tripleo-heat-templates

History

Damien Ciabrini 34fd20704a [train-only] Make principal realms configuratble in certs The certificates specs for certmonger are configured in hiera as 'service/host_fqdn'. Certmonger automatically happen a default realm to it to look like 'service/host_fqdn/REALM'. This discrepancy makes puppet think certificate resources differ each time puppet apply is run, so puppet-certmonger resubmit the certificates and this causes unecessary service restart, which can be costly (e.g. mariadb). All the principal to be configured with a user-defined realm, and use uppercased cloud-domain by default (i.e. what certmongers automatically happens by default). Change-Id: I0a217b4a457881367de27414faca347e50f2db72 Related-Bug: #1906505 Depends-On: https://review.opendev.org/c/openstack/puppet-tripleo/+/822244 Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>	2021-12-20 13:41:51 +01:00
..
apache-baremetal-puppet.j2.yaml	[train-only] Make principal realms configuratble in certs	2021-12-20 13:41:51 +01:00

Damien Ciabrini 34fd20704a [train-only] Make principal realms configuratble in certs

The certificates specs for certmonger are configured in hiera
as 'service/host_fqdn'. Certmonger automatically happen
a default realm to it to look like 'service/host_fqdn/REALM'.

This discrepancy makes puppet think certificate resources
differ each time puppet apply is run, so puppet-certmonger
resubmit the certificates and this causes unecessary service
restart, which can be costly (e.g. mariadb).

All the principal to be configured with a user-defined realm,
and use uppercased cloud-domain by default (i.e. what
certmongers automatically happens by default).

Change-Id: I0a217b4a457881367de27414faca347e50f2db72
Related-Bug: #1906505
Depends-On: https://review.opendev.org/c/openstack/puppet-tripleo/+/822244
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>

2021-12-20 13:41:51 +01:00

apache-baremetal-puppet.j2.yaml

[train-only] Make principal realms configuratble in certs

2021-12-20 13:41:51 +01:00