openstack
/
puppet-tripleo
Code Issues Proposed changes
puppet-tripleo/manifests/certmonger
History
Alan Bishop 63111546cd Fix etcd's support for internal TLS 
Fixes for etcd's certmonger cert and key generation:
- Do not chown the cert and key files generated on the host. In addition
  to the fact that "etcd" is not a valid user|grep name on the host, an
  ACL must be used to allow other services (such as cinder) to access
  the files. That ACL will be handled at the THT layer.
- New $dnsnames parameter supports adding a list of subject alternative
  name (SAN) to the cert.
- Remove obsolete default $postsave_cmd (see comment in the code), but
  make it a parameter so it can be overridden if necessary.

The cinder-volume service uses etcd when cinder is configured for
active/active mode. When internal TLS is enabled, the backend_url must
include references to etcd's cert and key files.

Partial-Bug: #1869955
Change-Id: Ifa7452ec15b81f48d7e5fb1252f20b5af1dff95c
 		2020-04-01 09:23:26 -07:00
..
ca Stop creating symlinks for lbivirt's CA files 2019-03-21 15:27:25 +01:00
apache_dirs.pp Ensure directory exists for certificates for httpd 2017-04-11 11:45:43 +00:00
ceph_dashboard.pp Add ceph dashboard frontend endpoint and tls-e integration 2020-01-30 12:37:52 +01:00
ceph_grafana.pp Add certmonger-grafana-refresh script 2019-08-20 08:23:58 +02:00
ceph_rgw.pp Add Certmonger ceph_rgw class to config tls 2020-03-03 13:01:22 +01:00
etcd.pp Fix etcd's support for internal TLS 2020-04-01 09:23:26 -07:00
haproxy.pp Convert all class usage to relative names 2019-12-08 23:23:25 +01:00
haproxy_dirs.pp Fixes incorrect license for certmonger haproxy dirs 2018-04-09 15:50:32 -04:00
httpd.pp Convert all class usage to relative names 2019-12-08 23:23:25 +01:00
libvirt.pp Convert all class usage to relative names 2019-12-08 23:23:25 +01:00
libvirt_dirs.pp TLS-everywhere: Add resources for libvirt's cert for live migration 2017-04-07 11:31:40 +03:00
libvirt_vnc.pp Convert all class usage to relative names 2019-12-08 23:23:25 +01:00
libvirt_vnc_dirs.pp Add support for libvirt VNC TLS with option of a dedicated CA 2018-02-14 10:23:26 +00:00
metrics_qdr.pp Convert all class usage to relative names 2019-12-08 23:23:25 +01:00
mysql.pp Convert all class usage to relative names 2019-12-08 23:23:25 +01:00
neutron.pp Convert all class usage to relative names 2019-12-08 23:23:25 +01:00
neutron_ovn.pp Convert all class usage to relative names 2019-12-08 23:23:25 +01:00
novnc_proxy.pp Convert all class usage to relative names 2019-12-08 23:23:25 +01:00
opendaylight.pp Convert all class usage to relative names 2019-12-08 23:23:25 +01:00
openvswitch.pp Convert all class usage to relative names 2019-12-08 23:23:25 +01:00
ovn_controller.pp Convert all class usage to relative names 2019-12-08 23:23:25 +01:00
ovn_dbs.pp Convert all class usage to relative names 2019-12-08 23:23:25 +01:00
ovn_metadata.pp Convert all class usage to relative names 2019-12-08 23:23:25 +01:00
ovn_octavia.pp Add Octavia OVN Provider configuration (1 of 2) 2020-03-18 14:35:16 -04:00
qemu.pp Convert all class usage to relative names 2019-12-08 23:23:25 +01:00
qemu_dirs.pp Add support for native TLS encryption on NBD for disk migration 2018-12-05 11:31:43 +01:00
qemu_nbd_dirs.pp Add support for native TLS encryption on NBD for disk migration 2018-12-05 11:31:43 +01:00
rabbitmq.pp Convert all class usage to relative names 2019-12-08 23:23:25 +01:00
redis.pp Convert all class usage to relative names 2019-12-08 23:23:25 +01:00