From 14c4417e425f832660bd54118112fc991564b38d Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Tue, 3 Nov 2015 15:27:28 +0200
Subject: Enable trust anchor injection

This commit enables the injection of a trust anchor or root
certificate into every node in the overcloud. This is in case that the
TLS certificates for the controllers are signed with a self-signed CA
or if the deployer would like to inject a relevant root certificate
for other purposes. In this case the other nodes might need to have
the root certificate in their trust chain in order to do proper
validation

Change-Id: Ia45180fe0bb979cf12d19f039dbfd22e26fb4856
---
 environments/inject-trust-anchor.yaml | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 environments/inject-trust-anchor.yaml

(limited to 'environments')

diff --git a/environments/inject-trust-anchor.yaml b/environments/inject-trust-anchor.yaml
new file mode 100644
index 00000000..3ecb0d27
--- /dev/null
+++ b/environments/inject-trust-anchor.yaml
@@ -0,0 +1,6 @@
+parameter_defaults:
+  SSLRootCertificate: |
+    The contents of your root CA certificate go here
+
+resource_registry:
+  OS::TripleO::NodeTLSCAData: ../puppet/extraconfig/tls/ca-inject.yaml
-- 
cgit 1.2.3-korg