Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
metadata ssl configuration support for Ocata
When metadata_ssl_enable is set to 'true' under contrail_4 in the cluster.json, set the following settings in the nova.conf of the nova_api container: enabled_ssl_apis= metadata nova_metadata_protocol = https nova_metadata_insecure = False ssl_cert_file = /etc/nova/ssl/certs/nova.pem ssl_key_file = /etc/nova/ssl/private/novakey.pem ssl_ca_file = /etc/nova/ssl/certs/ca.pem Also the following files are copied from the server-manager node to the openstack node: 1. /etc/contrail_smgr/puppet/ssl/<hostname>.pem as /etc/nova/ssl/certs/nova.pem 2. /etc/contrail_smgr/puppet/ssl/<hostname>-privkey.pem as /etc/nova/ssl/private/novakey.pem 3. /etc/contrail_smgr/puppet/ssl/ca-cert.pem as /etc/nova/ssl/certs/ca.pem To enable this, metadata_ssl_enable knob has been added to the etc/kolla/globals.yml Change-Id: I7eaeff8938231405c002808f310cff8820097ede Closes-bug: #1730631
- Loading branch information