In Puppet 3 there was a need to use absolute
names to prevent issues. Since Puppet 4 everything
is absolute by default which makes this not needed.
We need to change this everywhere so that we can
revert the pin in [1] that now prevents us from
using the latest version of the puppet-lint check
puppet-lint-absolute_classname_check that properly
checks that we dont use absolute names.
[1] https://review.opendev.org/#/c/697742/
Change-Id: I78b74fbeb08be7234189e4d266412fb7fb7a73c0
This patch enables SSL by default on scenario003 for both Ubuntu &
CentOS7, like it's done for scenario001 and 002.
Note: we don't enable SSL for Sahara because of:
https://bugs.launchpad.net/sahara/+bug/1565082
Change-Id: I7e25b8acaeda2fc51a1a83b3a3aae0c89f332323
* Deploy Self-Signed Certificates for both IPv6 & IPv4 deployments.
* Disable IPv6 for RabbitMQ now, for SSL reasons, will be enabled again
later in a next iteration.
* Deploy Ironic API under WSGI instead of eventlet.
* Switch Glance API, Ironic API and Keystone to SSL.
* Configure Tempest with SSL endpoints when needed.
* Reduce the Ironic tests because of [1].
[1] https://bugs.launchpad.net/ironic/+bug/1554237
Note #1: puppet-swift, and puppet-cinder will require some work to support SSL, so it's not
implemented in this patch.
Note #2: we don't enable SSL for Neutron because of
https://bugs.launchpad.net/neutron/+bug/1514424
Change-Id: Ib2b5289b6f5e82f43cf60dee3152b2c2ddd5a014
* Manage Puppet OpenStack CI CA and create a common certificate,
auto-signed.
* Configure RabbitMQ to activate SSL on scenario002
* Configure OpenStack services that run on scenario002 to connect to
RabbitMQ using SSL protocol.
Change-Id: Ic435078472ba4e0e0eaf04a64e5bcb7aabba7b3d
