d5701e6ceb
Validate SSLCertificate is defined when PublicSSLCertificateAutogenerated is False otherwise deployment fails at step4 without meaningful error messages due to public SSL endpoints not being properly defined in haproxy.cfg. Change-Id: I9e0dc2913848eec9919c86372dd151ca5808fb30
12 lines
616 B
YAML
12 lines
616 B
YAML
---
|
|
fixes:
|
|
- |
|
|
Before this patch, invalid certificates would be detected close to the end
|
|
of the deployment. In small environments, this comes fast but in an environment
|
|
with a large number of nodes, failures would come really late after a few
|
|
hours of deployment. With this validation, it now fails before step1 at
|
|
host_prep_steps if the certificate is smaller than 512 bytes if UsePublicTLS
|
|
is set to true and PublicSSLCertificateAutogenerated is set to false. It will
|
|
also use openssl to verify the state of the certificate and fail if the certificate
|
|
is invalid or expired.
|