openstack/devstack
Code Issues Proposed changes

Merge "Add OS_CACERT to userrc_early and ensure SERVICE_HOST is SAN"

Browse Source
This commit is contained in:
Jenkins
2016-03-30 23:40:13 +00:00
committed by Gerrit Code Review
parent 22498c19f6 be00e95da5
commit 677e14a4d1
2 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/tls
View File

@@ -257,6 +257,14 @@ function make_cert {
local common_name=$3 local common_name=$3
local alt_names=$4 local alt_names=$4
if [ "$common_name" != "$SERVICE_HOST" ]; then
if [[ -z "$alt_names" ]]; then
alt_names="DNS:$SERVICE_HOST"
else
alt_names="$alt_names,DNS:$SERVICE_HOST"
fi
fi
# Only generate the certificate if it doesn't exist yet on the disk # Only generate the certificate if it doesn't exist yet on the disk
if [ ! -r "$ca_dir/$cert_name.crt" ]; then if [ ! -r "$ca_dir/$cert_name.crt" ]; then
# Generate a signing request # Generate a signing request

8
stack.sh
View File

@@ -1004,10 +1004,6 @@ if is_service_enabled keystone; then
bootstrap_keystone bootstrap_keystone
fi fi
if is_service_enabled tls-proxy; then
export OS_CACERT=$INT_CA_DIR/ca-chain.pem
fi
# Rather than just export these, we write them out to a # Rather than just export these, we write them out to a
# intermediate userrc file that can also be used to debug if # intermediate userrc file that can also be used to debug if
# something goes wrong between here and running # something goes wrong between here and running
@@ -1028,6 +1024,10 @@ export OS_REGION_NAME=$REGION_NAME
EOF EOF
if is_service_enabled tls-proxy; then
echo "export OS_CACERT=$INT_CA_DIR/ca-chain.pem" >> $TOP_DIR/userrc_early
fi
source $TOP_DIR/userrc_early source $TOP_DIR/userrc_early
create_keystone_accounts create_keystone_accounts