e0901510d7
A new config.tls.generate-cert option is added that defaults to true. When true, a self-signed certificate will be generated and OpenStack API endpoints will be configured to use TLS with that self-signed certificate. The following config options are added: snap get microstack config.tls.generate-cert snap get microstack config.tls.cacert-path snap get microstack config.tls.cert-path snap get microstack config.tls.key-path Users can provide their own certificate by setting generate-cert to false and storing their own certificates/key at the paths specified by cacert-path, cert-path, and key-path. 'snap set' can also be used to change the cert/key file names. An important detail for clustering is that additional compute nodes will need manual configuration of cacert-path, cert-path, and key-path. The same certificates/key can can be copied from the controller node to the compute node. Other notable changes: * The existing generate_selfsigned() function is modified to change the subject alternative name to be made up of the hostname and optionally an IP. The controller hostname and IP are used when generating the certificate for self-signed TLS endpoints. The hostname is now used instead of 'microstack.run' when generating the clustering certificate. * This change also aligns logging for nginx and corresponding sites and moves all nginx sites to {snap_common}/etc/nginx/sites-enabled. Depends-On: https://review.opendev.org/c/x/microstack/+/772900 Change-Id: Iceea3127822404a3275fcf8a221cbedc4b52c217 |
||
---|---|---|
.. | ||
cluster | ||
init | ||
launch | ||
microstack | ||
setup-lvm-loopdev | ||
basic_setup.sh | ||
connect.sh | ||
lxd_build.sh | ||
make-a-dev-box.sh | ||
make-a-microstack.sh | ||
multipass_build.sh | ||
update_path.py |