Use barbican for certificates storage
Octavia can do SSL termination only in case when barbican is available. We should be able to add required configuration section only when barbican is also present in inventory Change-Id: Ie319fd02cdd60f8a8ac65f0508e9075f40839ae9
This commit is contained in:
parent
44d0a6d398
commit
78d204afb8
@ -58,6 +58,9 @@ octavia_clients_endpoint: internalURL
|
|||||||
|
|
||||||
octavia_auth_strategy: keystone
|
octavia_auth_strategy: keystone
|
||||||
|
|
||||||
|
## Barbican certificates
|
||||||
|
octavia_barbican_enabled: false
|
||||||
|
|
||||||
## Cinder Volume
|
## Cinder Volume
|
||||||
octavia_cinder_enabled: False
|
octavia_cinder_enabled: False
|
||||||
|
|
||||||
|
@ -66,14 +66,15 @@ memcache_security_strategy = ENCRYPT
|
|||||||
memcache_secret_key = {{ memcached_encryption_key }}
|
memcache_secret_key = {{ memcached_encryption_key }}
|
||||||
|
|
||||||
[certificates]
|
[certificates]
|
||||||
# cert_generator = local_cert_generator
|
|
||||||
|
|
||||||
# For local certificate signing (development only):
|
|
||||||
ca_certificate = /etc/octavia/certs/ca.pem
|
ca_certificate = /etc/octavia/certs/ca.pem
|
||||||
ca_private_key = /etc/octavia/certs/ca_key.pem
|
ca_private_key = /etc/octavia/certs/ca_key.pem
|
||||||
ca_private_key_passphrase = {{ octavia_ca_private_key_passphrase }}
|
ca_private_key_passphrase = {{ octavia_ca_private_key_passphrase }}
|
||||||
signing_digest = {{ octavia_signing_digest }}
|
signing_digest = {{ octavia_signing_digest }}
|
||||||
|
{% if octavia_barbican_enabled %}
|
||||||
|
cert_manager = barbican_cert_manager
|
||||||
endpoint_type = {{ octavia_clients_endpoint }}
|
endpoint_type = {{ octavia_clients_endpoint }}
|
||||||
|
region_name = {{ keystone_service_region }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
[haproxy_amphora]
|
[haproxy_amphora]
|
||||||
{% if octavia_haproxy_amphora_template is defined %}
|
{% if octavia_haproxy_amphora_template is defined %}
|
||||||
|
Loading…
Reference in New Issue
Block a user