Browse code
Specify HTTPS URLs to fix tls-proxy mode
A number of new settings are required for glance, cinder
and keystone to be installable when the tls-proxy
service is enabled.
For cinder a new public_endpoint option was added and this
needs to be set to the secure port.
Keystone needs the admin_endpoint and public_endpoints
defined otherwise during discovery the default,
non-secure versions, will be returned.
The keystone authtoken identity_uri was set at its default value
in the glance registry and API configuration files.
Change-Id: Ibb944ad7eb000edc6bccfcded765d1976d4d46d0
Closes-Bug: #1460807
Rob Crittenden authored on 2015/05/27 04:33:45Showing 3 changed files
| ... | ... |
@@ -309,6 +309,8 @@ function configure_cinder {
|
| 309 | 309 |
if is_service_enabled tls-proxy; then |
| 310 | 310 |
# Set the service port for a proxy to take the original |
| 311 | 311 |
iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT |
| 312 |
+ |
|
| 313 |
+ iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT |
|
| 312 | 314 |
fi |
| 313 | 315 |
|
| 314 | 316 |
if [ "$SYSLOG" != "False" ]; then |
| ... | ... |
@@ -167,6 +167,9 @@ function configure_glance {
|
| 167 | 167 |
iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT |
| 168 | 168 |
iniset $GLANCE_API_CONF DEFAULT public_endpoint $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT |
| 169 | 169 |
iniset $GLANCE_REGISTRY_CONF DEFAULT bind_port $GLANCE_REGISTRY_PORT_INT |
| 170 |
+ |
|
| 171 |
+ iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI |
|
| 172 |
+ iniset $GLANCE_REGISTRY_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI |
|
| 170 | 173 |
fi |
| 171 | 174 |
|
| 172 | 175 |
# Register SSL certificates if provided |
| ... | ... |
@@ -233,6 +233,9 @@ function configure_keystone {
|
| 233 | 233 |
# Set the service ports for a proxy to take the originals |
| 234 | 234 |
iniset $KEYSTONE_CONF eventlet_server public_port $KEYSTONE_SERVICE_PORT_INT |
| 235 | 235 |
iniset $KEYSTONE_CONF eventlet_server admin_port $KEYSTONE_AUTH_PORT_INT |
| 236 |
+ |
|
| 237 |
+ iniset $KEYSTONE_CONF DEFAULT public_endpoint $KEYSTONE_SERVICE_URI |
|
| 238 |
+ iniset $KEYSTONE_CONF DEFAULT admin_endpoint $KEYSTONE_AUTH_URI |
|
| 236 | 239 |
fi |
| 237 | 240 |
|
| 238 | 241 |
iniset $KEYSTONE_CONF DEFAULT admin_token "$SERVICE_TOKEN" |