commit 560346b506616a505718dd18c5053b4bf4360a5b
author Dean Troyer <dtroyer@gmail.com> Thu Dec 13 17:05:24 2012 -0600
committer Dean Troyer <dtroyer@gmail.com> Wed Dec 19 15:29:42 2012 -0600
tree dbd50a9bc69f0f93b644080e2b8cbc79b6d403da
parent 6b127a9d57d850ab95f1fb9c424fff4f5922f375

Set up Cinder for TLS

* Start c-api proxy if 'tls-proxy' is enabled
* Configure Cinder service catalog for TLS

Change-Id: Ic692a0a16ffa51bfd4bfb67f827cd941ac0e72a4

lib/cinder

diff --git a/lib/cinder b/lib/cinder
index 5477e26..d69790c 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -37,6 +37,12 @@
 CINDER_CONF=$CINDER_CONF_DIR/cinder.conf
 CINDER_API_PASTE_INI=$CINDER_CONF_DIR/api-paste.ini
 
+# Public facing bits
+CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST}
+CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776}
+CINDER_SERVICE_PORT_INT=${CINDER_SERVICE_PORT_INT:-18776}
+CINDER_SERVICE_PROTOCOL=${CINDER_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
+
 # Support entry points installation of console scripts
 if [[ -d $CINDER_DIR/bin ]]; then
     CINDER_BIN_DIR=$CINDER_DIR/bin
@@ -122,6 +128,11 @@
     iniset $CINDER_CONF DEFAULT osapi_volume_extension cinder.api.openstack.volume.contrib.standard_extensions
     iniset $CINDER_CONF DEFAULT state_path $CINDER_STATE_PATH
 
+    if is_service_enabled tls-proxy; then
+        # Set the service port for a proxy to take the original
+        iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT
+    fi
+
     if [ "$SYSLOG" != "False" ]; then
         iniset $CINDER_CONF DEFAULT use_syslog True
     fi
@@ -193,9 +204,9 @@
             keystone endpoint-create \
                 --region RegionOne \
                 --service_id $CINDER_SERVICE \
-                --publicurl "http://$SERVICE_HOST:8776/v1/\$(tenant_id)s" \
-                --adminurl "http://$SERVICE_HOST:8776/v1/\$(tenant_id)s" \
-                --internalurl "http://$SERVICE_HOST:8776/v1/\$(tenant_id)s"
+                --publicurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
+                --adminurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
+                --internalurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s"
         fi
     fi
 }
@@ -297,6 +308,11 @@
     screen_it c-api "cd $CINDER_DIR && $CINDER_BIN_DIR/cinder-api --config-file $CINDER_CONF"
     screen_it c-vol "cd $CINDER_DIR && $CINDER_BIN_DIR/cinder-volume --config-file $CINDER_CONF"
     screen_it c-sch "cd $CINDER_DIR && $CINDER_BIN_DIR/cinder-scheduler --config-file $CINDER_CONF"
+
+    # Start proxies if enabled
+    if is_service_enabled c-api && is_service_enabled tls-proxy; then
+        start_tls_proxy '*' $CINDER_SERVICE_PORT $CINDER_SERVICE_HOST $CINDER_SERVICE_PORT_INT &
+    fi
 }
 
 # stop_cinder() - Stop running processes