summaryrefslogtreecommitdiffstats
path: root/input-templates
diff options
context:
space:
mode:
authorAlex Shatov <alexs@att.com>2018-09-14 17:32:11 -0400
committerAlex Shatov <alexs@att.com>2018-09-14 17:32:11 -0400
commit1c2686a724f903b8d6d5e8026266bc160e48f6ec (patch)
treea82d1e908d33807fefa7586cb81ac93d8d80cc4d /input-templates
parentdce6b69c60b1410580741f400e0152426f339e44 (diff)
blueprint and inputs for 4.3.0 policy-handler
- set up tls on policy-handler - policy-handler expecting the deployment process to mount certs at /opt/app/policy_handler/etc/tls/certs/ = cert_directory : /opt/app/policy_handler/etc/tls/certs/ = cacert : cacert.pem - new optional fields tls_ca_mode in config on consul that specify where to find the cacert.pem for tls per each https/web-socket values are: "cert_directory" - use the cacert.pem stored locally in cert_directory this is the default if cacert.pem file is found "os_ca_bundle" - use the public ca_bundle provided by linux system. this is the default if cacert.pem file not found "do_not_verify" - special hack to turn off the verification by cacert and hostname - config on consul now has 2 new fields for policy_engine = "tls_ca_mode" : "cert_directory" = "tls_wss_ca_mode" : "cert_directory" - config on consul now has 1 new field for deploy_handler = "tls_ca_mode" : "cert_directory" Change-Id: Ida2d058cad93ddd1a583e1922bc5dc33c145fcba Signed-off-by: Alex Shatov <alexs@att.com> Issue-ID: DCAEGEN2-611
Diffstat (limited to 'input-templates')
-rw-r--r--input-templates/phinputs.yaml22
1 files changed, 22 insertions, 0 deletions
diff --git a/input-templates/phinputs.yaml b/input-templates/phinputs.yaml
index e23d051..850f935 100644
--- a/input-templates/phinputs.yaml
+++ b/input-templates/phinputs.yaml
@@ -56,6 +56,18 @@ application_config:
Authorization : "Basic dGVzdHBkcDphbHBoYTEyMw=="
Environment : "TEST"
target_entity : "policy_engine"
+ # optional tls_ca_mode specifies where to find the cacert.pem for tls
+ # can be one of these:
+ # "cert_directory" - use the cacert.pem stored locally in cert_directory.
+ # this is the default if cacert.pem file is found
+ #
+ # "os_ca_bundle" - use the public ca_bundle provided by linux system.
+ # this is the default if cacert.pem file not found
+ #
+ # "do_not_verify" - special hack to turn off the verification by cacert and hostname
+ tls_ca_mode : "cert_directory"
+ # optional tls_wss_ca_mode specifies the same for the tls based web-socket
+ tls_wss_ca_mode : "cert_directory"
# deploy_handler config
# changed from string "deployment_handler" in 2.3.1 to structure in 2.4.0
deploy_handler :
@@ -71,3 +83,13 @@ application_config:
# optionally specify the tenant name for the cloudify under deployment-handler
# if not specified the "default_tenant" is used by the deployment-handler
cfy_tenant_name : "default_tenant"
+ # optional tls_ca_mode specifies where to find the cacert.pem or skip tls verification
+ # can be one of these:
+ # "cert_directory" - use the cacert.pem stored locally in cert_directory.
+ # this is the default if cacert.pem file is found
+ #
+ # "os_ca_bundle" - use the public ca_bundle provided by linux system.
+ # this is the default if cacert.pem file not found
+ #
+ # "do_not_verify" - special hack to turn off the verification by cacert and hostname
+ tls_ca_mode : "cert_directory"