Add cacert to clouds.yaml
We need to add the cacert for both undercloud and overclud in clouds.yaml Closes-Bug: #1878540 Depends-On: https://review.opendev.org/728358 Change-Id: I1f209bcae7707af2c8653ad21f69097f81ec6947
This commit is contained in:
Rabi Mishra
parent
0f7cca3e1b
commit
42cfbbc8bf
|
|
@ -52,6 +52,26 @@ parameters:
|
||||||
default: 'fernet'
|
default: 'fernet'
|
||||||
constraints:
|
constraints:
|
||||||
- allowed_values: ['fernet']
|
- allowed_values: ['fernet']
|
||||||
|
SSLCertificate:
|
||||||
|
default: ''
|
||||||
|
description: >
|
||||||
|
The content of the SSL certificate (without Key) in PEM format.
|
||||||
|
type: string
|
||||||
|
PublicSSLCertificateAutogenerated:
|
||||||
|
default: false
|
||||||
|
description: >
|
||||||
|
Whether the public SSL certificate was autogenerated or not.
|
||||||
|
type: boolean
|
||||||
|
EnablePublicTLS:
|
||||||
|
default: true
|
||||||
|
description: >
|
||||||
|
Whether to enable TLS on the public interface or not.
|
||||||
|
type: boolean
|
||||||
|
InternalTLSCAFile:
|
||||||
|
default: '/etc/ipa/ca.crt'
|
||||||
|
type: string
|
||||||
|
description: Specifies the default CA cert to use if TLS is used for
|
||||||
|
services in the internal network.
|
||||||
EnableInternalTLS:
|
EnableInternalTLS:
|
||||||
type: boolean
|
type: boolean
|
||||||
default: false
|
default: false
|
||||||
|
|
@ -318,6 +338,17 @@ resources:
|
||||||
|
|
||||||
conditions:
|
conditions:
|
||||||
|
|
||||||
|
public_tls_enabled:
|
||||||
|
and:
|
||||||
|
- {get_param: EnablePublicTLS}
|
||||||
|
- or:
|
||||||
|
- not:
|
||||||
|
equals:
|
||||||
|
- {get_param: SSLCertificate}
|
||||||
|
- ""
|
||||||
|
- equals:
|
||||||
|
- {get_param: PublicSSLCertificateAutogenerated}
|
||||||
|
- true
|
||||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||||
keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]}
|
keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]}
|
||||||
keystone_ldap_domain_enabled: {equals: [{get_param: KeystoneLDAPDomainEnable}, True]}
|
keystone_ldap_domain_enabled: {equals: [{get_param: KeystoneLDAPDomainEnable}, True]}
|
||||||
|
|
@ -720,6 +751,11 @@ outputs:
|
||||||
project_name: admin
|
project_name: admin
|
||||||
user_domain_name: Default
|
user_domain_name: Default
|
||||||
username: admin
|
username: admin
|
||||||
|
cacert:
|
||||||
|
if:
|
||||||
|
- public_tls_enabled
|
||||||
|
- {get_param: InternalTLSCAFile}
|
||||||
|
- ''
|
||||||
identity_api_version: '3'
|
identity_api_version: '3'
|
||||||
region_name: {get_param: KeystoneRegion}
|
region_name: {get_param: KeystoneRegion}
|
||||||
- name: Manage Keystone resources
|
- name: Manage Keystone resources
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue