commit 2b88373aa7121d6b03ee6685b8648d2e6f52b80d
author Oleksandr Shyshko <oshyshko@mirantis.com> Wed Jul 11 18:00:58 2018 +0300
committer Vasyl Saienko <vsaienko@mirantis.com> Fri Jul 13 07:13:56 2018 +0000
tree 80a3e615c76f7d63e28ff021903be82ffbb50893
parent 2e3998490ef984219cc82729373ce125e9feaf59

REFACTOR Added libvirt_vnc server and novnc-proxy client certificate templates

Related-Prod: PROD-19979

Change-Id: I2e69908e8604ec78b632df5259398c28603e2e65

nova/control/novncproxy/init.yml

diff --git a/nova/control/novncproxy/init.yml b/nova/control/novncproxy/init.yml
deleted file mode 100644
index 3cd04b8..0000000
--- a/nova/control/novncproxy/init.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-classes:
-- system.salt.minion.cert.vnc.novncproxy_client
-parameters:
-  nova:
-    controller:
-      novncproxy:
-        tls:
-          enabled: True
-          key_file: ${_param:novncproxy_client_ssl_key_file}
-          cert_file: ${_param:novncproxy_client_ssl_cert_file}
-          ca_file: ${_param:novncproxy_ssl_ca_file}
-          all_file: ${_param:nova_websocketproxy_ssl_all_file}
-

nova/control/novncproxy/tls/init.yml

diff --git a/nova/control/novncproxy/tls/init.yml b/nova/control/novncproxy/tls/init.yml
new file mode 100644
index 0000000..717d55e
--- /dev/null
+++ b/nova/control/novncproxy/tls/init.yml
@@ -0,0 +1,16 @@
+classes:
+- system.salt.minion.cert.vnc.novncproxy_client
+- system.salt.minion.cert.vnc.novncproxy_server
+parameters:
+  _param:
+    nova_vnc_tls_enabled: true
+  nova:
+    controller:
+      # Communication between noVNC proxy and client machine over TLS
+      novncproxy:
+        tls:
+          enabled: ${_param:nova_vnc_tls_enabled}
+        # Only for Queens. Communication between noVNC proxy service and QEMU
+        vencrypt:
+          tls:
+            enabled: ${_param:nova_vnc_tls_enabled}