openstack/devstack
Code Issues Proposed changes

Specify HTTPS URLs to fix tls-proxy mode

Browse Source 
A number of new settings are required for glance, cinder
and keystone to be installable when the tls-proxy
service is enabled.

For cinder a new public_endpoint option was added and this
needs to be set to the secure port.

Keystone needs the admin_endpoint and public_endpoints
defined otherwise during discovery the default,
non-secure versions, will be returned.

The keystone authtoken identity_uri was set at its default value
in the glance registry and API configuration files.

Change-Id: Ibb944ad7eb000edc6bccfcded765d1976d4d46d0
Closes-Bug: #1460807
This commit is contained in:
Rob Crittenden 2015-05-26 15:33:45 -04:00 committed by ayoung
parent 585501a250
commit cdba7b0e53
3 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/cinder
View File

@ -309,6 +309,8 @@ function configure_cinder {
if is_service_enabled tls-proxy; then
# Set the service port for a proxy to take the original
iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT
iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT
fi
if [ "$SYSLOG" != "False" ]; then

3
lib/glance
View File

@ -167,6 +167,9 @@ function configure_glance {
iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT
iniset $GLANCE_API_CONF DEFAULT public_endpoint $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT
iniset $GLANCE_REGISTRY_CONF DEFAULT bind_port $GLANCE_REGISTRY_PORT_INT
iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
iniset $GLANCE_REGISTRY_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
fi
# Register SSL certificates if provided

3
lib/keystone
View File

@ -233,6 +233,9 @@ function configure_keystone {
# Set the service ports for a proxy to take the originals
iniset $KEYSTONE_CONF eventlet_server public_port $KEYSTONE_SERVICE_PORT_INT
iniset $KEYSTONE_CONF eventlet_server admin_port $KEYSTONE_AUTH_PORT_INT
iniset $KEYSTONE_CONF DEFAULT public_endpoint $KEYSTONE_SERVICE_URI
iniset $KEYSTONE_CONF DEFAULT admin_endpoint $KEYSTONE_AUTH_URI
fi
iniset $KEYSTONE_CONF DEFAULT admin_token "$SERVICE_TOKEN"