Use barbican for certificates storage

Octavia can do SSL termination only in case when barbican is available.
We should be able to add required configuration section only when barbican
is also present in inventory

Change-Id: Ie319fd02cdd60f8a8ac65f0508e9075f40839ae9
This commit is contained in:
Dmitriy Rabotyagov 2020-12-25 18:09:29 +02:00
parent 44d0a6d398
commit 78d204afb8
2 changed files with 7 additions and 3 deletions

View File

@ -58,6 +58,9 @@ octavia_clients_endpoint: internalURL
octavia_auth_strategy: keystone octavia_auth_strategy: keystone
## Barbican certificates
octavia_barbican_enabled: false
## Cinder Volume ## Cinder Volume
octavia_cinder_enabled: False octavia_cinder_enabled: False

View File

@ -66,14 +66,15 @@ memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }} memcache_secret_key = {{ memcached_encryption_key }}
[certificates] [certificates]
# cert_generator = local_cert_generator
# For local certificate signing (development only):
ca_certificate = /etc/octavia/certs/ca.pem ca_certificate = /etc/octavia/certs/ca.pem
ca_private_key = /etc/octavia/certs/ca_key.pem ca_private_key = /etc/octavia/certs/ca_key.pem
ca_private_key_passphrase = {{ octavia_ca_private_key_passphrase }} ca_private_key_passphrase = {{ octavia_ca_private_key_passphrase }}
signing_digest = {{ octavia_signing_digest }} signing_digest = {{ octavia_signing_digest }}
{% if octavia_barbican_enabled %}
cert_manager = barbican_cert_manager
endpoint_type = {{ octavia_clients_endpoint }} endpoint_type = {{ octavia_clients_endpoint }}
region_name = {{ keystone_service_region }}
{% endif %}
[haproxy_amphora] [haproxy_amphora]
{% if octavia_haproxy_amphora_template is defined %} {% if octavia_haproxy_amphora_template is defined %}