commit bd24a8d0f884d27f47834c917c047b54271c1179
author Jamie Lennox <jamielennox@redhat.com> Fri Sep 20 16:26:42 2013 +1000
committer Gerrit Code Review <review@openstack.org> Mon Nov 25 22:27:51 2013 +0000
tree a2fc27d5b90c224c65283dc6bb87cb563d8c4eca
parent 99da4af55ef0c451983bcc5d7f97e1e22da168ea

Allow deploying keystone with SSL certificates

Allow providing certificates through environment variables to be used
for keystone, and provide the basis for doing this for other services.
It cannot be used in conjunction with tls-proxy as the service provides
it's own encrypted endpoint.

Impletmenting: blueprint devstack-https
Change-Id: I8cf4c9c8c8a6911ae56ebcd14600a9d24cca99a0

lib/nova

diff --git a/lib/nova b/lib/nova
index 6ab2000..5fd0beb 100644
--- a/lib/nova
+++ b/lib/nova
@@ -225,6 +225,7 @@
         inicomment $NOVA_API_PASTE_INI filter:authtoken auth_host
         inicomment $NOVA_API_PASTE_INI filter:authtoken auth_protocol
         inicomment $NOVA_API_PASTE_INI filter:authtoken admin_tenant_name
+        inicomment $NOVA_API_PASTE_INI filter:authtoken cafile
         inicomment $NOVA_API_PASTE_INI filter:authtoken admin_user
         inicomment $NOVA_API_PASTE_INI filter:authtoken admin_password
     fi
@@ -399,6 +400,7 @@
         iniset $NOVA_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
         iniset $NOVA_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
         iniset $NOVA_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
+        iniset $NOVA_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
         iniset $NOVA_CONF keystone_authtoken admin_user nova
         iniset $NOVA_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
     fi