diff options
author | Ben Nemec <bnemec@redhat.com> | 2017-05-16 16:06:41 -0500 |
---|---|---|
committer | Ben Nemec <bnemec@redhat.com> | 2017-06-12 15:02:50 -0500 |
commit | 204a5820995dd694fcd58d61fc6cf34a8955da92 (patch) | |
tree | 5eab4d0af9aeed49453d3c9fbd714ede882ed296 /sample-env-generator/ssl.yaml | |
parent | 8d086b171099f0a968f1fdd1b39706ec64a52f56 (diff) |
Add nested sample environments for inject-trust-anchor
Fix a bug that prevented these working. A unit test and
documentation for the nested environment functionality is also
included.
Change-Id: I2d4aeb584eb624178d601cfd6bc0a6473cb5289f
Diffstat (limited to 'sample-env-generator/ssl.yaml')
-rw-r--r-- | sample-env-generator/ssl.yaml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml index 2f379f30..6963e842 100644 --- a/sample-env-generator/ssl.yaml +++ b/sample-env-generator/ssl.yaml @@ -22,6 +22,39 @@ environments: The contents of the private key go here resource_registry: OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml + - name: ssl/inject-trust-anchor + title: Inject SSL Trust Anchor on Overcloud Nodes + description: | + When using an SSL certificate signed by a CA that is not in the default + list of CAs, this environment allows adding a custom CA certificate to + the overcloud nodes. + files: + puppet/extraconfig/tls/ca-inject.yaml: + parameters: + - SSLRootCertificate + sample_values: + SSLRootCertificate: |- + | + The contents of your certificate go here + resource_registry: + OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml + children: + - name: ssl/inject-trust-anchor-hiera + files: + puppet/services/ca-certs.yaml: + parameters: + - CAMap + # Need to clear this so we don't inherit the parent registry + resource_registry: {} + sample_values: + CAMap: |-2 + + first-ca-name: + content: | + The content of the CA cert goes here + second-ca-name: + content: | + The content of the CA cert goes here - name: ssl/tls-endpoints-public-ip title: Deploy Public SSL Endpoints as IP Addresses |