Templatize keystone ssl keys/certs
Keystone keys/certs files are fetched from heat metadata. This will allow us distribute identical keyst/certs to all control nodes instead of having different keys/certs on each node. Relies-on: I6d4efa753b97bb8cdbd07b1bf7b1cd123f7a32ed Related to blueprint tripleo-icehouse-ha-production-configuration Change-Id: I420957eb883ef4e21440171fb41c5b46f8e743fa
This commit is contained in:
parent
12ef0d6653
commit
154bbab23e
@ -0,0 +1 @@
|
||||
{{keystone.ca_certificate}}
|
@ -0,0 +1 @@
|
||||
{{keystone.signing_certificate}}
|
@ -0,0 +1 @@
|
||||
{{keystone.signing_key}}
|
@ -3,3 +3,10 @@ set -eux
|
||||
|
||||
[ -d /mnt/state/etc/keystone/ssl/certs ] || install -m 0750 -o keystone -g keystone -d /mnt/state/etc/keystone/ssl/certs
|
||||
[ -d /mnt/state/etc/keystone/ssl/private ] || install -m 0750 -o keystone -g keystone -d /mnt/state/etc/keystone/ssl/private
|
||||
|
||||
# precreate ssl key file with correct permissions
|
||||
# TODO: this can be replaced with mode metadata header when supported in
|
||||
# os-apply-config (spec's Change-Id: I8fe7126d7261c1f106d7413bd31aa379e9ae5c3e)
|
||||
touch /mnt/state/etc/keystone/ssl/private/signing_key.pem
|
||||
chown keystone.keystone /mnt/state/etc/keystone/ssl/private/signing_key.pem
|
||||
chmod 0640 /mnt/state/etc/keystone/ssl/private/signing_key.pem
|
||||
|
Loading…
Reference in New Issue
Block a user