commit ab68fe5af787e55661137cf9a693f8ff56de533f
author Oleksandr Shyshko <oshyshko@mirantis.com> Fri Jun 15 18:30:14 2018 +0300
committer oshyshko <oshyshko@mirantis.com> Tue Jul 10 15:03:09 2018 +0000
tree cb54f6df4245b3f6fab8dd620e92261a05bd12a6
parent 764cb41f3efe77706169359a8fe2cb8065bee987

Added libvirt_vnc server and novnc-proxy client certificate templates

cluster:config
- system.salt.minion.ca.qemu-vnc_ca
cluster:compute
- system.nova.compute.libvirt.ssl.vnc
cluster:control
- system.nova.control.novncproxy
  haproxy:
    proxy:
      listen:
        nova_novnc:
          type: None          
cluster:proxy
   nginx:
    server:
      site:
        nginx_proxy_novnc:
          proxy:
            protocol: https

Related-Prod: PROD-19979

Change-Id: I60ec258cd048100a73d99b92ef87be771dc393b0

nova/compute/libvirt/ssl/vnc.yml

diff --git a/nova/compute/libvirt/ssl/vnc.yml b/nova/compute/libvirt/ssl/vnc.yml
new file mode 100644
index 0000000..f2c0ad4
--- /dev/null
+++ b/nova/compute/libvirt/ssl/vnc.yml
@@ -0,0 +1,12 @@
+classes:
+- system.salt.minion.cert.libvirtd.vnc_server
+parameters:
+  nova:
+    compute:
+      qemu:
+        vnc:
+          tls:
+            enabled: True
+            key_file: ${_param:qemu_vnc_server_ssl_key_file}
+            cert_file: ${_param:qemu_vnc_server_ssl_cert_file}
+            ca_file: ${_param:qemu_vnc_ssl_ca_file}

nova/control/novncproxy/init.yml

diff --git a/nova/control/novncproxy/init.yml b/nova/control/novncproxy/init.yml
new file mode 100644
index 0000000..3cd04b8
--- /dev/null
+++ b/nova/control/novncproxy/init.yml
@@ -0,0 +1,13 @@
+classes:
+- system.salt.minion.cert.vnc.novncproxy_client
+parameters:
+  nova:
+    controller:
+      novncproxy:
+        tls:
+          enabled: True
+          key_file: ${_param:novncproxy_client_ssl_key_file}
+          cert_file: ${_param:novncproxy_client_ssl_cert_file}
+          ca_file: ${_param:novncproxy_ssl_ca_file}
+          all_file: ${_param:nova_websocketproxy_ssl_all_file}
+