openstack/tripleo-heat-templates
Code Issues Proposed changes

Correct the InternalTLSVncCAFile to comply with selinux policy

Browse Source 
InternalTLSVncCAFile currently defaults to /etc/ipa/vnc.crt.
Certmonger attempts to save the CA cert to this path as cert_t, however
/etc/ipa is etc_t.
Moving to /etc/pki/CA/certs which is cert_t resolves the issue, and is
arugably a more suitable location.

Change-Id: Ib275fc43dd772851511598a4932c19fcda706479
This commit is contained in:
Oliver Walsh 2018-04-06 17:37:53 +01:00
parent e57e2e871b
commit ab78b1fcc1
4 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docker/services/nova-libvirt.yaml
View File

@ -91,7 +91,7 @@ parameters:
description: Specifies the default CA cert to use if TLS is used for description: Specifies the default CA cert to use if TLS is used for
services in the internal network. services in the internal network.
InternalTLSVncCAFile: InternalTLSVncCAFile:
default: '/etc/ipa/vnc.crt' default: '/etc/pki/CA/certs/vnc.crt'
type: string type: string
description: Specifies the CA cert to use for VNC TLS. description: Specifies the CA cert to use for VNC TLS.
LibvirtCACert: LibvirtCACert:

2
docker/services/nova-vnc-proxy.yaml
View File

@ -50,7 +50,7 @@ parameters:
enable TLS transaport for libvirt VNC and configure the enable TLS transaport for libvirt VNC and configure the
relevant keys for libvirt. relevant keys for libvirt.
InternalTLSVncCAFile: InternalTLSVncCAFile:
default: '/etc/ipa/vnc.crt' default: '/etc/pki/CA/certs/vnc.crt'
type: string type: string
description: Specifies the CA cert to use for VNC TLS. description: Specifies the CA cert to use for VNC TLS.
LibvirtVncCACert: LibvirtVncCACert:

2
puppet/services/nova-libvirt.yaml
View File

@ -88,7 +88,7 @@ parameters:
description: Specifies the default CA cert to use if TLS is used for description: Specifies the default CA cert to use if TLS is used for
services in the internal network. services in the internal network.
InternalTLSVncCAFile: InternalTLSVncCAFile:
default: '/etc/ipa/vnc.crt' default: '/etc/pki/CA/certs/vnc.crt'
type: string type: string
description: Specifies the CA cert to use for VNC TLS. description: Specifies the CA cert to use for VNC TLS.
LibvirtCACert: LibvirtCACert:

2
puppet/services/nova-vnc-proxy.yaml
View File

@ -56,7 +56,7 @@ parameters:
enable TLS transaport for libvirt VNC and configure the enable TLS transaport for libvirt VNC and configure the
relevant keys for libvirt. relevant keys for libvirt.
InternalTLSVncCAFile: InternalTLSVncCAFile:
default: '/etc/ipa/vnc.crt' default: '/etc/pki/CA/certs/vnc.crt'
type: string type: string
description: Specifies the CA cert to use for VNC TLS. description: Specifies the CA cert to use for VNC TLS.
LibvirtVncCACert: LibvirtVncCACert: