openstack/tripleo-docs
Code Issues Proposed changes

Add PublicTLSCAFile to docs

Browse Source 
We should document the PublicTLSCAFile parameter since it
adds the cacert section in the clouds.yaml file. Without
this param, the cacert section is left empty.

Resolves: rhbz#1999872
Change-Id: Icbebf1adbeb43705bf8a9b05abcce9580fbea4e6
This commit is contained in:
Brendan Shephard 2021-09-15 12:54:46 +00:00
parent 794783c071
commit 952fb8eb70
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
deploy-guide/source/features/ssl.rst
View File

@ -187,6 +187,15 @@ Certificate Details
sudo cp overcloud-cacert.pem /etc/pki/ca-trust/source/anchors/ sudo cp overcloud-cacert.pem /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust extract sudo update-ca-trust extract
This certificate location needs to be added to the ``enabled-tls.yaml`` file
with the parameter ``PublicTLSCAFile`` like so::
parameter_defaults:
PublicTLSCAFile: '/etc/pki/ca-trust/source/anchors/overcloud-cacert.pem'
``PublicTLSCAFile`` ensures the CA Certificate will be added to the ``clouds.yaml``
file for the ``cacert`` parameter.
Generate the leaf certificate request and key that will be used for the Generate the leaf certificate request and key that will be used for the
public VIP. To do this, we will create two files for the certificate public VIP. To do this, we will create two files for the certificate
request. First, we create the server.csr.cnf:: request. First, we create the server.csr.cnf::