openstack/kolla-ansible
Code Issues Proposed changes
731d6b1acf
kolla-ansible/ansible/roles/ironic/templates/ironic-inspector.json.j2
James Kirsch 316b0496b3 Add support for encrypting Ironic API 
This patch introduces an optional backend encryption for the Ironic API
and Ironic Inspector service. When used in conjunction with enabling
TLS for service API endpoints, network communcation will be encrypted
end to end, from client through HAProxy to the Ironic service.

Change-Id: I3e82c8ec112e53f907e89fea0c8c849072dcf957
Partially-Implements: blueprint add-ssl-internal-network
Depends-On: https://review.opendev.org/#/c/742776/
2020-08-29 15:25:49 +00:00

38 lines
1.5 KiB
Django/Jinja
Raw Blame History

{% set apache_binary = 'apache2' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd' %}
{% set apache_conf_dir = 'apache2/conf-enabled' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd/conf.d' %}
{
"command": "/usr/sbin/{{ apache_binary }} -DFOREGROUND",
"config_files": [
{
"source": "{{ container_config_directory }}/inspector.conf",
"dest": "/etc/ironic-inspector/inspector.conf",
"owner": "ironic-inspector",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/ironic-inspector-wsgi.conf",
"dest": "/etc/{{ apache_conf_dir }}/ironic-inspector-wsgi.conf",
"owner": "ironic",
"perm": "0600"
}{% if ironic_policy_file is defined %},
{
"source": "{{ container_config_directory }}/{{ ironic_policy_file }}",
"dest": "/etc/ironic/{{ ironic_policy_file }}",
"owner": "ironic",
"perm": "0600"
}{% endif %}{% if ironic_enable_tls_backend | bool %},
{
"source": "{{ container_config_directory }}/ironic-cert.pem",
"dest": "/etc/ironic/certs/ironic-cert.pem",
"owner": "ironic",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/ironic-key.pem",
"dest": "/etc/ironic/certs/ironic-key.pem",
"owner": "ironic",
"perm": "0600"
}{% endif %}
]
}
View Git Blame Copy Permalink