Add ssl to kolla

Registered by Sam Yaple on 2015-12-27

Kolla is lacking in the ssl department. This blueprint will serve to achieve the following:
Allow ssl cert for external services via haproxy to be provided (optionally generate this cert)
create and use a ca cert for internal ssl communication

Ideally the default deploy should be to use ssl everywhere. This will not affect external communication because that can still happen unencrypted if the user so chooses, its just the internal communication

Blueprint information

Status:
Complete
Approver:
Sam Yaple
Priority:
Essential
Drafter:
Sam Yaple
Direction:
Approved
Assignee:
Dave McCowan
Definition:
Approved
Series goal:
Accepted for mitaka
Implementation:
Implemented
Milestone target:
milestone icon mitaka-3
Started by
Steven Dake on 2016-02-22
Completed by
Steven Dake on 2016-03-04

Related branches

Sprints

Whiteboard

Sam,
It would rock if you can fit this into Mitaka. --sdake
Could you fill out the work items please. --sdake

I think it is better to allow use existing certificates, or generate certificates from a existing CA certificates, instead of self-sign.

Gerrit topic: https://review.openstack.org/#q,topic:bp/ssl-kolla,n,z

Addressed by: https://review.openstack.org/279707
    Use variables to specify http or https when constructing URLs

Addressed by: https://review.openstack.org/285005
    Change kolla_internal_address variable

Gerrit topic: https://review.openstack.org/#q,topic:bp/that,n,z

Addressed by: https://review.openstack.org/282733
    Add Ansible scripts to generate TLS certificates for testing

Gerrit topic: https://review.openstack.org/#q,topic:bp/s,n,z

Addressed by: https://review.openstack.org/289662
    Add documentation for two-VIP and TLS blueprints

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.