Enable TLS by default in the containerized undercloud
This is part of the effort on enabling TLS by default in the public interfaces. Change-Id: Iab02ad0ec1e117447afed17c07e870143017e72b
This commit is contained in:
parent
11465ba8a3
commit
d257297874
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
TLS is now used by default for the containerized undercloud. This is done
|
||||
by setting the ``generate_service_certificate`` parameter to True by
|
||||
default.
|
|
@ -76,6 +76,18 @@ class TestUndercloudInstall(TestPluginV1):
|
|||
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||
'services-docker/zaqar.yaml', '-e',
|
||||
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||
'public-tls-undercloud.yaml',
|
||||
'--public-virtual-ip', '192.168.24.2',
|
||||
'--control-virtual-ip', '192.168.24.3', '-e',
|
||||
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||
'tls-endpoints-public-ip.yaml', '-e',
|
||||
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||
'use-dns-for-vips.yaml', '-e',
|
||||
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||
'services-docker/undercloud-haproxy.yaml', '-e',
|
||||
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||
'services-docker/undercloud-keepalived.yaml', '-e',
|
||||
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||
'docker.yaml', '-e',
|
||||
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||
'config-download-environment.yaml', '-e',
|
||||
|
@ -141,6 +153,18 @@ class TestUndercloudUpgrade(TestPluginV1):
|
|||
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||
'services-docker/zaqar.yaml', '-e',
|
||||
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||
'public-tls-undercloud.yaml',
|
||||
'--public-virtual-ip', '192.168.24.2',
|
||||
'--control-virtual-ip', '192.168.24.3', '-e',
|
||||
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||
'tls-endpoints-public-ip.yaml', '-e',
|
||||
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||
'use-dns-for-vips.yaml', '-e',
|
||||
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||
'services-docker/undercloud-haproxy.yaml', '-e',
|
||||
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||
'services-docker/undercloud-keepalived.yaml', '-e',
|
||||
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||
'docker.yaml', '-e',
|
||||
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||
'config-download-environment.yaml', '-e',
|
||||
|
|
|
@ -145,7 +145,7 @@ _opts = [
|
|||
'OpenStack API endpoints, leaving it unset disables SSL.')
|
||||
),
|
||||
cfg.BoolOpt('generate_service_certificate',
|
||||
default=False,
|
||||
default=True,
|
||||
help=('When set to True, an SSL certificate will be generated '
|
||||
'as part of the undercloud install and this certificate '
|
||||
'will be used in place of the value for '
|
||||
|
|
Loading…
Reference in New Issue