Add cacert to clouds.yaml

We need to add the cacert for both undercloud and overclud
in clouds.yaml

Closes-Bug: #1878540
Depends-On: https://review.opendev.org/728358
Change-Id: I1f209bcae7707af2c8653ad21f69097f81ec6947
changes/59/727959/2
Rabi Mishra 2 years ago
parent 0f7cca3e1b
commit 42cfbbc8bf
  1. 36
      deployment/keystone/keystone-container-puppet.yaml

@ -52,6 +52,26 @@ parameters:
default: 'fernet'
constraints:
- allowed_values: ['fernet']
SSLCertificate:
default: ''
description: >
The content of the SSL certificate (without Key) in PEM format.
type: string
PublicSSLCertificateAutogenerated:
default: false
description: >
Whether the public SSL certificate was autogenerated or not.
type: boolean
EnablePublicTLS:
default: true
description: >
Whether to enable TLS on the public interface or not.
type: boolean
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
EnableInternalTLS:
type: boolean
default: false
@ -318,6 +338,17 @@ resources:
conditions:
public_tls_enabled:
and:
- {get_param: EnablePublicTLS}
- or:
- not:
equals:
- {get_param: SSLCertificate}
- ""
- equals:
- {get_param: PublicSSLCertificateAutogenerated}
- true
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]}
keystone_ldap_domain_enabled: {equals: [{get_param: KeystoneLDAPDomainEnable}, True]}
@ -720,6 +751,11 @@ outputs:
project_name: admin
user_domain_name: Default
username: admin
cacert:
if:
- public_tls_enabled
- {get_param: InternalTLSCAFile}
- ''
identity_api_version: '3'
region_name: {get_param: KeystoneRegion}
- name: Manage Keystone resources

Loading…
Cancel
Save