diff options
author | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2015-11-03 15:27:28 +0200 |
---|---|---|
committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2015-11-25 15:16:08 +0200 |
commit | 14c4417e425f832660bd54118112fc991564b38d (patch) | |
tree | 41e257f24633dc26ee674a5300da659f96ebda56 /puppet/ceph-storage.yaml | |
parent | 97b12afbadeadac0be348b7cc263b090f6e6f0b8 (diff) |
Enable trust anchor injection
This commit enables the injection of a trust anchor or root
certificate into every node in the overcloud. This is in case that the
TLS certificates for the controllers are signed with a self-signed CA
or if the deployer would like to inject a relevant root certificate
for other purposes. In this case the other nodes might need to have
the root certificate in their trust chain in order to do proper
validation
Change-Id: Ia45180fe0bb979cf12d19f039dbfd22e26fb4856
Diffstat (limited to 'puppet/ceph-storage.yaml')
-rw-r--r-- | puppet/ceph-storage.yaml | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index 0bf0fde4..7d36b46c 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -176,6 +176,13 @@ resources: ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} ceph::profile::params::public_network: {get_input: ceph_public_network} + # Resource for site-specific injection of root certificate + NodeTLSCAData: + depends_on: CephStorageDeployment + type: OS::TripleO::NodeTLSCAData + properties: + server: {get_resource: CephStorage} + # Hook for site-specific additional pre-deployment config, e.g extra hieradata CephStorageExtraConfigPre: depends_on: CephStorageDeployment @@ -186,7 +193,7 @@ resources: # Hook for site-specific additional pre-deployment config, # applying to all nodes, e.g node registration/unregistration NodeExtraConfig: - depends_on: CephStorageExtraConfigPre + depends_on: [CephStorageExtraConfigPre, NodeTLSCAData] type: OS::TripleO::NodeExtraConfig properties: server: {get_resource: CephStorage} @@ -227,5 +234,6 @@ outputs: list_join: - ',' - - {get_attr: [CephStorageDeployment, deploy_stdout]} + - {get_attr: [NodeTLSCAData, deploy_stdout]} - {get_attr: [CephStorageExtraConfigPre, deploy_stdout]} - {get_param: UpdateIdentifier} |