undercloud: set OS_CACERT when TLS is used
This fixes TLS errors when anything using python-requests is run from a virtualenv. Change-Id: Icf659e54e8887dc9759cd4d8f732982ce3e0ae5f Closes-Bug: #1771565
This commit is contained in:
parent
784a41a86f
commit
28be1058f6
@ -29,6 +29,12 @@ export OS_PROJECT_DOMAIN_NAME='Default'
|
|||||||
export OS_USER_DOMAIN_NAME='Default'
|
export OS_USER_DOMAIN_NAME='Default'
|
||||||
EOF_CAT
|
EOF_CAT
|
||||||
|
|
||||||
|
if [ -n "$internal_tls_ca_file" ]; then
|
||||||
|
cat >> $HOMEDIR/stackrc <<-EOF_CAT
|
||||||
|
export OS_CACERT="$internal_tls_ca_file"
|
||||||
|
EOF_CAT
|
||||||
|
fi
|
||||||
|
|
||||||
cat >> $HOMEDIR/stackrc <<-"EOF_CAT"
|
cat >> $HOMEDIR/stackrc <<-"EOF_CAT"
|
||||||
# Add OS_CLOUDNAME to PS1
|
# Add OS_CLOUDNAME to PS1
|
||||||
if [ -z "${CLOUDPROMPT_ENABLED:-}" ]; then
|
if [ -z "${CLOUDPROMPT_ENABLED:-}" ]; then
|
||||||
|
@ -28,6 +28,11 @@ parameters:
|
|||||||
description: >
|
description: >
|
||||||
Whether the public SSL certificate was autogenerated or not.
|
Whether the public SSL certificate was autogenerated or not.
|
||||||
type: boolean
|
type: boolean
|
||||||
|
InternalTLSCAFile:
|
||||||
|
default: '/etc/ipa/ca.crt'
|
||||||
|
type: string
|
||||||
|
description: Specifies the default CA cert to use if TLS is used for
|
||||||
|
services in the internal network.
|
||||||
SnmpdReadonlyUserPassword:
|
SnmpdReadonlyUserPassword:
|
||||||
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
|
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
|
||||||
type: string
|
type: string
|
||||||
@ -90,6 +95,7 @@ resources:
|
|||||||
- name: auth_url
|
- name: auth_url
|
||||||
- name: snmp_readonly_user_password
|
- name: snmp_readonly_user_password
|
||||||
- name: enable_validations
|
- name: enable_validations
|
||||||
|
- name: internal_tls_ca_file
|
||||||
config: {get_file: ./undercloud_post.sh}
|
config: {get_file: ./undercloud_post.sh}
|
||||||
|
|
||||||
UndercloudPostDeployment:
|
UndercloudPostDeployment:
|
||||||
@ -104,6 +110,11 @@ resources:
|
|||||||
admin_password: {get_param: AdminPassword}
|
admin_password: {get_param: AdminPassword}
|
||||||
snmp_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
|
snmp_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
|
||||||
enable_validations: [get_params: EnableValidations]
|
enable_validations: [get_params: EnableValidations]
|
||||||
|
internal_tls_ca_file:
|
||||||
|
if:
|
||||||
|
- tls_enabled
|
||||||
|
- {get_param: InternalTLSCAFile}
|
||||||
|
- ''
|
||||||
# if SSL is enabled we use the public virtual ip as the stackrc endpoint
|
# if SSL is enabled we use the public virtual ip as the stackrc endpoint
|
||||||
auth_url:
|
auth_url:
|
||||||
if:
|
if:
|
||||||
|
Loading…
Reference in New Issue
Block a user