aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/certmonger/httpd.pp
AgeCommit message (Collapse)AuthorFilesLines
2017-04-18Enable setting SubjectaltNames for haproxy and httpd certsJuan Antonio Osorio Robles1-1/+13
This enables setting the subjectAltNames for HAProxy and httpd certs. These will eventually replace the usage of many certs, to have instead just one that has several subjectAltNames. Change-Id: Icd152c8e0389b6a104381ba6ab4e0944e9828ba3
2017-04-11Ensure directory exists for certificates for httpdJuan Antonio Osorio Robles1-0/+1
We used to rely on a standard directory for the certificates and keys that are requested by certmonger. However, given the approach we plan to take for containers that's described in the blueprint, we need to use service-specific directories for the certs/keys, since we plan to bind-mount these into the containers, and we don't want to bind mount any keys/certs from other services. Thus, we start by creating this directories if they don't exist in the filesystem and adding the proper selinux labels. bp tls-via-certmonger-containers Change-Id: I0b71902358b754fa8bd7fdbb213479503c87aa46
2016-10-19Enable TLS in the internal network for keystoneJuan Antonio Osorio Robles1-0/+62
This optionally enables TLS for keystone in the internal network. If internal TLS is enabled, each node that is serving the keystone service will use certmonger to request its certificate. This, in turn should also configure a command that should be ran when the certificate is refreshed (which requires the service to be restarted). bp tls-via-certmonger Change-Id: I303f6cf47859284785c0cdc65284a7eb89a4e039