Currently the heat-jeos code defaults to http only, but we are
about to fix that, so we instead need a way to specify if
instances should connect via http or https - boto provides the
is_secure config file option, so add a new heat option which
controls this setting in the boto config we create in userdata
fixes bug
1117594
Change-Id: I0b9201107570334d9846d9613d252da1a91efe8a
Signed-off-by: Steven Hardy <shardy@redhat.com>
# Keystone role for heat template-defined users
heat_stack_user_role = heat_stack_user
+# Make instances connect to the heat services via https
+# default to off since it will require images and host
+# to be configured correctly to support ssl connections
+instance_connection_is_secure = 0
+
# URL for instances to connect for metadata
# ie the IP of the bridge device connecting the
# instances with the host and the bind_port of
cfg.StrOpt('heat_watch_server_url',
default="",
help='URL of the Heat cloudwatch server'),
+ cfg.StrOpt('instance_connection_is_secure',
+ default="0",
+ help='Instance connection to cfn/cw API via https'),
cfg.StrOpt('heat_stack_user_role',
default="heat_stack_user",
help='Keystone role for heat template-defined users')]
# where the cfn and cw API's are to be accessed
cfn_url = urlparse(cfg.CONF.heat_metadata_server_url)
cw_url = urlparse(cfg.CONF.heat_watch_server_url)
+ is_secure = cfg.CONF.instance_connection_is_secure
boto_cfg = "\n".join(["[Boto]",
"debug = 0",
+ "is_secure = %s" % is_secure,
"cfn_region_name = heat",
"cfn_region_endpoint = %s" %
cfn_url.hostname,
Code Review / openstack-build / heat-build.git / commitdiff