diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-06-19 15:27:00 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-06-19 15:27:00 +0000 |
commit | 11a97ec7430118bbf4a11c87eceb3adec40ea4ac (patch) | |
tree | c6334a938c1764969fe2abc8f36ae69d2b6b8e28 /sample-env-generator/ssl.yaml | |
parent | 77eec6867a064e8764745375940cf085be958c2f (diff) | |
parent | 204a5820995dd694fcd58d61fc6cf34a8955da92 (diff) |
Merge "Add nested sample environments for inject-trust-anchor"
Diffstat (limited to 'sample-env-generator/ssl.yaml')
-rw-r--r-- | sample-env-generator/ssl.yaml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml index 2f379f30..6963e842 100644 --- a/sample-env-generator/ssl.yaml +++ b/sample-env-generator/ssl.yaml @@ -22,6 +22,39 @@ environments: The contents of the private key go here resource_registry: OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml + - name: ssl/inject-trust-anchor + title: Inject SSL Trust Anchor on Overcloud Nodes + description: | + When using an SSL certificate signed by a CA that is not in the default + list of CAs, this environment allows adding a custom CA certificate to + the overcloud nodes. + files: + puppet/extraconfig/tls/ca-inject.yaml: + parameters: + - SSLRootCertificate + sample_values: + SSLRootCertificate: |- + | + The contents of your certificate go here + resource_registry: + OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml + children: + - name: ssl/inject-trust-anchor-hiera + files: + puppet/services/ca-certs.yaml: + parameters: + - CAMap + # Need to clear this so we don't inherit the parent registry + resource_registry: {} + sample_values: + CAMap: |-2 + + first-ca-name: + content: | + The content of the CA cert goes here + second-ca-name: + content: | + The content of the CA cert goes here - name: ssl/tls-endpoints-public-ip title: Deploy Public SSL Endpoints as IP Addresses |