undercloud: set OS_CACERT when TLS is used

This fixes TLS errors when anything using python-requests is run
from a virtualenv.

Change-Id: Icf659e54e8887dc9759cd4d8f732982ce3e0ae5f
Closes-Bug: #1771565
This commit is contained in:
Dmitry Tantsur 2018-05-16 15:52:46 +02:00
parent 784a41a86f
commit 28be1058f6
2 changed files with 17 additions and 0 deletions

View File

@ -29,6 +29,12 @@ export OS_PROJECT_DOMAIN_NAME='Default'
export OS_USER_DOMAIN_NAME='Default'
EOF_CAT
if [ -n "$internal_tls_ca_file" ]; then
cat >> $HOMEDIR/stackrc <<-EOF_CAT
export OS_CACERT="$internal_tls_ca_file"
EOF_CAT
fi
cat >> $HOMEDIR/stackrc <<-"EOF_CAT"
# Add OS_CLOUDNAME to PS1
if [ -z "${CLOUDPROMPT_ENABLED:-}" ]; then

View File

@ -28,6 +28,11 @@ parameters:
description: >
Whether the public SSL certificate was autogenerated or not.
type: boolean
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
SnmpdReadonlyUserPassword:
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
type: string
@ -90,6 +95,7 @@ resources:
- name: auth_url
- name: snmp_readonly_user_password
- name: enable_validations
- name: internal_tls_ca_file
config: {get_file: ./undercloud_post.sh}
UndercloudPostDeployment:
@ -104,6 +110,11 @@ resources:
admin_password: {get_param: AdminPassword}
snmp_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
enable_validations: [get_params: EnableValidations]
internal_tls_ca_file:
if:
- tls_enabled
- {get_param: InternalTLSCAFile}
- ''
# if SSL is enabled we use the public virtual ip as the stackrc endpoint
auth_url:
if: