contrail-webui: enable ssl auth for openstack services
Fixes:
- determine default parameter for identity protocol.
- fix documentation.
Change-Id: I07a82064178e466c017cb18c64a405e683a5493c
Related-PROD: PROD-29221 (PROD:29221)
diff --git a/README.rst b/README.rst
index b936776..36034ca 100644
--- a/README.rst
+++ b/README.rst
@@ -56,6 +56,7 @@
address: http://mirror.robotice.cz/contrail-havana/
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -93,6 +94,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -181,6 +183,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -205,6 +208,7 @@
address: http://mirror.robotice.cz/contrail-havana/
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -250,6 +254,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -355,6 +360,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -375,6 +381,7 @@
version: 2.2
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -420,6 +427,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -497,6 +505,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -515,6 +524,7 @@
version: 2.2
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -589,6 +599,7 @@
version: 2.2
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
diff --git a/metadata/service/client/cluster.yml b/metadata/service/client/cluster.yml
index 5defad9..91043a9 100644
--- a/metadata/service/client/cluster.yml
+++ b/metadata/service/client/cluster.yml
@@ -3,6 +3,7 @@
parameters:
_param:
opencontrail_version: 3.0
+ opencontrail_identity_protocol: http
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
openstack_control_address: 127.0.0.1
diff --git a/metadata/service/client/single.yml b/metadata/service/client/single.yml
index f531e03..2e14591 100644
--- a/metadata/service/client/single.yml
+++ b/metadata/service/client/single.yml
@@ -3,6 +3,7 @@
parameters:
_param:
opencontrail_version: 3.0
+ opencontrail_identity_protocol: http
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
opencontrail_admin_password: 'none'
diff --git a/metadata/service/control/analytics.yml b/metadata/service/control/analytics.yml
index 4e9024e..936e5f7 100644
--- a/metadata/service/control/analytics.yml
+++ b/metadata/service/control/analytics.yml
@@ -5,6 +5,7 @@
parameters:
_param:
opencontrail_version: 2.2
+ opencontrail_identity_protocol: http
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
opencontrail_admin_password: 'none'
diff --git a/metadata/service/control/cluster.yml b/metadata/service/control/cluster.yml
index 5b1da1c..2450352 100644
--- a/metadata/service/control/cluster.yml
+++ b/metadata/service/control/cluster.yml
@@ -5,6 +5,7 @@
parameters:
_param:
opencontrail_version: 2.2
+ opencontrail_identity_protocol: http
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
opencontrail_admin_password: 'none'
@@ -191,6 +192,7 @@
identity:
engine: keystone
version: ${_param:opencontrail_identity_version}
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
diff --git a/metadata/service/control/control.yml b/metadata/service/control/control.yml
index 93155a2..3d618f2 100644
--- a/metadata/service/control/control.yml
+++ b/metadata/service/control/control.yml
@@ -5,6 +5,7 @@
parameters:
_param:
opencontrail_version: 2.2
+ opencontrail_identity_protocol: http
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
opencontrail_admin_password: 'none'
@@ -152,6 +153,7 @@
engine: keystone
version: ${_param:opencontrail_identity_version}
region: RegionOne
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
diff --git a/metadata/service/control/single.yml b/metadata/service/control/single.yml
index ea8472a..5478d5c 100644
--- a/metadata/service/control/single.yml
+++ b/metadata/service/control/single.yml
@@ -5,6 +5,7 @@
parameters:
_param:
opencontrail_version: 2.2
+ opencontrail_identity_protocol: http
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
opencontrail_admin_password: 'none'
@@ -161,6 +162,7 @@
identity:
engine: keystone
version: ${_param:opencontrail_identity_version}
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:single_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
diff --git a/opencontrail/files/3.0/config.global.js b/opencontrail/files/3.0/config.global.js
index e4397c3..70cf9b5 100644
--- a/opencontrail/files/3.0/config.global.js
+++ b/opencontrail/files/3.0/config.global.js
@@ -97,7 +97,7 @@
config.imageManager = {};
config.imageManager.ip = '{{ web.identity.host }}';
config.imageManager.port = '9292';
-config.imageManager.authProtocol = 'http';
+config.imageManager.authProtocol = '{{ web.identity.protocol }}';
config.imageManager.apiVersion = ['v1', 'v2'];
config.imageManager.strictSSL = false;
config.imageManager.ca = '';
@@ -105,7 +105,7 @@
config.computeManager = {};
config.computeManager.ip = '{{ web.identity.host }}';
config.computeManager.port = '8774';
-config.computeManager.authProtocol = 'http';
+config.computeManager.authProtocol = '{{ web.identity.protocol }}';
config.computeManager.apiVersion = ['v1.1', 'v2'];
config.computeManager.strictSSL = false;
config.computeManager.ca = '';
@@ -113,7 +113,7 @@
config.identityManager = {};
config.identityManager.ip = '{{ web.identity.host }}';
config.identityManager.port = '5000';
-config.identityManager.authProtocol = 'http';
+config.identityManager.authProtocol = '{{ web.identity.protocol }}';
/******************************************************************************
* Note: config.identityManager.apiVersion is not controlled by boolean flag
* config.serviceEndPointFromConfig. If specified apiVersion here, then these
@@ -128,7 +128,7 @@
config.storageManager = {};
config.storageManager.ip = '{{ web.identity.host }}';
config.storageManager.port = '8776';
-config.storageManager.authProtocol = 'http';
+config.storageManager.authProtocol = '{{ web.identity.protocol }}';
config.storageManager.apiVersion = ['v1'];
config.storageManager.strictSSL = false;
config.storageManager.ca = '';
diff --git a/opencontrail/files/4.0/config.global.js b/opencontrail/files/4.0/config.global.js
index 2dd1b64..01da5df 100644
--- a/opencontrail/files/4.0/config.global.js
+++ b/opencontrail/files/4.0/config.global.js
@@ -75,7 +75,7 @@
config.regions = {};
{%- if web.identity.engine != "none" %}
-config.regions['{{ web.identity.get("region", "RegionOne") }}'] = 'http://{{ web.identity.host }}:5000/v{{ web.identity.version }}';
+config.regions['{{ web.identity.get("region", "RegionOne") }}'] = '{{ web.identity.protocol }}://{{ web.identity.host }}:5000/v{{ web.identity.version }}';
{%- endif %}
/****************************************************************************
@@ -139,7 +139,7 @@
config.imageManager = {};
config.imageManager.ip = '{{ web.identity.host }}';
config.imageManager.port = '9292';
-config.imageManager.authProtocol = 'http';
+config.imageManager.authProtocol = '{{ web.identity.protocol }};
config.imageManager.apiVersion = ['v1', 'v2'];
config.imageManager.strictSSL = false;
config.imageManager.ca = '';
@@ -147,7 +147,7 @@
config.computeManager = {};
config.computeManager.ip = '{{ web.identity.host }}';
config.computeManager.port = '8774';
-config.computeManager.authProtocol = 'http';
+config.computeManager.authProtocol = '{{ web.identity.protocol }}';
config.computeManager.apiVersion = ['v1.1', 'v2'];
config.computeManager.strictSSL = false;
config.computeManager.ca = '';
@@ -155,7 +155,7 @@
config.identityManager = {};
config.identityManager.ip = '{{ web.identity.host }}';
config.identityManager.port = '5000';
-config.identityManager.authProtocol = 'http';
+config.identityManager.authProtocol = '{{ web.identity.protocol }}';
/******************************************************************************
* Note: config.identityManager.apiVersion is not controlled by boolean flag
* config.serviceEndPointFromConfig. If specified apiVersion here, then these
@@ -170,7 +170,7 @@
config.storageManager = {};
config.storageManager.ip = '{{ web.identity.host }}';
config.storageManager.port = '8776';
-config.storageManager.authProtocol = 'http';
+config.storageManager.authProtocol = '{{ web.identity.protocol }}';
config.storageManager.apiVersion = ['v1'];
config.storageManager.strictSSL = false;
config.storageManager.ca = '';
diff --git a/tests/pillar/cluster3.sls b/tests/pillar/cluster3.sls
index f61c636..a23557c 100644
--- a/tests/pillar/cluster3.sls
+++ b/tests/pillar/cluster3.sls
@@ -162,6 +162,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/cluster40.sls b/tests/pillar/cluster40.sls
index f8d0583..5bc81b5 100644
--- a/tests/pillar/cluster40.sls
+++ b/tests/pillar/cluster40.sls
@@ -197,6 +197,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/control3.sls b/tests/pillar/control3.sls
index 2a107ee..d2c9f4e 100644
--- a/tests/pillar/control3.sls
+++ b/tests/pillar/control3.sls
@@ -147,6 +147,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/control40.sls b/tests/pillar/control40.sls
index a503ce6..d7d9bb5 100644
--- a/tests/pillar/control40.sls
+++ b/tests/pillar/control40.sls
@@ -162,6 +162,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/single3.sls b/tests/pillar/single3.sls
index c99fc83..045eb7a 100644
--- a/tests/pillar/single3.sls
+++ b/tests/pillar/single3.sls
@@ -129,6 +129,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/single40.sls b/tests/pillar/single40.sls
index ae4f8b4..c064f37 100644
--- a/tests/pillar/single40.sls
+++ b/tests/pillar/single40.sls
@@ -151,6 +151,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin