openstack/kolla-ansible
Code Issues Proposed changes
adbe115e39
kolla-ansible/releasenotes/notes/generate-internal-external-self-signed-certs-c631a9d934d31fac.yaml
James Kirsch d100904f2c Generate self signed TLS certificates 
Generate both internal and external self signed TLS certificates.
Duplicate the certificate if internal and external VIPs are the same.

Change-Id: I16b345c0b29ff13e042eed8798efe644e0ad2c74
Partially-Implements: blueprint custom-cacerts
2020-01-28 14:03:33 -08:00

24 lines
859 B
YAML
Raw Blame History

---
features:
- |
Generate self signed certificates for both the internal and external
(public) networks. If they are the same network, then the certificate
files will be the same.
upgrade:
- |
The default value for ``kolla_external_fqdn_cacert`` has been changed
from:
"{{ node_config }}/certificates/haproxy-ca.crt"
to:
"{{ node_config }}/certificates/ca/haproxy.crt"
and the default value for ``kolla_external_fqdn_cacert`` has been changed
from:
"{{ node_config }}/certificates/haproxy-ca-internal.crt"
to:
"{{ node_config }}/certificates/ca/haproxy-internal.crt"
These variables set the value for the ``OS_CACERT`` environment variable in
``admin-openrc.sh``. This has been done to allow these certificates to be
copied into containers when ``kolla_copy_ca_into_containers`` is true.
View Git Blame Copy Permalink