openstack-ansible-os_octavia

History

German Eichberger fbda283da8 Adds the issuer to the CAs Octavia is using certificate authorities to manage the amp communication but the built-in ansible certificate commands can't generate proper CA certificates (they omit the necessary X509 extensions) nor properly sign CSRs and reference the CA. The changes here replace the parts where ansible's certificate commands fall short with running the openssl command directly. To do so it sets up the necessary files, directories, and templates an openssl config file. Once ansible's certificate capabilities improve we can retire those commands. Also improve tests so we gate when this fails. Change-Id: Iaae462844d783bd6086ce6a2816ea01cafc14e6d	2018-06-22 08:46:14 -07:00
..
main.yml	Adds the issuer to the CAs	2018-06-22 08:46:14 -07:00

German Eichberger fbda283da8 Adds the issuer to the CAs

Octavia is using certificate authorities to manage
the amp communication but the built-in ansible
certificate commands can't generate proper CA
certificates (they omit the necessary X509 extensions)
nor properly sign CSRs and reference the CA.

The changes here replace the parts where ansible's
certificate commands fall short with running the
openssl command directly. To do so it sets up
the necessary files, directories, and templates
an openssl config file.

Once ansible's certificate capabilities improve we
can retire those commands.

Also improve tests so we gate when this fails.

Change-Id: Iaae462844d783bd6086ce6a2816ea01cafc14e6d

2018-06-22 08:46:14 -07:00

main.yml

Adds the issuer to the CAs

2018-06-22 08:46:14 -07:00