Switching Sahara to https in case of USE_SSL=True
Sahara will work over https in case if USE_SSL is set.
Note, this patch requires https://review.openstack.org/#/c/145383/
which is not merged yet.
Change-Id: I9e0069cfe72323a069a4205ca2f882c7a3ad17e0
Closes-Bug: #1419162
diff --git a/lib/sahara b/lib/sahara
index 0651b0a..6a3a518 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -33,6 +33,9 @@
SAHARA_CONF_DIR=${SAHARA_CONF_DIR:-/etc/sahara}
SAHARA_CONF_FILE=${SAHARA_CONF_DIR}/sahara.conf
+if is_ssl_enabled_service "sahara"; then
+ SAHARA_SERVICE_PROTOCOL="https"
+fi
SAHARA_SERVICE_HOST=${SAHARA_SERVICE_HOST:-$SERVICE_HOST}
SAHARA_SERVICE_PORT=${SAHARA_SERVICE_PORT:-8386}
SAHARA_SERVICE_PROTOCOL=${SAHARA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
@@ -165,6 +168,14 @@
iniset $SAHARA_CONF_FILE keystone ca_file $SSL_BUNDLE_FILE
fi
+ # Register SSL certificates if provided
+ if is_ssl_enabled_service sahara; then
+ ensure_certificates SAHARA
+
+ iniset $SAHARA_CONF_FILE ssl cert_file "$SAHARA_SSL_CERT"
+ iniset $SAHARA_CONF_FILE ssl key_file "$SAHARA_SSL_KEY"
+ fi
+
iniset $SAHARA_CONF_FILE DEFAULT use_syslog $SYSLOG
# Format logging
diff --git a/stack.sh b/stack.sh
index 5cdcbdf..a9d958d 100755
--- a/stack.sh
+++ b/stack.sh
@@ -505,7 +505,7 @@
check_rpc_backend
# Service to enable with SSL if ``USE_SSL`` is True
-SSL_ENABLED_SERVICES="key,nova,cinder,glance,s-proxy,neutron"
+SSL_ENABLED_SERVICES="key,nova,cinder,glance,s-proxy,neutron,sahara"
if is_service_enabled tls-proxy && [ "$USE_SSL" == "True" ]; then
die $LINENO "tls-proxy and SSL are mutually exclusive"