openstack
/
tripleo-image-elements
Code Issues Proposed changes
tripleo-image-elements/elements/ssl-ca
History
Kiall Mac Innes 57feb708ea Only install CA cert if file is likely to be a valid cert 
In certain cases, the heat metadata and cert may not be available when the element
is first ran. We should make a trivial attempt to guess if the cert is likely to
be valid before attempting to install it.

Change-Id: Id0fcb3828f0cdfafdbb7d421377642ee50240907
 		2014-11-24 21:24:40 +00:00
..
os-apply-config/etc/ssl ssl-ca: Allow CA certificate to be specified 2014-08-11 11:09:20 -07:00
os-refresh-config/configure.d Only install CA cert if file is likely to be a valid cert 2014-11-24 21:24:40 +00:00
README.md Properly format markdown code blocks 2014-11-12 10:31:01 +09:00

README.md

Install and trust a CA at the operating system level, making it available for use by OpenStack services and other network clients authenticating SSL-secured connections.

Configuration

ssl:
  ca_certificate: certdata

The CA certificate will be written to /etc/ssl/from-heat-ca.crt and installed using update-ca-certificates (apt-based distros) or update-ca-trusts (yum-based distros).

This may be used in conjunction with openstack-ssl to enable SSL-secure connections between OpenStack services, or independently to enable secure integration with external resources such as Keystone -> LDAP server or Cinder -> external backend.

If multiple CA certificates are to be trusted, they should be concatenated in PEM format within the single ca_certificate property defining the trust store.