| OlgaGusarenko | e90ab26 | 2017-09-21 11:29:30 +0300 | [diff] [blame] | 1 | --- |
| 2 | summary: > |
| 3 | Added SSL support for cloud-monitoring services |
| 4 | |
| Vladislav Naumov | 77b8166 | 2017-09-20 12:41:13 +0300 | [diff] [blame] | 5 | upgrades: |
| 6 | - | |
| OlgaGusarenko | e90ab26 | 2017-09-21 11:29:30 +0300 | [diff] [blame] | 7 | Added SSL support for the following cloud-monitoring services: |
| Vladislav Naumov | 77b8166 | 2017-09-20 12:41:13 +0300 | [diff] [blame] | 8 | |
| 9 | * Rundeck CIS Collectors |
| 10 | |
| 11 | To provide ssl support for CIS, set up ``cert`` and ``ssl_cert_file`` |
| 12 | on a cluster level metadata: |
| 13 | |
| 14 | .. code-block:: yaml |
| 15 | |
| 16 | rundeck_cis_openstack: |
| 17 | auth_url: ${_param:oss_openstack_auth_url}/auth/tokens |
| 18 | username: ${_param:oss_openstack_username} |
| 19 | password: ${_param:oss_openstack_password} |
| 20 | cert: | |
| 21 | -----BEGIN CERTIFICATE----- |
| 22 | MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx |
| 23 | -----END CERTIFICATE----- |
| 24 | ssl_cert_file: cert.pem |
| 25 | |
| 26 | If all parameters are defined properly, Rundeck enables the ssl support |
| 27 | automatically. |
| 28 | |
| 29 | * Cleanup Service |
| 30 | |
| 31 | To provide ssl support for Cleanup Service, specify the cert path |
| 32 | and set the ``ssl_verify`` variable to ``True`` on a cluster level |
| 33 | metadata: |
| 34 | |
| 35 | .. code-block:: yaml |
| 36 | |
| 37 | janitor_monkey_openstack: |
| 38 | username: ${_param:oss_openstack_username} |
| 39 | password: ${_param:oss_openstack_password} |
| 40 | auth_url: ${_param:oss_openstack_auth_url} |
| 41 | ssl_verify: True |
| 42 | cacert_path: ${_param:oss_openstack_cert_path} |
| 43 | |
| 44 | * Security Audit Service |
| 45 | |
| 46 | To provide ssl support for Security audit Service, provide cert path, |
| 47 | set the ``ssl_verify`` variable to ``True``, and select the endpoint |
| 48 | type for cloud connections on a cluster level metadata: |
| 49 | |
| 50 | .. code-block:: yaml |
| 51 | |
| 52 | security_monkey_openstack: |
| 53 | username: ${_param:oss_openstack_username} |
| 54 | password: ${_param:oss_openstack_password} |
| 55 | auth_url: ${_param:oss_openstack_auth_url} |
| 56 | ssl_verify: True |
| 57 | endpoint_type: public |
| 58 | cacert_path: ${_param:oss_openstack_cert_path} |
| 59 | |
| 60 | .. note:: By default, the ``cacert_path`` variable is defined as |
| 61 | follows: |
| 62 | |
| OlgaGusarenko | dd3761f | 2017-10-05 12:50:29 +0300 | [diff] [blame] | 63 | .. code-block:: yaml |
| Vladislav Naumov | 77b8166 | 2017-09-20 12:41:13 +0300 | [diff] [blame] | 64 | |
| OlgaGusarenko | dd3761f | 2017-10-05 12:50:29 +0300 | [diff] [blame] | 65 | oss_openstack_cert_path: /srv/volumes/rundeck/storage/content/keys/cis/openstack/cert.pem |
| Vladislav Naumov | 77b8166 | 2017-09-20 12:41:13 +0300 | [diff] [blame] | 66 | |