Merge "undercloud: set OS_CACERT when TLS is used"

This commit is contained in:
Zuul 2018-06-11 16:29:17 +00:00 committed by Gerrit Code Review
commit a2c8a130db
2 changed files with 17 additions and 0 deletions

View File

@ -29,6 +29,12 @@ export OS_PROJECT_DOMAIN_NAME='Default'
export OS_USER_DOMAIN_NAME='Default' export OS_USER_DOMAIN_NAME='Default'
EOF_CAT EOF_CAT
if [ -n "$internal_tls_ca_file" ]; then
cat >> $HOMEDIR/stackrc <<-EOF_CAT
export OS_CACERT="$internal_tls_ca_file"
EOF_CAT
fi
cat >> $HOMEDIR/stackrc <<-"EOF_CAT" cat >> $HOMEDIR/stackrc <<-"EOF_CAT"
# Add OS_CLOUDNAME to PS1 # Add OS_CLOUDNAME to PS1
if [ -z "${CLOUDPROMPT_ENABLED:-}" ]; then if [ -z "${CLOUDPROMPT_ENABLED:-}" ]; then

View File

@ -28,6 +28,11 @@ parameters:
description: > description: >
Whether the public SSL certificate was autogenerated or not. Whether the public SSL certificate was autogenerated or not.
type: boolean type: boolean
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
SnmpdReadonlyUserPassword: SnmpdReadonlyUserPassword:
description: The user password for SNMPd with readonly rights running on all Overcloud nodes description: The user password for SNMPd with readonly rights running on all Overcloud nodes
type: string type: string
@ -90,6 +95,7 @@ resources:
- name: auth_url - name: auth_url
- name: snmp_readonly_user_password - name: snmp_readonly_user_password
- name: enable_validations - name: enable_validations
- name: internal_tls_ca_file
config: {get_file: ./undercloud_post.sh} config: {get_file: ./undercloud_post.sh}
UndercloudPostDeployment: UndercloudPostDeployment:
@ -104,6 +110,11 @@ resources:
admin_password: {get_param: AdminPassword} admin_password: {get_param: AdminPassword}
snmp_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} snmp_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
enable_validations: [get_params: EnableValidations] enable_validations: [get_params: EnableValidations]
internal_tls_ca_file:
if:
- tls_enabled
- {get_param: InternalTLSCAFile}
- ''
# if SSL is enabled we use the public virtual ip as the stackrc endpoint # if SSL is enabled we use the public virtual ip as the stackrc endpoint
auth_url: auth_url:
if: if: