openstack/devstack
Code Issues Proposed changes
e419746ec0
devstack/files/rpms
History
Rob Crittenden 18d4778cf7 Configure endpoints to use SSL natively or via proxy 
Configure nova, cinder, glance, swift and neutron to use SSL
on the endpoints using either SSL natively or via a TLS proxy
using stud.

To enable SSL via proxy, in local.conf add

ENABLED_SERVICES+=,tls-proxy

This will create a new test root CA, a subordinate CA and an SSL
server cert. It uses the value of hostname -f for the certificate
subject. The CA certicates are also added to the system CA bundle.

To enable SSL natively, in local.conf add:

USE_SSL=True

Native SSL by default will also use the devstack-generate root and
subordinate CA.

You can override this on a per-service basis by setting

<SERVICE>_SSL_CERT=/path/to/cert
<SERVICE>_SSL_KEY=/path/to/key
<SERVICE>_SSL_PATH=/path/to/ca

You should also set SERVICE_HOST to the FQDN of the host. This
value defaults to the host IP address.

Change-Id: I36fe56c063ca921131ad98439bd452cb135916ac
Closes-Bug: 1328226
2014-09-24 18:36:37 -04:00
..
ceilometer-collector Make mongo install for ceilometer NOPRIME 2014-03-11 10:32:01 +11:00
ceph Implement Ceph backend for Glance / Cinder / Nova 2014-07-23 16:13:45 +02:00
cinder Add python-dev to general requirements 2014-04-02 15:35:28 +00:00
dstat add dstat to see top process info 2014-02-11 17:53:03 -05:00
general Add graphviz package to general list for building docs 2014-08-20 18:09:44 -07:00
glance Promote libffi-dev as a general dependency 2014-07-09 20:18:04 +02:00
horizon don't install boto from packages 2014-09-03 11:30:54 -04:00
ironic Allow devstack to build ironic agent ramdisk 2014-09-04 16:31:02 -07:00
keystone Configure endpoints to use SSL natively or via proxy 2014-09-24 18:36:37 -04:00
ldap Add optional silent install and config of ldap to devstack 2013-02-05 20:00:15 -06:00
n-api Install fping package 2014-04-04 09:41:11 +09:00
n-cpu Make python-guestfs NOPRIME & install for libvirt 2014-02-25 22:15:46 -05:00
n-novnc E) Add support for Fedora 16 2012-04-11 14:55:47 -05:00
n-spice Add support for setting up nova-spicehtml5proxy 2013-01-17 14:36:58 +00:00
neutron The python-qpid packages must be installed when qpidd is configured 2014-09-15 14:21:55 -04:00
nova The python-qpid packages must be installed when qpidd is configured 2014-09-15 14:21:55 -04:00
openvswitch Don't install openvswitch-datapath-dkms on newer kernels 2014-06-25 10:31:44 -04:00
postgresql Add PostgreSQL support to devstack 2012-11-03 18:19:21 -04:00
q-agt Support ipset for security group 2014-08-28 10:42:03 +08:00
q-l3 Add keepalived, conntrackd as dependencies 2014-08-14 14:41:17 +03:00
qpid Add an option to enable version 1.0 of the AMQP messaging protocol 2014-09-10 14:53:01 -04:00
ryu Update required packages for ryu 2014-03-04 15:43:01 +09:00
swift Promote libffi-dev as a general dependency 2014-07-09 20:18:04 +02:00
tempest Add support for Fedora 20 2014-01-10 10:52:41 +01:00
trove Add support for Fedora 20 2014-01-10 10:52:41 +01:00
zaqar-server Rename Marconi to Zaqar 2014-08-22 09:06:58 +00:00