From f115403984f6c6cfa15ed10e4d8ea4c167e6e9ca Mon Sep 17 00:00:00 2001
From: Stuart McLaren <stuart.mclaren@hp.com>
Date: Thu, 3 Apr 2014 16:30:24 +0000
Subject: ssl: Add support for a CA Certificate

Add SSLCACertificate to the overcloud yaml.

This allows a CA certificate to be specified in cases where the Cert
does not come from a CA in the system bundle.

Partially implements: blueprint tripleo-ssl-overcloud

Full set of blueprint changes:

https://review.openstack.org/#/c/85098
https://review.openstack.org/#/c/85099
https://review.openstack.org/#/c/85100

Change-Id: I67d7c1362df323762023be5c74fbe75b1583570c
---
 ssl-source.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'ssl-source.yaml')

diff --git a/ssl-source.yaml b/ssl-source.yaml
index c3edbe75..1d6ac246 100644
--- a/ssl-source.yaml
+++ b/ssl-source.yaml
@@ -10,6 +10,10 @@ Parameters:
     Description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
     Type: String
     NoEcho: true
+  SSLCACertificate:
+    Default: ''
+    Description: If set, the contents of an SSL certificate authority file.
+    Type: String
 Resources:
   SSLConfig:
     Type: OS::Heat::StructuredConfig
@@ -21,6 +25,8 @@ Resources:
             get_input: ssl_certificate
           key:
             get_input: ssl_key
+          cacert:
+            get_input: ssl_ca_certificate
           ports:
            - name: 'ec2'
              accept: 13773
-- 
cgit 1.2.3-korg