Browse code
Switching Sahara to https in case of USE_SSL=True
Sahara will work over https in case if USE_SSL is set.
Note, this patch requires https://review.openstack.org/#/c/145383/
which is not merged yet.
Change-Id: I9e0069cfe72323a069a4205ca2f882c7a3ad17e0
Closes-Bug: #1419162
Andrew Lazarev authored on 2015/02/07 09:22:12Showing 2 changed files
| ... | ... |
@@ -33,6 +33,9 @@ SAHARA_DIR=$DEST/sahara |
| 33 | 33 |
SAHARA_CONF_DIR=${SAHARA_CONF_DIR:-/etc/sahara}
|
| 34 | 34 |
SAHARA_CONF_FILE=${SAHARA_CONF_DIR}/sahara.conf
|
| 35 | 35 |
|
| 36 |
+if is_ssl_enabled_service "sahara"; then |
|
| 37 |
+ SAHARA_SERVICE_PROTOCOL="https" |
|
| 38 |
+fi |
|
| 36 | 39 |
SAHARA_SERVICE_HOST=${SAHARA_SERVICE_HOST:-$SERVICE_HOST}
|
| 37 | 40 |
SAHARA_SERVICE_PORT=${SAHARA_SERVICE_PORT:-8386}
|
| 38 | 41 |
SAHARA_SERVICE_PROTOCOL=${SAHARA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
|
| ... | ... |
@@ -165,6 +168,14 @@ function configure_sahara {
|
| 165 | 165 |
iniset $SAHARA_CONF_FILE keystone ca_file $SSL_BUNDLE_FILE |
| 166 | 166 |
fi |
| 167 | 167 |
|
| 168 |
+ # Register SSL certificates if provided |
|
| 169 |
+ if is_ssl_enabled_service sahara; then |
|
| 170 |
+ ensure_certificates SAHARA |
|
| 171 |
+ |
|
| 172 |
+ iniset $SAHARA_CONF_FILE ssl cert_file "$SAHARA_SSL_CERT" |
|
| 173 |
+ iniset $SAHARA_CONF_FILE ssl key_file "$SAHARA_SSL_KEY" |
|
| 174 |
+ fi |
|
| 175 |
+ |
|
| 168 | 176 |
iniset $SAHARA_CONF_FILE DEFAULT use_syslog $SYSLOG |
| 169 | 177 |
|
| 170 | 178 |
# Format logging |
| ... | ... |
@@ -505,7 +505,7 @@ source $TOP_DIR/lib/rpc_backend |
| 505 | 505 |
check_rpc_backend |
| 506 | 506 |
|
| 507 | 507 |
# Service to enable with SSL if ``USE_SSL`` is True |
| 508 |
-SSL_ENABLED_SERVICES="key,nova,cinder,glance,s-proxy,neutron" |
|
| 508 |
+SSL_ENABLED_SERVICES="key,nova,cinder,glance,s-proxy,neutron,sahara" |
|
| 509 | 509 |
|
| 510 | 510 |
if is_service_enabled tls-proxy && [ "$USE_SSL" == "True" ]; then |
| 511 | 511 |
die $LINENO "tls-proxy and SSL are mutually exclusive" |