| Vladislav Naumov | 77b8166 | 2017-09-20 12:41:13 +0300 | [diff] [blame^] | 1 | ----- |
| 2 | upgrades: |
| 3 | - | |
| 4 | Added SSL support for the followibg cloud-monitoring services: |
| 5 | |
| 6 | * Rundeck CIS Collectors |
| 7 | |
| 8 | To provide ssl support for CIS, set up ``cert`` and ``ssl_cert_file`` |
| 9 | on a cluster level metadata: |
| 10 | |
| 11 | .. code-block:: yaml |
| 12 | |
| 13 | rundeck_cis_openstack: |
| 14 | auth_url: ${_param:oss_openstack_auth_url}/auth/tokens |
| 15 | username: ${_param:oss_openstack_username} |
| 16 | password: ${_param:oss_openstack_password} |
| 17 | cert: | |
| 18 | -----BEGIN CERTIFICATE----- |
| 19 | MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx |
| 20 | -----END CERTIFICATE----- |
| 21 | ssl_cert_file: cert.pem |
| 22 | |
| 23 | If all parameters are defined properly, Rundeck enables the ssl support |
| 24 | automatically. |
| 25 | |
| 26 | * Cleanup Service |
| 27 | |
| 28 | To provide ssl support for Cleanup Service, specify the cert path |
| 29 | and set the ``ssl_verify`` variable to ``True`` on a cluster level |
| 30 | metadata: |
| 31 | |
| 32 | .. code-block:: yaml |
| 33 | |
| 34 | janitor_monkey_openstack: |
| 35 | username: ${_param:oss_openstack_username} |
| 36 | password: ${_param:oss_openstack_password} |
| 37 | auth_url: ${_param:oss_openstack_auth_url} |
| 38 | ssl_verify: True |
| 39 | cacert_path: ${_param:oss_openstack_cert_path} |
| 40 | |
| 41 | * Security Audit Service |
| 42 | |
| 43 | To provide ssl support for Security audit Service, provide cert path, |
| 44 | set the ``ssl_verify`` variable to ``True``, and select the endpoint |
| 45 | type for cloud connections on a cluster level metadata: |
| 46 | |
| 47 | .. code-block:: yaml |
| 48 | |
| 49 | security_monkey_openstack: |
| 50 | username: ${_param:oss_openstack_username} |
| 51 | password: ${_param:oss_openstack_password} |
| 52 | auth_url: ${_param:oss_openstack_auth_url} |
| 53 | ssl_verify: True |
| 54 | endpoint_type: public |
| 55 | cacert_path: ${_param:oss_openstack_cert_path} |
| 56 | |
| 57 | .. note:: By default, the ``cacert_path`` variable is defined as |
| 58 | follows: |
| 59 | |
| 60 | .. code-block:: yaml |
| 61 | |
| 62 | oss_openstack_cert_path: /srv/volumes/rundeck/storage/content/keys/cis/openstack/cert.pem |
| 63 | |