Renamed the playbook to 'update_platform_certificates.yml', to reflect
the intention behind moving forward (not only to migrate the platform
certificates to cert-manager, but to be a easy way to update the local
issuer (system-local-ca) CA certificates as well as the leaf
certificates data.
Moved the install of the RCA to the beginning of the execution, as
several validations are made in the role and it's useful to have
then fail if a problem is detected before issuing the leaf
certificates.
Updated the conditions for creating the certificates to issue the
Rest API / GUI certificate (default behavior from now onward). Fixed
the condition for having the Local OpenLDAP certificate (host role is
not subcloud).
Test plan:
PASS: Deploy a system with the feature flag enabled in the localhost
file ('create_platform_certificates'). Apply oidc. Execute the
playbook using the new name ('update_platform_certificates.yml')
in 'update' and 'check' modes. Observe that it works as expected.
Checked:
- The provided RCA is installed as Trusted CA;
- The resulting certificates are correct;
- Login in Local Docker Registry is working;
- OIDC is working as expected;
- Horizon is working as expected;
- OpenLDAP is working as expected.
Story: 2009811
Task: 48908
Change-Id: I9b928b1080a28bebb0362ac8d68be387bd4a67da
Signed-off-by: Marcelo Loebens <Marcelo.DeCastroLoebens@windriver.com>
b7c629b603