From 204a5820995dd694fcd58d61fc6cf34a8955da92 Mon Sep 17 00:00:00 2001 From: Ben Nemec Date: Tue, 16 May 2017 16:06:41 -0500 Subject: Add nested sample environments for inject-trust-anchor Fix a bug that prevented these working. A unit test and documentation for the nested environment functionality is also included. Change-Id: I2d4aeb584eb624178d601cfd6bc0a6473cb5289f --- environments/ssl/inject-trust-anchor-hiera.yaml | 22 ++++++++++++++++++++++ environments/ssl/inject-trust-anchor.yaml | 20 ++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 environments/ssl/inject-trust-anchor-hiera.yaml create mode 100644 environments/ssl/inject-trust-anchor.yaml (limited to 'environments/ssl') diff --git a/environments/ssl/inject-trust-anchor-hiera.yaml b/environments/ssl/inject-trust-anchor-hiera.yaml new file mode 100644 index 00000000..db3f2677 --- /dev/null +++ b/environments/ssl/inject-trust-anchor-hiera.yaml @@ -0,0 +1,22 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Inject SSL Trust Anchor on Overcloud Nodes +# description: | +# When using an SSL certificate signed by a CA that is not in the default +# list of CAs, this environment allows adding a custom CA certificate to +# the overcloud nodes. +parameter_defaults: + # Map containing the CA certs and information needed for deploying them. + # Type: json + CAMap: + first-ca-name: + content: | + The content of the CA cert goes here + second-ca-name: + content: | + The content of the CA cert goes here + diff --git a/environments/ssl/inject-trust-anchor.yaml b/environments/ssl/inject-trust-anchor.yaml new file mode 100644 index 00000000..521a4191 --- /dev/null +++ b/environments/ssl/inject-trust-anchor.yaml @@ -0,0 +1,20 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Inject SSL Trust Anchor on Overcloud Nodes +# description: | +# When using an SSL certificate signed by a CA that is not in the default +# list of CAs, this environment allows adding a custom CA certificate to +# the overcloud nodes. +parameter_defaults: + # The content of a CA's SSL certificate file in PEM format. This is evaluated on the client side. + # Mandatory. This parameter must be set by the user. + # Type: string + SSLRootCertificate: | + The contents of your certificate go here + +resource_registry: + OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml -- cgit 1.2.3-korg