Add a new subcommand 'check' to kolla-ansible, used to run the
smoke/sanity checks.
Add stub files to all services that don't currently have checks.
Change-Id: I9f661c5fc51fd5b9b266f23f6c524884613dee48
Partially-implements: blueprint sanity-check-container
TLS can be used to encrypt and authenticate the connection with
OpenStack endpoints. This patch provides the necessary
parameters and changes the resulting service configurations to
enable TLS for the Kolla deployed OpenStack cloud.
The new input parameters are:
kolla_enable_tls_external: "yes" or "no" (default is "no")
kolla_external_fqdn_cert: "/etc/kolla/certificates/haproxy.pem"
kolla_external_fqdn_cacert: "/etc/kolla/certificates/haproxy-ca.crt"
Implements: blueprint kolla-ssl
Change-Id: I48ef8a781c3035d58817f9bf6f36d59a488bab41
Working towards the blueprint that will add TLS protection
for the external endpoints, kolla needs certificates.
When kolla deploys OpenStack, the external VIP will need
a server side certifcate. Clients that access those endpoints will
need the public CA certificate that signed that certificate.
This ansible script will create these two certificates to make
it easy to use TLS in a test environment. The generated
certificate files are:
/etc/kolla/certificates/haproxy.pem (server side certificate)
/etc/kolla/certificates/haproxy-ca.pem (CA certificate)
The generated certificates are not suitable for use in a
production environment, but will be useful for testing and
verifying operations.
Partially-implements: blueprint ssl-kolla
Change-Id: I208777f9e5eee3bfb06810c7b18a2727beda234d