openstack
/
puppet-tripleo
Code Issues Proposed changes
puppet-tripleo/manifests/certmonger
History
Ade Lee 885c540c7c Always update the local certmonger ca cert 
The local certmonger cert will renew after half its lifetime, which will
be after 6 months by default.  The current code would extract the CA cert
to a PEM file (and trust it), only if the cert in the existing PEM file
was expired.

But this means that the certmonger local cert could be renewed after six
months and not be replaced in the PEM file until the existing cert
expired at the end of the year.  If certs are issued in this time, they
will not be trusted and the update will fail.

This patch removes this condition, so that the extracted and trusted cert
always matches what is in the PEM file, and what is trusted.

Note, this only place this occurs is on the undercloud - because this is
where we could use the certmonger local cert.  We assume that the haproxy
cert will be re-issued in an update.

Change-Id: If804dc369c5883eeb51f7e6dcd01ee0e5967c7cf
 		2021-04-06 00:16:16 -04:00
..
ca Always update the local certmonger ca cert 2021-04-06 00:16:16 -04:00
apache_dirs.pp Ensure directory exists for certificates for httpd 2017-04-11 11:45:43 +00:00
ceph_dashboard.pp Adding key_size option on the certmonger_certificate function 2020-12-17 19:42:02 -03:00
ceph_grafana.pp Adding key_size option on the certmonger_certificate function 2020-12-17 19:42:02 -03:00
ceph_rgw.pp Adding key_size option on the certmonger_certificate function 2020-12-17 19:42:02 -03:00
etcd.pp Adding key_size option on the certmonger_certificate function 2020-12-17 19:42:02 -03:00
haproxy.pp Adding key_size option on the certmonger_certificate function 2020-12-17 19:42:02 -03:00
haproxy_dirs.pp Fixes incorrect license for certmonger haproxy dirs 2018-04-09 15:50:32 -04:00
httpd.pp Adding key_size option on the certmonger_certificate function 2020-12-17 19:42:02 -03:00
libvirt.pp Adding key_size option on the certmonger_certificate function 2020-12-17 19:42:02 -03:00
libvirt_dirs.pp Update comment to fix lint error 2020-10-06 01:39:04 +09:00
libvirt_vnc.pp Adding key_size option on the certmonger_certificate function 2020-12-17 19:42:02 -03:00
libvirt_vnc_dirs.pp Add support for libvirt VNC TLS with option of a dedicated CA 2018-02-14 10:23:26 +00:00
memcached.pp Adding key_size option on the certmonger_certificate function 2020-12-17 19:42:02 -03:00
metrics_qdr.pp Adding key_size option on the certmonger_certificate function 2020-12-17 19:42:02 -03:00
mysql.pp Adding key_size option on the certmonger_certificate function 2020-12-17 19:42:02 -03:00
neutron.pp Adding key_size option on the certmonger_certificate function 2020-12-17 19:42:02 -03:00
neutron_ovn.pp Adding key_size option on the certmonger_certificate function 2020-12-17 19:42:02 -03:00
novnc_proxy.pp Adding key_size option on the certmonger_certificate function 2020-12-17 19:42:02 -03:00
openvswitch.pp Adding key_size option on the certmonger_certificate function 2020-12-17 19:42:02 -03:00
ovn_controller.pp Adding key_size option on the certmonger_certificate function 2020-12-17 19:42:02 -03:00
ovn_dbs.pp Adding key_size option on the certmonger_certificate function 2020-12-17 19:42:02 -03:00
ovn_metadata.pp Adding key_size option on the certmonger_certificate function 2020-12-17 19:42:02 -03:00
ovn_octavia.pp Adding key_size option on the certmonger_certificate function 2020-12-17 19:42:02 -03:00
qemu.pp Adding key_size option on the certmonger_certificate function 2020-12-17 19:42:02 -03:00
qemu_dirs.pp Add support for native TLS encryption on NBD for disk migration 2018-12-05 11:31:43 +01:00
qemu_nbd_dirs.pp Add support for native TLS encryption on NBD for disk migration 2018-12-05 11:31:43 +01:00
rabbitmq.pp Adding key_size option on the certmonger_certificate function 2020-12-17 19:42:02 -03:00
redis.pp Adding key_size option on the certmonger_certificate function 2020-12-17 19:42:02 -03:00