openstack
/
python-tripleoclient
Code Issues Proposed changes

Enable TLS by default in the containerized undercloud 

This is part of the effort on enabling TLS by default in the public
interfaces.

Change-Id: Iab02ad0ec1e117447afed17c07e870143017e72b
This commit is contained in:
Juan Antonio Osorio Robles 2018-03-28 08:45:21 +03:00
parent 11465ba8a3
commit d257297874
3 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
releasenotes/notes/TLS-by-default-for-undercloud_config-f8cdcf206de51b3c.yaml Normal file
View File

@ -0,0 +1,6 @@
---
features:
- |
TLS is now used by default for the containerized undercloud. This is done
by setting the ``generate_service_certificate`` parameter to True by
default.

24
tripleoclient/tests/v1/undercloud/test_undercloud.py
View File

@ -76,6 +76,18 @@ class TestUndercloudInstall(TestPluginV1):
'/usr/share/openstack-tripleo-heat-templates/environments/'
'services-docker/zaqar.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'public-tls-undercloud.yaml',
'--public-virtual-ip', '192.168.24.2',
'--control-virtual-ip', '192.168.24.3', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'tls-endpoints-public-ip.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'use-dns-for-vips.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'services-docker/undercloud-haproxy.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'services-docker/undercloud-keepalived.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'docker.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'config-download-environment.yaml', '-e',
@ -141,6 +153,18 @@ class TestUndercloudUpgrade(TestPluginV1):
'/usr/share/openstack-tripleo-heat-templates/environments/'
'services-docker/zaqar.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'public-tls-undercloud.yaml',
'--public-virtual-ip', '192.168.24.2',
'--control-virtual-ip', '192.168.24.3', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'tls-endpoints-public-ip.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'use-dns-for-vips.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'services-docker/undercloud-haproxy.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'services-docker/undercloud-keepalived.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'docker.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'config-download-environment.yaml', '-e',

2
tripleoclient/v1/undercloud_config.py
View File

@ -145,7 +145,7 @@ _opts = [
'OpenStack API endpoints, leaving it unset disables SSL.')
),
cfg.BoolOpt('generate_service_certificate',
default=False,
default=True,
help=('When set to True, an SSL certificate will be generated '
'as part of the undercloud install and this certificate '
'will be used in place of the value for '