1a1ac09dfd
This change adds the openldap certificate creation process to the
bootstrap.yml playbook. It also adds support for updating it to
the migrate_platform_certificates_to_certmanager playbook.
This change is also renaming the kubernetes Root CA's common name to
starlingx, so that it can be used as the system_local_ca clusterIssuer
which will be used as the Issuer of the openldap certificate.
Test Plan:
PASS: Run the bootstrap playbook and verify that it is able to create
the openldap certificate and install system_root_ca as a ssl_ca
certificate in 'system certificate-list'
PASS Do system unlock and verify that cert-mon is able to pick up and
install the openldap certificate
PASS: Test migrate_platform_certificates_to_certmanager and verify that
it is able to update the openldap certificate
PASS: On a DC system (centos only), verify that the bootstrap.yml
playbook works for 'dcmanager subcloud add'
PASS: On a DC system (centos only), verify that the openldap certificate
in not created in subclouds
PASS: Verified that the bootstrap.yml playbook can be re-played
multiple times without error
PASS: Verify remote system bootstrap for debian works
Story: 2009834
Task: 45774
Signed-off-by: Rei Oliveira <Reinildes.JoseMateusOliveira@windriver.com>
Change-Id: Ie4c37026c9d5d4864dfea6fff3f066f3735c9fe2
|
||
|---|---|---|
| .. | ||
| manage-local-ldap-account | ||
| migrate | ||
| remote | ||