6fa7a0974a
This gets a TLS certificate for the overcloud when necessary:
* If no incoming cert/key is provided and we don't expect the
overcloud's certmonger instances to request the certificates,
we request one to the undercloud's certmonger local CA.
* If a certificate was provided, we verify if it's user-provided
or if it was autogenerated.
- If it was user-provided we pass through that certificate
- If it was autogenerated, we request or resubmit the request
if it's needed.
* We also accept the EnableTLS flag, which the deployer can
explicitly turn off if they decide not to use TLS.
Depends-On: Ic70dd323b33596eaa3fc18bdc69a7c011ccd7fa1
Change-Id: I3d3cad0eb1396e7bee146794b29badad302efdf3
9 lines
343 B
YAML
9 lines
343 B
YAML
---
|
|
features:
|
|
- |
|
|
The default plan deployment workflow now automatically adds the necessary
|
|
certificate and key to enable TLS by default in the overcloud. Note that
|
|
this doesn't overwrite any certificate or keys given by the deployer;
|
|
those still take precedence. This will enable TLS if it isn't already
|
|
enabled though.
|