Support configuration of trusted CA certificate file
This commit adds the functionality for an operator to specify their own trusted CA certificate file for interacting with the Keystone API. Implements: blueprint support-trusted-ca-certificate-file Change-Id: I84f9897cc8e107658701fb309ec318c0f805883b
This commit is contained in:
parent
de2f7be981
commit
09e02ef8f1
@ -493,6 +493,10 @@ nova_console: "novnc"
|
||||
# Valid options are [ public, internal, admin ]
|
||||
openstack_interface: "admin"
|
||||
|
||||
# Openstack CA certificate bundle file
|
||||
# CA bundle file must be added to both the Horizon and Kolla Toolbox containers
|
||||
openstack_cacert: ""
|
||||
|
||||
# Enable core OpenStack services. This includes:
|
||||
# glance, keystone, neutron, nova, heat, and horizon.
|
||||
enable_openstack_core: "yes"
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_aodh_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ aodh_admin_endpoint }}'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_aodh_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_barbican_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ barbican_admin_endpoint }}'}
|
||||
@ -31,6 +32,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_barbican_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
||||
- name: Creating default barbican roles
|
||||
@ -41,6 +43,7 @@
|
||||
name: "{{ item }}"
|
||||
auth: "{{ openstack_barbican_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- "{{ barbican_keymanager_role }}"
|
||||
|
@ -48,6 +48,7 @@
|
||||
--os-password {{ keystone_admin_password }}
|
||||
--os-user-domain-name default
|
||||
--os-region-name {{ openstack_region_name }}
|
||||
{% if openstack_cacert != '' %}--os-cacert {{ openstack_cacert }}{% endif %}
|
||||
aggregate create {{ blazar_aggregate_pool_name }}
|
||||
register: blazar_host_aggregate
|
||||
changed_when: blazar_host_aggregate is success
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_blazar_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ blazar_admin_endpoint }}'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_blazar_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -11,6 +11,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_ceilometer_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
||||
- name: Associate the ResellerAdmin role and ceilometer user
|
||||
@ -24,5 +25,6 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_ceilometer_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
when: enable_swift | bool
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_ceph_rgw_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ swift_admin_endpoint }}'}
|
||||
@ -31,6 +32,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_ceph_rgw_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
||||
- name: Creating the ResellerAdmin role
|
||||
@ -42,4 +44,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_ceph_rgw_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -9,6 +9,7 @@
|
||||
size: 1
|
||||
display_name: kolla_test_volume
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
delegate_to: "{{ groups['cinder-api'][0] }}"
|
||||
when: kolla_enable_sanity_cinder | bool
|
||||
@ -22,6 +23,7 @@
|
||||
state: absent
|
||||
display_name: kolla_test_volume
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
delegate_to: "{{ groups['cinder-api'][0] }}"
|
||||
when: kolla_enable_sanity_cinder | bool
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_cinder_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ cinder_v2_admin_endpoint }}', 'service_name': 'cinderv2', 'service_type': 'volumev2'}
|
||||
@ -34,4 +35,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_cinder_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_cloudkitty_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ cloudkitty_admin_endpoint }}'}
|
||||
@ -31,6 +32,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_cloudkitty_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
||||
- name: Creating the rating role
|
||||
@ -41,4 +43,5 @@
|
||||
name: "{{ cloudkitty_openstack_keystone_default_role }}"
|
||||
auth: "{{ openstack_cloudkitty_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_congress_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ congress_admin_endpoint }}'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_congress_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_cyborg_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ cyborg_admin_endpoint }}'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_cyborg_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_designate_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ designate_admin_endpoint }}'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_designate_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_freezer_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ freezer_admin_endpoint }}'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_freezer_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -8,6 +8,7 @@
|
||||
name: "glance_sanity_check"
|
||||
filename: "/etc/hostname"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
delegate_to: "{{ groups['glance-api'][0] }}"
|
||||
run_once: True
|
||||
register: img_create
|
||||
@ -25,6 +26,7 @@
|
||||
name: "glance_sanity_check"
|
||||
state: absent
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
delegate_to: "{{ groups['glance-api'][0] }}"
|
||||
run_once: True
|
||||
when: kolla_enable_sanity_glance | bool
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_glance_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ glance_admin_endpoint }}'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_glance_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_gnocchi_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ gnocchi_admin_endpoint }}'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_gnocchi_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_heat_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ heat_admin_endpoint }}', 'service_name': 'heat', 'service_type': 'orchestration', 'description': 'Orchestration'}
|
||||
@ -34,6 +35,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_heat_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
||||
- name: Creating the heat_stack_user role
|
||||
@ -44,6 +46,7 @@
|
||||
name: "{{ heat_stack_user_role }}"
|
||||
auth: "{{ openstack_heat_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
||||
- name: Creating the heat_stack_owner role
|
||||
@ -54,6 +57,7 @@
|
||||
name: "{{ heat_stack_owner_role }}"
|
||||
auth: "{{ openstack_heat_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
||||
- name: Add the heat_stack_owner role to the admin project
|
||||
@ -67,4 +71,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_heat_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -247,7 +247,11 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "{{ keystone_default_user_role }}"
|
||||
#OPENSTACK_SSL_NO_VERIFY = True
|
||||
|
||||
# The CA certificate to use to verify SSL connections
|
||||
{% if openstack_cacert == "" %}
|
||||
#OPENSTACK_SSL_CACERT = '/path/to/cacert.pem'
|
||||
{% else %}
|
||||
OPENSTACK_SSL_CACERT = '{{ openstack_cacert }}'
|
||||
{% endif %}
|
||||
|
||||
# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
|
||||
# capabilities of the auth backend for Keystone.
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_ironic_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
when: inventory_hostname in groups['ironic-api']
|
||||
with_items:
|
||||
@ -32,6 +33,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_ironic_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
when: inventory_hostname in groups['ironic-api']
|
||||
|
||||
@ -49,6 +51,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_ironic_inspector_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
when: inventory_hostname in groups['ironic-inspector']
|
||||
with_items:
|
||||
@ -68,5 +71,6 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_ironic_inspector_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
when: inventory_hostname in groups['ironic-inspector']
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_karbor_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ karbor_admin_endpoint }}'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_karbor_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -6,6 +6,7 @@
|
||||
module_args:
|
||||
auth: "{{ openstack_keystone_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
delegate_to: "{{ groups['keystone'][0] }}"
|
||||
when: kolla_enable_sanity_keystone | bool
|
||||
|
@ -24,6 +24,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_keystone_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- { interface: admin, url: "{{ keystone_admin_url }}" }
|
||||
@ -38,4 +39,5 @@
|
||||
name: "{{ keystone_default_user_role }}"
|
||||
auth: "{{ openstack_keystone_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -11,4 +11,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_kuryr_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_magnum_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ magnum_admin_endpoint }}'}
|
||||
@ -31,6 +32,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_magnum_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
||||
- name: Creating Magnum trustee domain
|
||||
@ -42,6 +44,7 @@
|
||||
description: "Owns users and projects created by magnum"
|
||||
auth: "{{ openstack_magnum_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
register: trustee_domain
|
||||
run_once: True
|
||||
|
||||
@ -55,6 +58,7 @@
|
||||
password: "{{ magnum_keystone_password }}"
|
||||
auth: "{{ openstack_magnum_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
||||
- name: Creating Magnum trustee user role
|
||||
@ -67,4 +71,5 @@
|
||||
role: "admin"
|
||||
auth: "{{ openstack_magnum_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_manila_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ manila_admin_endpoint }}', 'service_name': 'manila', 'service_type': 'share'}
|
||||
@ -34,4 +35,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_manila_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_masakari_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ masakari_admin_endpoint }}'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_masakari_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_mistral_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ mistral_admin_endpoint }}'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_mistral_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ monasca_openstack_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ monasca_api_admin_endpoint }}'}
|
||||
@ -33,6 +34,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ monasca_openstack_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ monasca_log_api_admin_endpoint }}'}
|
||||
@ -51,6 +53,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ monasca_openstack_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
||||
- name: Creating monasca roles
|
||||
@ -62,6 +65,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ monasca_openstack_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- "{{ monasca_default_authorized_roles }}"
|
||||
@ -81,4 +85,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ monasca_openstack_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_murano_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ murano_admin_endpoint }}'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_murano_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_neutron_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ neutron_admin_endpoint }}'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_neutron_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -40,6 +40,7 @@
|
||||
--os-password {{ keystone_admin_password }}
|
||||
--os-user-domain-name {{ openstack_auth.domain_name }}
|
||||
--os-region-name {{ openstack_region_name }}
|
||||
{% if openstack_cacert != '' %}--os-cacert {{ openstack_cacert }}{% endif %}
|
||||
compute service list --format json --column Host --service nova-compute
|
||||
register: nova_compute_services
|
||||
changed_when: false
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_nova_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'name': 'nova_legacy', 'service_type': 'compute_legacy', 'interface': 'admin', 'url': '{{ nova_legacy_admin_endpoint }}', 'description': 'OpenStack Compute Service (Legacy 2.0)'}
|
||||
@ -34,4 +35,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_nova_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_octavia_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ octavia_admin_endpoint }}'}
|
||||
@ -31,6 +32,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_octavia_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
||||
- name: Adding octavia user into admin project
|
||||
@ -43,6 +45,7 @@
|
||||
project: admin
|
||||
auth: "{{ openstack_octavia_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
||||
- name: Adding octavia related roles
|
||||
@ -53,5 +56,6 @@
|
||||
name: "{{ item }}"
|
||||
auth: "{{ openstack_octavia_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items: "{{ octavia_required_roles }}"
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_panko_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ panko_admin_endpoint }}'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_panko_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_placement_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'name': 'placement', 'service_type': 'placement', 'interface': 'admin', 'url': '{{ placement_admin_endpoint }}', 'description': 'Placement Service'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_placement_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_qinling_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ qinling_admin_endpoint }}'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_qinling_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_sahara_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ sahara_admin_endpoint }}'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_sahara_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_searchlight_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ searchlight_admin_endpoint }}'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_searchlight_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_senlin_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ senlin_admin_endpoint }}'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_senlin_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_solum_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ solum_image_builder_admin_endpoint }}'}
|
||||
@ -33,6 +34,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_solum_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ solum_application_deployment_admin_endpoint }}'}
|
||||
@ -51,4 +53,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_solum_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -9,7 +9,8 @@
|
||||
password={{ swift_keystone_password }}
|
||||
role=admin
|
||||
region_name={{ openstack_region_name }}
|
||||
auth={{ '{{ openstack_swift_auth }}' }}"
|
||||
auth={{ '{{ openstack_swift_auth }}' }}
|
||||
{% if openstack_cacert != '' %}cacert={{ openstack_cacert }}{% endif %}"
|
||||
-e "{'openstack_swift_auth':{{ openstack_swift_auth }}}"
|
||||
register: swift_sanity
|
||||
changed_when: swift_sanity.stdout.find('localhost | SUCCESS => ') != -1 and (swift_sanity.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_swift_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ swift_admin_endpoint }}'}
|
||||
@ -31,6 +32,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_swift_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
||||
- name: Creating the ResellerAdmin role
|
||||
@ -42,4 +44,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_swift_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_tacker_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ tacker_admin_endpoint }}'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_tacker_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_trove_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ trove_admin_endpoint }}'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_trove_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_vitrage_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ vitrage_admin_endpoint }}'}
|
||||
@ -31,6 +32,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_vitrage_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
||||
- name: Adding vitrage user into admin project
|
||||
@ -43,4 +45,5 @@
|
||||
project: "admin"
|
||||
auth: "{{ openstack_vitrage_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_watcher_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ watcher_admin_endpoint }}'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_watcher_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
@ -13,6 +13,7 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_zun_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ zun_admin_endpoint }}'}
|
||||
@ -31,4 +32,5 @@
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_zun_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
run_once: True
|
||||
|
6
releasenotes/notes/trusted-cacert-3c7061e974b5187d.yaml
Normal file
6
releasenotes/notes/trusted-cacert-3c7061e974b5187d.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Add support for configuration of trusted CA certificate file.
|
||||
CA bundle file must be added to both the Horizon and Kolla Toolbox
|
||||
containers for this to work correctly.
|
Loading…
Reference in New Issue
Block a user