63111546cd
Fixes for etcd's certmonger cert and key generation: - Do not chown the cert and key files generated on the host. In addition to the fact that "etcd" is not a valid user|grep name on the host, an ACL must be used to allow other services (such as cinder) to access the files. That ACL will be handled at the THT layer. - New $dnsnames parameter supports adding a list of subject alternative name (SAN) to the cert. - Remove obsolete default $postsave_cmd (see comment in the code), but make it a parameter so it can be overridden if necessary. The cinder-volume service uses etcd when cinder is configured for active/active mode. When internal TLS is enabled, the backend_url must include references to etcd's cert and key files. Partial-Bug: #1869955 Change-Id: Ifa7452ec15b81f48d7e5fb1252f20b5af1dff95c
Team and repository tags
puppet-tripleo
Lightweight composition layer for Puppet TripleO.
Contributing
- Free software: Apache License (2.0)
- Source: http://git.openstack.org/cgit/openstack/puppet-tripleo
- Bugs: http://bugs.launchpad.net/tripleo (tag: puppet)
- Documentation:
- TripleO: https://docs.openstack.org/tripleo-docs/latest/
- Testing with puppet: https://docs.openstack.org/puppet-openstack-guide/latest/contributor/testing.html
- Release Notes https://docs.openstack.org/releasenotes/puppet-tripleo