Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / 77b8166b29bb73cc10bf3b9368caa95524b52dbf^! / .
commit77b8166b29bb73cc10bf3b9368caa95524b52dbf[log] [tgz]
authorVladislav Naumov <vnaumov@mirantis.com>Wed Sep 20 12:41:13 2017 +0300
committerOlgaGusarenko <ogusarenko@mirantis.com>Thu Sep 21 09:30:40 2017 +0300
tree07d8c5f53a5a2c8b7f29d43b44acce960507a093
parent4fe05b5328c2e542ed66218f029125ab0789132e [diff]
release notes for ssl_support services description

Change-Id: If7735367472c7920bde5b77c1f75cd351c9937be

diff --git a/.releasenotes/notes/add_ssl_support_oss-ea1eb1e086d08e3c.yaml b/.releasenotes/notes/add_ssl_support_oss-ea1eb1e086d08e3c.yaml
new file mode 100644
index 0000000..082e12f
--- /dev/null
+++ b/.releasenotes/notes/add_ssl_support_oss-ea1eb1e086d08e3c.yaml

@@ -0,0 +1,63 @@
+-----
+upgrades:
+  - |
+    Added SSL support for the followibg cloud-monitoring services:
+
+    * Rundeck CIS Collectors
+
+      To provide ssl support for CIS, set up ``cert`` and ``ssl_cert_file``
+      on a cluster level metadata:
+
+      .. code-block:: yaml
+
+         rundeck_cis_openstack:
+           auth_url: ${_param:oss_openstack_auth_url}/auth/tokens
+           username: ${_param:oss_openstack_username}
+           password: ${_param:oss_openstack_password}
+           cert: |
+            -----BEGIN CERTIFICATE-----
+            MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
+            -----END CERTIFICATE-----
+           ssl_cert_file: cert.pem
+
+      If all parameters are defined properly, Rundeck enables the ssl support
+      automatically.
+
+    * Cleanup Service
+
+      To provide ssl support for Cleanup Service, specify the cert path
+      and set the ``ssl_verify`` variable to ``True`` on a cluster level
+      metadata:
+
+      .. code-block:: yaml
+
+         janitor_monkey_openstack:
+           username: ${_param:oss_openstack_username}
+           password: ${_param:oss_openstack_password}
+           auth_url: ${_param:oss_openstack_auth_url}
+           ssl_verify: True
+           cacert_path: ${_param:oss_openstack_cert_path}
+
+    * Security Audit Service
+
+      To provide ssl support for Security audit Service, provide cert path,
+      set the ``ssl_verify`` variable to ``True``, and select the endpoint
+      type for cloud connections on a cluster level metadata:
+
+      .. code-block:: yaml
+
+         security_monkey_openstack:
+           username: ${_param:oss_openstack_username}
+           password: ${_param:oss_openstack_password}
+           auth_url: ${_param:oss_openstack_auth_url}
+           ssl_verify: True
+           endpoint_type: public
+           cacert_path: ${_param:oss_openstack_cert_path}
+
+      .. note:: By default, the ``cacert_path`` variable is defined as
+                follows:
+
+               .. code-block:: yaml
+
+                  oss_openstack_cert_path: /srv/volumes/rundeck/storage/content/keys/cis/openstack/cert.pem
+