From: Steven Hardy <shardy@redhat.com>
Date: Fri, 8 Feb 2013 11:39:17 +0000 (+0000)
Subject: heat engine : add option to control instance boto http/https
X-Git-Tag: 2014.1~913^2
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=5531eee5e4602e9aa5ee2d32df01b9ea3355f2ed;p=openstack-build%2Fheat-build.git

heat engine : add option to control instance boto http/https

Currently the heat-jeos code defaults to http only, but we are
about to fix that, so we instead need a way to specify if
instances should connect via http or https - boto provides the
is_secure config file option, so add a new heat option which
controls this setting in the boto config we create in userdata

fixes bug 1117594

Change-Id: I0b9201107570334d9846d9613d252da1a91efe8a
Signed-off-by: Steven Hardy <shardy@redhat.com>
---

diff --git a/etc/heat/heat-engine.conf b/etc/heat/heat-engine.conf
index 755df057..8d97de5c 100644
--- a/etc/heat/heat-engine.conf
+++ b/etc/heat/heat-engine.conf
@@ -14,6 +14,11 @@ bind_port = 8001
 # Keystone role for heat template-defined users
 heat_stack_user_role = heat_stack_user
 
+# Make instances connect to the heat services via https
+# default to off since it will require images and host
+# to be configured correctly to support ssl connections
+instance_connection_is_secure = 0
+
 # URL for instances to connect for metadata
 # ie the IP of the bridge device connecting the
 # instances with the host and the bind_port of
diff --git a/heat/common/config.py b/heat/common/config.py
index ff80aff7..cc054fe0 100644
--- a/heat/common/config.py
+++ b/heat/common/config.py
@@ -76,6 +76,9 @@ service_opts = [
     cfg.StrOpt('heat_watch_server_url',
                default="",
                help='URL of the Heat cloudwatch server'),
+    cfg.StrOpt('instance_connection_is_secure',
+               default="0",
+               help='Instance connection to cfn/cw API via https'),
     cfg.StrOpt('heat_stack_user_role',
                default="heat_stack_user",
                help='Keystone role for heat template-defined users')]
diff --git a/heat/engine/resources/instance.py b/heat/engine/resources/instance.py
index ef38f2b3..2d057425 100644
--- a/heat/engine/resources/instance.py
+++ b/heat/engine/resources/instance.py
@@ -195,8 +195,10 @@ class Instance(resource.Resource):
             # where the cfn and cw API's are to be accessed
             cfn_url = urlparse(cfg.CONF.heat_metadata_server_url)
             cw_url = urlparse(cfg.CONF.heat_watch_server_url)
+            is_secure = cfg.CONF.instance_connection_is_secure
             boto_cfg = "\n".join(["[Boto]",
                                   "debug = 0",
+                                  "is_secure = %s" % is_secure,
                                   "cfn_region_name = heat",
                                   "cfn_region_endpoint = %s" %
                                   cfn_url.hostname,