fd28087229
Working towards the blueprint that will add TLS protection for the external endpoints, kolla needs certificates. When kolla deploys OpenStack, the external VIP will need a server side certifcate. Clients that access those endpoints will need the public CA certificate that signed that certificate. This ansible script will create these two certificates to make it easy to use TLS in a test environment. The generated certificate files are: /etc/kolla/certificates/haproxy.pem (server side certificate) /etc/kolla/certificates/haproxy-ca.pem (CA certificate) The generated certificates are not suitable for use in a production environment, but will be useful for testing and verifying operations. Partially-implements: blueprint ssl-kolla Change-Id: I208777f9e5eee3bfb06810c7b18a2727beda234d
17 lines
325 B
Django/Jinja
17 lines
325 B
Django/Jinja
[req]
|
|
distinguished_name = req_distinguished_name
|
|
req_extensions = v3_req
|
|
|
|
[req_distinguished_name]
|
|
countryName = US
|
|
stateOrProvinceName = NC
|
|
localityName = RTP
|
|
organizationalUnitName = kolla
|
|
commonName = {{ kolla_external_address }}
|
|
|
|
[v3_req]
|
|
subjectAltName = @alt_names
|
|
|
|
[alt_names]
|
|
IP.1 = {{ kolla_external_vip_address }}
|