Skip to content

Instantly share code, notes, and snippets.

@odyssey4me
Last active May 17, 2017 10:45
Show Gist options
  • Save odyssey4me/bb79e9f2ae349413dae3 to your computer and use it in GitHub Desktop.
Save odyssey4me/bb79e9f2ae349413dae3 to your computer and use it in GitHub Desktop.
OpenStack-Ansible Keystone SSL Configuration Example (using haproxy SSL offloading) [kilo]
---
#
# Important required settings
#
# set haproxy to handle ssl offloading
haproxy_ssl: true
# configure the SSL certificates for haproxy
# these file paths are on the deployment host
haproxy_user_ssl_cert: /root/test1.pigeonbrawl.net_ssl.crt
haproxy_user_ssl_key: /root/test1.pigeonbrawl.net_ssl.key
haproxy_user_ssl_ca_cert: /root/test1.pigeonbrawl.net_ssl_ca-bundle.pem
# set the keystone public endpoint to be https
keystone_service_publicuri_proto: "https"
# set Horizon to use Keystone's public endpoint
horizon_endpoint_type: publicURL
# configure the SSL certificates for Horizon
# these file paths are on the deployment host
horizon_user_ssl_cert: /root/test1.pigeonbrawl.net_ssl.crt
horizon_user_ssl_key: /root/test1.pigeonbrawl.net_ssl.key
horizon_user_ssl_ca_cert: /root/test1.pigeonbrawl.net_ssl_ca-bundle.pem
# your SSL certificate is likely using a DNS name, so this must be set
horizon_server_name: test1.pigeonbrawl.net
# Horizon must refer to a name matching the SSL cert
# in this test environment, both keystone and Horizon shared a common DNS name
horizon_keystone_host: "{{ horizon_server_name }}"
horizon_keystone_endpoint: "{{ keystone_service_publicuri_proto }}://{{ horizon_server_name }}:5000/v3"
# Ensure that the public endpoint registered for Keystone uses the right name
keystone_public_endpoint: "{{ keystone_service_publicuri_proto }}://{{ horizon_server_name }}:5000"
keystone_service_publicurl: "{{ horizon_keystone_endpoint }}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment