Enable ssl for contrail deployments
Change-Id: I844880d00449b50bf85a30647b3fdc69fc93ba76
Closes-bug: PROD-29221 (PROD:29221)
diff --git a/metadata/service/client/cluster.yml b/metadata/service/client/cluster.yml
index 337e9d0..5defad9 100644
--- a/metadata/service/client/cluster.yml
+++ b/metadata/service/client/cluster.yml
@@ -14,6 +14,7 @@
version: ${_param:opencontrail_version}
identity:
engine: keystone
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:openstack_control_address}
port: ${_param:opencontrail_identity_port}
version: ${_param:opencontrail_identity_version}
diff --git a/metadata/service/client/single.yml b/metadata/service/client/single.yml
index 8d3a509..f531e03 100644
--- a/metadata/service/client/single.yml
+++ b/metadata/service/client/single.yml
@@ -13,6 +13,7 @@
version: ${_param:opencontrail_version}
identity:
engine: keystone
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_local_address}
port: ${_param:opencontrail_identity_port}
version: ${_param:opencontrail_identity_version}
diff --git a/metadata/service/control/analytics.yml b/metadata/service/control/analytics.yml
index be71d6d..4e9024e 100644
--- a/metadata/service/control/analytics.yml
+++ b/metadata/service/control/analytics.yml
@@ -17,6 +17,7 @@
version: ${_param:opencontrail_version}
identity:
engine: keystone
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
token: '${_param:keystone_service_token}'
@@ -54,6 +55,7 @@
engine: keystone
version: ${_param:opencontrail_identity_version}
region: ${_param:openstack_region}
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
diff --git a/metadata/service/control/cluster.yml b/metadata/service/control/cluster.yml
index 8b9eaf7..5b1da1c 100644
--- a/metadata/service/control/cluster.yml
+++ b/metadata/service/control/cluster.yml
@@ -17,6 +17,7 @@
version: ${_param:opencontrail_version}
identity:
engine: keystone
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
token: '${_param:keystone_service_token}'
@@ -57,6 +58,7 @@
engine: keystone
version: ${_param:opencontrail_identity_version}
region: ${_param:openstack_region}
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
@@ -123,6 +125,7 @@
engine: keystone
version: ${_param:opencontrail_identity_version}
region: RegionOne
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
diff --git a/metadata/service/control/control.yml b/metadata/service/control/control.yml
index 728e53a..93155a2 100644
--- a/metadata/service/control/control.yml
+++ b/metadata/service/control/control.yml
@@ -17,6 +17,7 @@
version: ${_param:opencontrail_version}
identity:
engine: keystone
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
token: '${_param:keystone_service_token}'
@@ -57,6 +58,7 @@
engine: keystone
version: ${_param:opencontrail_identity_version}
region: ${_param:openstack_region}
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
diff --git a/metadata/service/control/single.yml b/metadata/service/control/single.yml
index 73ce29b..ea8472a 100644
--- a/metadata/service/control/single.yml
+++ b/metadata/service/control/single.yml
@@ -17,6 +17,7 @@
version: ${_param:opencontrail_version}
identity:
engine: keystone
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:single_address}
port: ${_param:opencontrail_identity_port}
token: '${_param:keystone_service_token}'
@@ -57,6 +58,7 @@
engine: keystone
version: ${_param:opencontrail_identity_version}
region: ${_param:openstack_region}
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:single_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
@@ -103,6 +105,7 @@
engine: keystone
version: ${_param:opencontrail_identity_version}
region: RegionOne
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:single_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
diff --git a/opencontrail/files/3.0/client_vnc_api_lib.ini b/opencontrail/files/3.0/client_vnc_api_lib.ini
index 40bfbb3..5779c21 100644
--- a/opencontrail/files/3.0/client_vnc_api_lib.ini
+++ b/opencontrail/files/3.0/client_vnc_api_lib.ini
@@ -11,7 +11,7 @@
; Authentication settings (optional)
[auth]
AUTHN_TYPE = keystone
-AUTHN_PROTOCOL = http
+AUTHN_PROTOCOL = {{ client.identity.protocol }}
AUTHN_SERVER= {{ client.identity.host }}
AUTHN_PORT = {{ client.identity.port }}
AUTHN_TENANT = {{ client.identity.tenant }}
diff --git a/opencontrail/files/3.0/contrail-alarm-gen.conf b/opencontrail/files/3.0/contrail-alarm-gen.conf
index 026a903..b5e9dd0 100644
--- a/opencontrail/files/3.0/contrail-alarm-gen.conf
+++ b/opencontrail/files/3.0/contrail-alarm-gen.conf
@@ -34,7 +34,7 @@
{%- if common.identity.engine == "keystone" and not common.get('k8s_enabled', False) %}
[KEYSTONE]
auth_host={{ common.identity.host }}
-auth_protocol=http
+auth_protocol={{ common.identity.protocol }}
auth_port={{ common.identity.port }}
admin_user={{ common.identity.get('user', "admin") }}
admin_password={{ common.identity.password }}
diff --git a/opencontrail/files/3.0/contrail-keystone-auth.conf b/opencontrail/files/3.0/contrail-keystone-auth.conf
index 8b37f27..f19dab4 100644
--- a/opencontrail/files/3.0/contrail-keystone-auth.conf
+++ b/opencontrail/files/3.0/contrail-keystone-auth.conf
@@ -1,7 +1,7 @@
{%- from "opencontrail/map.jinja" import config with context -%}
[KEYSTONE]
auth_host={{ config.identity.host }}
-auth_protocol=http
+auth_protocol={{ config.identity.protocol }}
auth_port={{ config.identity.port }}
admin_user={{ config.identity.user }}
admin_password={{ config.identity.password }}
@@ -14,7 +14,7 @@
{%- if config.identity.version == "3" %}
project_name={{ config.identity.tenant }}
project_domain_name={{ config.identity.get('domain', 'default')|lower}}
-auth_url=http://{{ config.identity.host }}:{{ config.identity.port }}/v3
+auth_url={{ config.identity.protocol }}://{{ config.identity.host }}:{{ config.identity.port }}/v3
{%- else %}
-auth_url=http://{{ config.identity.host }}:{{ config.identity.port }}/v2.0
+auth_url={{ config.identity.protocol }}://{{ config.identity.host }}:{{ config.identity.port }}/v2.0
{%- endif %}
diff --git a/opencontrail/files/3.0/contrail-snmp-collector.conf b/opencontrail/files/3.0/contrail-snmp-collector.conf
index d57251a..0056352 100644
--- a/opencontrail/files/3.0/contrail-snmp-collector.conf
+++ b/opencontrail/files/3.0/contrail-snmp-collector.conf
@@ -26,7 +26,7 @@
[KEYSTONE]
{%- if collector.get('identity', {}).get('engine') == 'keystone' %}
auth_host={{ collector.identity.host }}
-auth_protocol=http
+auth_protocol={{ collector.identity.protocol }}
auth_port={{ collector.identity.port }}
admin_user={{ collector.identity.user }}
admin_password={{ collector.identity.password }}
@@ -39,8 +39,8 @@
{%- if collector.identity.version == "3" %}
project_name={{ collector.identity.tenant }}
project_domain_name={{ collector.identity.get('domain', 'default')|lower}}
-auth_url=http://{{ collector.identity.host }}:{{ collector.identity.port }}/v3
+auth_url={{ collector.identity.protocol }}://{{ collector.identity.host }}:{{ collector.identity.port }}/v3
{%- else %}
-auth_url=http://{{ collector.identity.host }}:{{ collector.identity.port }}/v2.0
+auth_url={{ collector.identity.protocol }}://{{ collector.identity.host }}:{{ collector.identity.port }}/v2.0
{%- endif %}
{%- endif %}
diff --git a/opencontrail/files/3.0/vnc_api_lib.ini b/opencontrail/files/3.0/vnc_api_lib.ini
index 9795760..bdf16b6 100644
--- a/opencontrail/files/3.0/vnc_api_lib.ini
+++ b/opencontrail/files/3.0/vnc_api_lib.ini
@@ -14,7 +14,7 @@
{%- if config.identity.engine == "keystone" %}
[auth]
AUTHN_TYPE = keystone
-AUTHN_PROTOCOL = http
+AUTHN_PROTOCOL = {{ config.identity.protocol }}
AUTHN_SERVER= {{ config.identity.host }}
AUTHN_PORT = {{ config.identity.port }}
AUTHN_TENANT = {{ config.identity.tenant }}
diff --git a/opencontrail/files/4.0/client_vnc_api_lib.ini b/opencontrail/files/4.0/client_vnc_api_lib.ini
index 77e3b92..eeef174 100644
--- a/opencontrail/files/4.0/client_vnc_api_lib.ini
+++ b/opencontrail/files/4.0/client_vnc_api_lib.ini
@@ -13,7 +13,7 @@
{%- if client.identity.engine == "keystone" %}
[auth]
AUTHN_TYPE = keystone
-AUTHN_PROTOCOL = http
+AUTHN_PROTOCOL = {{ client.identity.protocol }}
AUTHN_SERVER= {{ client.identity.host }}
AUTHN_PORT = {{ client.identity.port }}
AUTHN_TENANT = {{ client.identity.tenant }}
diff --git a/opencontrail/files/4.0/collector/contrail-keystone-auth.conf b/opencontrail/files/4.0/collector/contrail-keystone-auth.conf
index 4af7b62..a691491 100644
--- a/opencontrail/files/4.0/collector/contrail-keystone-auth.conf
+++ b/opencontrail/files/4.0/collector/contrail-keystone-auth.conf
@@ -1,7 +1,7 @@
{%- from "opencontrail/map.jinja" import collector with context -%}
[KEYSTONE]
auth_host={{ collector.identity.host }}
-auth_protocol=http
+auth_protocol={{ collector.identity.protocol }}
auth_port={{ collector.identity.port }}
admin_user={{ collector.identity.user }}
admin_password={{ collector.identity.password }}
@@ -14,7 +14,7 @@
{%- if collector.identity.version == "3" %}
project_name={{ collector.identity.tenant }}
project_domain_name={{ collector.identity.get('domain', 'default')|lower}}
-auth_url=http://{{ collector.identity.host }}:{{ collector.identity.port }}/v3
+auth_url={{ collector.identity.protocol }}://{{ collector.identity.host }}:{{ collector.identity.port }}/v3
{%- else %}
-auth_url=http://{{ collector.identity.host }}:{{ collector.identity.port }}/v2.0
+auth_url={{ collector.identity.protocol }}://{{ collector.identity.host }}:{{ collector.identity.port }}/v2.0
{%- endif %}
diff --git a/opencontrail/files/4.0/contrail-keystone-auth.conf b/opencontrail/files/4.0/contrail-keystone-auth.conf
index 5912436..cbcf836 100644
--- a/opencontrail/files/4.0/contrail-keystone-auth.conf
+++ b/opencontrail/files/4.0/contrail-keystone-auth.conf
@@ -5,7 +5,7 @@
{%- if config.identity.engine != "none" %}
auth_host={{ config.identity.host }}
-auth_protocol=http
+auth_protocol={{ config.identity.protocol }}
auth_port={{ config.identity.port }}
admin_user={{ config.identity.user }}
admin_password={{ config.identity.password }}
@@ -19,9 +19,9 @@
{%- if config.identity.version == "3" %}
project_name={{ config.identity.tenant }}
project_domain_name={{ config.identity.get('domain', 'default')|lower}}
-auth_url=http://{{ config.identity.host }}:{{ config.identity.port }}/v3
+auth_url={{ config.identity.protocol }}://{{ config.identity.host }}:{{ config.identity.port }}/v3
{%- else %}
-auth_url=http://{{ config.identity.host }}:{{ config.identity.port }}/v2.0
+auth_url={{ config.identity.protocol }}://{{ config.identity.host }}:{{ config.identity.port }}/v2.0
{%- endif %}
{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/files/4.0/vnc_api_lib.ini b/opencontrail/files/4.0/vnc_api_lib.ini
index 9795760..bdf16b6 100644
--- a/opencontrail/files/4.0/vnc_api_lib.ini
+++ b/opencontrail/files/4.0/vnc_api_lib.ini
@@ -14,7 +14,7 @@
{%- if config.identity.engine == "keystone" %}
[auth]
AUTHN_TYPE = keystone
-AUTHN_PROTOCOL = http
+AUTHN_PROTOCOL = {{ config.identity.protocol }}
AUTHN_SERVER= {{ config.identity.host }}
AUTHN_PORT = {{ config.identity.port }}
AUTHN_TENANT = {{ config.identity.tenant }}
diff --git a/tests/pillar/analytics3.sls b/tests/pillar/analytics3.sls
index 2afcd1c..13713f2 100644
--- a/tests/pillar/analytics3.sls
+++ b/tests/pillar/analytics3.sls
@@ -3,6 +3,7 @@
version: 3.0
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
diff --git a/tests/pillar/analytics40.sls b/tests/pillar/analytics40.sls
index 34bc5eb..047e59e 100644
--- a/tests/pillar/analytics40.sls
+++ b/tests/pillar/analytics40.sls
@@ -4,6 +4,7 @@
config_only: true
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -17,6 +18,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/cluster3.sls b/tests/pillar/cluster3.sls
index 54c9d41..f61c636 100644
--- a/tests/pillar/cluster3.sls
+++ b/tests/pillar/cluster3.sls
@@ -3,6 +3,7 @@
version: 3.0
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -49,6 +50,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/cluster40.sls b/tests/pillar/cluster40.sls
index 4cdac34..f8d0583 100644
--- a/tests/pillar/cluster40.sls
+++ b/tests/pillar/cluster40.sls
@@ -4,6 +4,7 @@
config_only: true
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -53,6 +54,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -102,6 +104,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/control3.sls b/tests/pillar/control3.sls
index dff472e..2a107ee 100644
--- a/tests/pillar/control3.sls
+++ b/tests/pillar/control3.sls
@@ -3,6 +3,7 @@
version: 3.0
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -52,6 +53,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/control40.sls b/tests/pillar/control40.sls
index f98a28f..a503ce6 100644
--- a/tests/pillar/control40.sls
+++ b/tests/pillar/control40.sls
@@ -4,6 +4,7 @@
config_only: true
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -54,6 +55,7 @@
version: '2.0'
region: RegionOne
host: 127.0.0.1
+ protocol: http
port: 35357
user: admin
password: password
diff --git a/tests/pillar/single3.sls b/tests/pillar/single3.sls
index 43f6dd6..c99fc83 100644
--- a/tests/pillar/single3.sls
+++ b/tests/pillar/single3.sls
@@ -3,6 +3,7 @@
version: 3.0
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -41,6 +42,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/single40.sls b/tests/pillar/single40.sls
index 2e8c430..ae4f8b4 100644
--- a/tests/pillar/single40.sls
+++ b/tests/pillar/single40.sls
@@ -2,6 +2,7 @@
common:
version: 4.0
identity:
+ protocol: http
engine: keystone
host: 127.0.0.1
port: 35357
@@ -43,6 +44,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -78,6 +80,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/vrouter-dpdk3.sls b/tests/pillar/vrouter-dpdk3.sls
index 283abab..1ffcd72 100644
--- a/tests/pillar/vrouter-dpdk3.sls
+++ b/tests/pillar/vrouter-dpdk3.sls
@@ -3,6 +3,7 @@
version: 3.0
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
diff --git a/tests/pillar/vrouter40.sls b/tests/pillar/vrouter40.sls
index e1ebc84..a810b82 100644
--- a/tests/pillar/vrouter40.sls
+++ b/tests/pillar/vrouter40.sls
@@ -3,6 +3,7 @@
version: 4.0
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token