From d25729787463f35eb150468ad8a25f91c0bb3c45 Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Wed, 28 Mar 2018 08:45:21 +0300 Subject: [PATCH] Enable TLS by default in the containerized undercloud This is part of the effort on enabling TLS by default in the public interfaces. Change-Id: Iab02ad0ec1e117447afed17c07e870143017e72b --- ...or-undercloud_config-f8cdcf206de51b3c.yaml | 6 +++++ .../tests/v1/undercloud/test_undercloud.py | 24 +++++++++++++++++++ tripleoclient/v1/undercloud_config.py | 2 +- 3 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/TLS-by-default-for-undercloud_config-f8cdcf206de51b3c.yaml diff --git a/releasenotes/notes/TLS-by-default-for-undercloud_config-f8cdcf206de51b3c.yaml b/releasenotes/notes/TLS-by-default-for-undercloud_config-f8cdcf206de51b3c.yaml new file mode 100644 index 000000000..7bde30e6b --- /dev/null +++ b/releasenotes/notes/TLS-by-default-for-undercloud_config-f8cdcf206de51b3c.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + TLS is now used by default for the containerized undercloud. This is done + by setting the ``generate_service_certificate`` parameter to True by + default. diff --git a/tripleoclient/tests/v1/undercloud/test_undercloud.py b/tripleoclient/tests/v1/undercloud/test_undercloud.py index 277a40432..eda217ef3 100644 --- a/tripleoclient/tests/v1/undercloud/test_undercloud.py +++ b/tripleoclient/tests/v1/undercloud/test_undercloud.py @@ -76,6 +76,18 @@ class TestUndercloudInstall(TestPluginV1): '/usr/share/openstack-tripleo-heat-templates/environments/' 'services-docker/zaqar.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/' + 'public-tls-undercloud.yaml', + '--public-virtual-ip', '192.168.24.2', + '--control-virtual-ip', '192.168.24.3', '-e', + '/usr/share/openstack-tripleo-heat-templates/environments/' + 'tls-endpoints-public-ip.yaml', '-e', + '/usr/share/openstack-tripleo-heat-templates/environments/' + 'use-dns-for-vips.yaml', '-e', + '/usr/share/openstack-tripleo-heat-templates/environments/' + 'services-docker/undercloud-haproxy.yaml', '-e', + '/usr/share/openstack-tripleo-heat-templates/environments/' + 'services-docker/undercloud-keepalived.yaml', '-e', + '/usr/share/openstack-tripleo-heat-templates/environments/' 'docker.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/' 'config-download-environment.yaml', '-e', @@ -141,6 +153,18 @@ class TestUndercloudUpgrade(TestPluginV1): '/usr/share/openstack-tripleo-heat-templates/environments/' 'services-docker/zaqar.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/' + 'public-tls-undercloud.yaml', + '--public-virtual-ip', '192.168.24.2', + '--control-virtual-ip', '192.168.24.3', '-e', + '/usr/share/openstack-tripleo-heat-templates/environments/' + 'tls-endpoints-public-ip.yaml', '-e', + '/usr/share/openstack-tripleo-heat-templates/environments/' + 'use-dns-for-vips.yaml', '-e', + '/usr/share/openstack-tripleo-heat-templates/environments/' + 'services-docker/undercloud-haproxy.yaml', '-e', + '/usr/share/openstack-tripleo-heat-templates/environments/' + 'services-docker/undercloud-keepalived.yaml', '-e', + '/usr/share/openstack-tripleo-heat-templates/environments/' 'docker.yaml', '-e', '/usr/share/openstack-tripleo-heat-templates/environments/' 'config-download-environment.yaml', '-e', diff --git a/tripleoclient/v1/undercloud_config.py b/tripleoclient/v1/undercloud_config.py index db58b6a26..05eb65b2e 100644 --- a/tripleoclient/v1/undercloud_config.py +++ b/tripleoclient/v1/undercloud_config.py @@ -145,7 +145,7 @@ _opts = [ 'OpenStack API endpoints, leaving it unset disables SSL.') ), cfg.BoolOpt('generate_service_certificate', - default=False, + default=True, help=('When set to True, an SSL certificate will be generated ' 'as part of the undercloud install and this certificate ' 'will be used in place of the value for '