openstack/python-tripleoclient
Code Issues Proposed changes

Enable TLS by default in the containerized undercloud

Browse Source 
This is part of the effort on enabling TLS by default in the public
interfaces.

Change-Id: Iab02ad0ec1e117447afed17c07e870143017e72b
This commit is contained in:
Juan Antonio Osorio Robles
2018-03-28 08:45:21 +03:00
parent 11465ba8a3
commit d257297874
3 changed files with 31 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
releasenotes/notes/TLS-by-default-for-undercloud_config-f8cdcf206de51b3c.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
features:
- |
TLS is now used by default for the containerized undercloud. This is done
by setting the ``generate_service_certificate`` parameter to True by
default.

24
tripleoclient/tests/v1/undercloud/test_undercloud.py
View File

@@ -76,6 +76,18 @@ class TestUndercloudInstall(TestPluginV1):
'/usr/share/openstack-tripleo-heat-templates/environments/'
'services-docker/zaqar.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'public-tls-undercloud.yaml',
'--public-virtual-ip', '192.168.24.2',
'--control-virtual-ip', '192.168.24.3', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'tls-endpoints-public-ip.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'use-dns-for-vips.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'services-docker/undercloud-haproxy.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'services-docker/undercloud-keepalived.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'docker.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'config-download-environment.yaml', '-e',
@@ -141,6 +153,18 @@ class TestUndercloudUpgrade(TestPluginV1):
'/usr/share/openstack-tripleo-heat-templates/environments/'
'services-docker/zaqar.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'public-tls-undercloud.yaml',
'--public-virtual-ip', '192.168.24.2',
'--control-virtual-ip', '192.168.24.3', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'tls-endpoints-public-ip.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'use-dns-for-vips.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'services-docker/undercloud-haproxy.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'services-docker/undercloud-keepalived.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'docker.yaml', '-e',
'/usr/share/openstack-tripleo-heat-templates/environments/'
'config-download-environment.yaml', '-e',

2
tripleoclient/v1/undercloud_config.py
View File

@@ -145,7 +145,7 @@ _opts = [
'OpenStack API endpoints, leaving it unset disables SSL.')
),
cfg.BoolOpt('generate_service_certificate',
default=False,
default=True,
help=('When set to True, an SSL certificate will be generated '
'as part of the undercloud install and this certificate '
'will be used in place of the value for '