openstack/tripleo-heat-templates
Code Issues Proposed changes
3fe597a5f2
tripleo-heat-templates/environments/ssl/enable-tls.yaml
Rabi Mishra 2acb0d376b Add new parameter PublicTLSCACert 
We've been using InternalTLSCAFile parameter when enabling
public TLS for undercloud and is quite confusing. We recently
changed to use it in clouds.yaml and it would break when
both public and internal TLS are enabled for overcloud and both
use different CA certs. This adds a new parameter which we
will use in clouds.yaml, that would default to empty string
assuming that the certificates are trusted.

Closes-Bug: #1883818
Change-Id: Id6f612a91255b3158be821c363ca852c6b5d7496
Depends-On: https://review.opendev.org/737998
2020-06-25 09:31:00 -04:00

46 lines
1.7 KiB
YAML
Raw Blame History

# *******************************************************************
# This file was created automatically by the sample environment
# generator. Developers should use `tox -e genconfig` to update it.
# Users are recommended to make changes to a copy of the file instead
# of the original, if any customizations are needed.
# *******************************************************************
# title: Enable SSL on OpenStack Public Endpoints
# description: |
# Use this environment to pass in certificates for SSL deployments.
# For these values to take effect, one of the tls-endpoints-*.yaml
# environments must also be used.
parameter_defaults:
# Set CSRF_COOKIE_SECURE / SESSION_COOKIE_SECURE in Horizon
# Type: boolean
HorizonSecureCookies: True
# Specifies the default CA cert to use if TLS is used for services in the public network.
# Type: string
PublicTLSCAFile: ''
# The content of the SSL certificate (without Key) in PEM format.
# Type: string
SSLCertificate: |
The contents of your certificate go here
# The content of an SSL intermediate CA certificate in PEM format.
# Type: string
SSLIntermediateCertificate: ''
# The content of the SSL Key in PEM format.
# Type: string
SSLKey: |
The contents of the private key go here
# ******************************************************
# Static parameters - these are values that must be
# included in the environment but should not be changed.
# ******************************************************
# The filepath of the certificate as it will be stored in the controller.
# Type: string
DeployedSSLCertificatePath: /etc/pki/tls/private/overcloud_endpoint.pem
# *********************
# End static parameters
# *********************
View Git Blame Copy Permalink