commit 6969b7f11ccc00b6f3917ee43ac9968a65a0a3ce
author Vladislav Naumov <vnaumov@mirantis.com> Wed Aug 30 13:23:39 2017 +0300
committer Vladislav Naumov <vnaumov@mirantis.com> Mon Sep 11 18:30:06 2017 +0300
tree 55350b62948a2274736d832c7c9ade9f6ec197d6
parent fe2c0aa207dd79ec44c773a454699976b900067c

sec-monkey ssl support

Change-Id: I3a89e96a2e5af54cc1a19e8b74118783b399c677
us: https://mirantis.jira.com/browse/PROD-14008

docker/swarm/stack/security_monkey.yml

diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
index f7b5980..33938b2 100644
--- a/docker/swarm/stack/security_monkey.yml
+++ b/docker/swarm/stack/security_monkey.yml
@@ -19,6 +19,8 @@
     security_monkey_nginx_port: ${_param:security_monkey_bind_port}
     devops_portal_sm_wtf_csrf_enabled: False
     security_monkey_sync_interval: 15
+    security_monkey_os_ssl_verify: False
+    security_monkey_os_endpoint_type: "public"
     security_monkey_openstack:
       os_account_id: mcp_cloud
       os_account_name: mcp_cloud
@@ -28,6 +30,8 @@
       project_domain_name: Default
       project_name: admin
       user_domain_name: Default
+      cacert_path: /srv/volumes/rundeck/storage/content/cis/openstack/cert.pem
+      cafile: /opt/certs/cert.pem
   docker:
     client:
       stack:
@@ -52,6 +56,9 @@
             OS_AUTH_URL: ${_param:security_monkey_openstack:auth_url}
             OS_PROJECT_DOMAIN_NAME: ${_param:security_monkey_openstack:project_domain_name}
             OS_PROJECT_NAME: ${_param:security_monkey_openstack:project_name}
+            OS_SSL_VERIFY: ${_param:security_monkey_os_ssl_verify}
+            OS_ENDPOINT_TYPE: ${_param:security_monkey_os_endpoint_type}
+            CACERT_PATH: ${_param:security_monkey_openstack:cafile}
             USER_DOMAIN_NAME: ${_param:security_monkey_openstack:user_domain_name}
             SM_WTF_CSRF_ENABLED: ${_param:devops_portal_sm_wtf_csrf_enabled}
             SECURITY_MONKEY_SYNC_INTERVAL: ${_param:security_monkey_sync_interval}
@@ -68,6 +75,7 @@
                 - ${_param:haproxy_security_monkey_exposed_port}:${_param:haproxy_security_monkey_bind_port}
               volumes:
                 - /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
+                - ${_param:security_monkey_openstack:cacert_path}:${_param:security_monkey_openstack:cafile}:ro
             security-audit-scheduler:
               image: ${_param:docker_image_security_monkey_scheduler}
               deploy:
@@ -76,6 +84,7 @@
                   condition: any
               volumes:
                 - /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
+                - ${_param:security_monkey_openstack:cacert_path}:${_param:security_monkey_openstack:cafile}:ro
           network:
             default:
               external: