When metadata_ssl_enable is set to 'true' under contrail_4 in the cluster.json,
set the following settings in the nova.conf of the nova_api container:
enabled_ssl_apis= metadata
nova_metadata_protocol = https
nova_metadata_insecure = True
ssl_cert_file = /etc/nova/ssl/certs/nova.pem
ssl_key_file = /etc/nova/ssl/private/novakey.pem
ssl_ca_file = /etc/nova/ssl/certs/ca.pem
Also the following files are copied from the server-manager node to the
openstack node:
1. /etc/contrail_smgr/puppet/ssl/<hostname>.pem as /etc/nova/ssl/certs/nova.pem
2. /etc/contrail_smgr/puppet/ssl/<hostname>-privkey.pem as
/etc/nova/ssl/private/novakey.pem
3. /etc/contrail_smgr/puppet/ssl/ca-cert.pem as /etc/nova/ssl/certs/ca.pem
To enable this, metadata_ssl_enable knob has been added to the
etc/kolla/globals.yml
Reviewed: https:/ /review. opencontrail. org/37341 github. com/Juniper/ contrail- ansible/ commit/ 759643300f7c94c a18bf47ce59a124 384baed4d0
Committed: http://
Submitter: Zuul (<email address hidden>)
Branch: master
commit 759643300f7c94c a18bf47ce59a124 384baed4d0
Author: Ramprakash Ram Mohan <email address hidden>
Date: Wed Nov 8 21:43:07 2017 -0800
metadata ssl configuration support for Ocata
When metadata_ssl_enable is set to 'true' under contrail_4 in the cluster.json, protocol = https insecure = True ssl/certs/ nova.pem ssl/private/ novakey. pem ssl/certs/ ca.pem
set the following settings in the nova.conf of the nova_api container:
enabled_ssl_apis= metadata
nova_metadata_
nova_metadata_
ssl_cert_file = /etc/nova/
ssl_key_file = /etc/nova/
ssl_ca_file = /etc/nova/
Also the following files are copied from the server-manager node to the smgr/puppet/ ssl/<hostname> .pem as /etc/nova/ ssl/certs/ nova.pem smgr/puppet/ ssl/<hostname> -privkey. pem as ssl/private/ novakey. pem smgr/puppet/ ssl/ca- cert.pem as /etc/nova/ ssl/certs/ ca.pem
openstack node:
1. /etc/contrail_
2. /etc/contrail_
/etc/nova/
3. /etc/contrail_
To enable this, metadata_ssl_enable knob has been added to the globals. yml
etc/kolla/
Change-Id: I45e7448a97dc12 9d17a5248d72908 27b57a95423
Partial-bug: #1730631