Files
Rob Crittenden
18d4778cf7
Configure endpoints to use SSL natively or via proxy
Configure nova, cinder, glance, swift and neutron to use SSL on the endpoints using either SSL natively or via a TLS proxy using stud. To enable SSL via proxy, in local.conf add ENABLED_SERVICES+=,tls-proxy This will create a new test root CA, a subordinate CA and an SSL server cert. It uses the value of hostname -f for the certificate subject. The CA certicates are also added to the system CA bundle. To enable SSL natively, in local.conf add: USE_SSL=True Native SSL by default will also use the devstack-generate root and subordinate CA. You can override this on a per-service basis by setting <SERVICE>_SSL_CERT=/path/to/cert <SERVICE>_SSL_KEY=/path/to/key <SERVICE>_SSL_PATH=/path/to/ca You should also set SERVICE_HOST to the FQDN of the host. This value defaults to the host IP address. Change-Id: I36fe56c063ca921131ad98439bd452cb135916ac Closes-Bug: 1328226