cd $CINDER_DIR && $CINDER_BIN_DIR/cinder-volume --config-file $CINDER_CONF" |
| 299 | 299 |
screen_it c-sch "cd $CINDER_DIR && $CINDER_BIN_DIR/cinder-scheduler --config-file $CINDER_CONF" |
| 300 |
+ |
|
| 301 |
+ # Start proxies if enabled |
|
| 302 |
+ if is_service_enabled c-api && is_service_enabled tls-proxy; then |
|
| 303 |
+ start_tls_proxy '*' $CINDER_SERVICE_PORT $CINDER_SERVICE_HOST $CINDER_SERVICE_PORT_INT & |
|
| 304 |
+ fi |
|
| 300 | 305 |
} |
| 301 | 306 |
|
| 302 | 307 |
# stop_cinder() - Stop running processes |