Allow deploying keystone with SSL certificates Allow providing certificates through environment variables to be used for keystone, and provide the basis for doing this for other services. It cannot be used in conjunction with tls-proxy as the service provides it's own encrypted endpoint. Impletmenting: blueprint devstack-https Change-Id: I8cf4c9c8c8a6911ae56ebcd14600a9d24cca99a0

commit: bd24a8d0f884d27f47834c917c047b54271c1179 [log] [tgz]
author: Jamie Lennox <jamielennox@redhat.com> Fri Sep 20 16:26:42 2013 +1000
committer: Gerrit Code Review <review@openstack.org> Mon Nov 25 22:27:51 2013 +0000
tree: a2fc27d5b90c224c65283dc6bb87cb563d8c4eca
parent: 99da4af55ef0c451983bcc5d7f97e1e22da168ea [diff] [blame]
diff --git a/lib/ironic b/lib/ironic
index 9f86e84..099746a 100644
--- a/lib/ironic
+++ b/lib/ironic

@@ -98,6 +98,7 @@
     iniset $IRONIC_CONF_FILE keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
     iniset $IRONIC_CONF_FILE keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
     iniset $IRONIC_CONF_FILE keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
+    iniset $IRONIC_CONF_FILE keystone_authtoken cafile $KEYSTONE_SSL_CA
     iniset $IRONIC_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/
     iniset $IRONIC_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
     iniset $IRONIC_CONF_FILE keystone_authtoken admin_user ironic
commit	bd24a8d0f884d27f47834c917c047b54271c1179	[log] [tgz]
author	Jamie Lennox <jamielennox@redhat.com>	Fri Sep 20 16:26:42 2013 +1000
committer	Gerrit Code Review <review@openstack.org>	Mon Nov 25 22:27:51 2013 +0000
tree	a2fc27d5b90c224c65283dc6bb87cb563d8c4eca
parent	99da4af55ef0c451983bcc5d7f97e1e22da168ea [diff] [blame]