diff options
| author |   Markos Chandras <mchandras@suse.de> | 2018-09-14 16:33:11 +0100 |
|---|---|---|
| committer | Markos Chandras <mchandras@suse.de> | 2018-09-14 16:34:14 +0100 |
| commit | 3cf4e396fe8621afad624f3935ab69e9e082388f (patch) | |
| tree | 58d78307ef4481b41f96de86791619c2d0a39985 | |
| parent | 9bc4e51f59af4e6ab65e6e039a84e818fafb4aa0 (diff) | |
xci: Drop custom XCI certificates
OSM requires a CA even when we create a self-signed certificate. We
don't actually need to do that since HAproxy and friends can create the
whole chain for us, so we can finally get rid of this playbook.
installer-type:osa
deploy-scenario:os-nosdn-nofeature
Change-Id: I14a3adbe3492cd6c562c5167c42dd45756e8e3dd
Signed-off-by: Markos Chandras <mchandras@suse.de>
| -rwxr-xr-x | xci/config/env-vars | 2 | ||||
| -rw-r--r-- | xci/installer/kubespray/playbooks/configure-opnfvhost.yml | 3 | ||||
| -rw-r--r-- | xci/installer/kubespray/playbooks/configure-targethosts.yml | 2 | ||||
| -rw-r--r-- | xci/installer/osa/files/ha/user_variables.yml | 2 | ||||
| -rw-r--r-- | xci/installer/osa/files/mini/user_variables.yml | 2 | ||||
| -rw-r--r-- | xci/installer/osa/files/noha/user_variables.yml | 2 | ||||
| -rw-r--r-- | xci/installer/osa/playbooks/configure-opnfvhost.yml | 5 | ||||
| -rw-r--r-- | xci/playbooks/manage-ssl-certs.yml | 32 | ||||
| -rw-r--r-- | xci/playbooks/roles/prepare-tests/templates/run-yardstick.sh.j2 | 2 |
9 files changed, 1 insertions, 51 deletions
diff --git a/xci/config/env-vars b/xci/config/env-vars index e8472a0d..7ab7e2ba 100755 --- a/xci/config/env-vars +++ b/xci/config/env-vars @@ -52,8 +52,6 @@ export LOG_PATH=${LOG_PATH:-${XCI_PATH}/xci/logs} export XCI_ANSIBLE_PIP_VERSION="2.5.8" export ANSIBLE_HOST_KEY_CHECKING=False -# subject of the certificate -export XCI_SSL_SUBJECT=${XCI_SSL_SUBJECT:-"/C=US/ST=California/L=San Francisco/O=IT/CN=xci.releng.opnfv.org"} export DEPLOY_SCENARIO=${DEPLOY_SCENARIO:-"os-nosdn-nofeature"} # attempt to sync Ansible version used by Kubespray with the rest export XCI_KUBE_ANSIBLE_PIP_VERSION=$XCI_ANSIBLE_PIP_VERSION diff --git a/xci/installer/kubespray/playbooks/configure-opnfvhost.yml b/xci/installer/kubespray/playbooks/configure-opnfvhost.yml index 11866bd3..82ece961 100644 --- a/xci/installer/kubespray/playbooks/configure-opnfvhost.yml +++ b/xci/installer/kubespray/playbooks/configure-opnfvhost.yml @@ -100,9 +100,6 @@ - { name: 'netaddr' } - { name: 'ansible-modules-hashivault' } - - name: Configure SSL certificates - include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssl-certs.yml" - - name: fetch xci environment copy: src: "{{ xci_path }}/.cache/xci.env" diff --git a/xci/installer/kubespray/playbooks/configure-targethosts.yml b/xci/installer/kubespray/playbooks/configure-targethosts.yml index 7989bfb6..859460c6 100644 --- a/xci/installer/kubespray/playbooks/configure-targethosts.yml +++ b/xci/installer/kubespray/playbooks/configure-targethosts.yml @@ -37,6 +37,4 @@ when: xci_flavor == 'ha' - role: "haproxy_server" haproxy_service_configs: "{{ haproxy_default_services}}" - haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt" - haproxy_user_ssl_key: "/etc/ssl/private/xci.key" when: xci_flavor == 'ha' diff --git a/xci/installer/osa/files/ha/user_variables.yml b/xci/installer/osa/files/ha/user_variables.yml index abbe688e..8c2e9f0c 100644 --- a/xci/installer/osa/files/ha/user_variables.yml +++ b/xci/installer/osa/files/ha/user_variables.yml @@ -164,7 +164,5 @@ openrc_os_endpoint_type: "publicURL" openrc_clouds_yml_interface: "public" openrc_region_name: RegionOne openrc_insecure: true -haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt" -haproxy_user_ssl_key: "/etc/ssl/private/xci.key" keystone_service_adminuri_insecure: true keystone_service_internaluri_insecure: true diff --git a/xci/installer/osa/files/mini/user_variables.yml b/xci/installer/osa/files/mini/user_variables.yml index db956e38..b4d847bc 100644 --- a/xci/installer/osa/files/mini/user_variables.yml +++ b/xci/installer/osa/files/mini/user_variables.yml @@ -164,7 +164,5 @@ openrc_os_endpoint_type: "publicURL" openrc_clouds_yml_interface: "public" openrc_region_name: RegionOne openrc_insecure: true -haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt" -haproxy_user_ssl_key: "/etc/ssl/private/xci.key" keystone_service_adminuri_insecure: true keystone_service_internaluri_insecure: true diff --git a/xci/installer/osa/files/noha/user_variables.yml b/xci/installer/osa/files/noha/user_variables.yml index b9fd2e89..5e7ed83c 100644 --- a/xci/installer/osa/files/noha/user_variables.yml +++ b/xci/installer/osa/files/noha/user_variables.yml @@ -164,7 +164,5 @@ openrc_os_endpoint_type: "publicURL" openrc_clouds_yml_interface: "public" openrc_region_name: RegionOne openrc_insecure: true -haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt" -haproxy_user_ssl_key: "/etc/ssl/private/xci.key" keystone_service_adminuri_insecure: true keystone_service_internaluri_insecure: true diff --git a/xci/installer/osa/playbooks/configure-opnfvhost.yml b/xci/installer/osa/playbooks/configure-opnfvhost.yml index 994a2607..4fc966a3 100644 --- a/xci/installer/osa/playbooks/configure-opnfvhost.yml +++ b/xci/installer/osa/playbooks/configure-opnfvhost.yml @@ -175,11 +175,6 @@ chdir: "{{openstack_osa_path}}/scripts" changed_when: True - - name: Configure SSL certificates - include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssl-certs.yml" - vars: - extra_args: "-c https://raw.githubusercontent.com/openstack/requirements/{{ requirements_git_install_branch }}/upper-constraints.txt" - - name: fetch xci environment copy: src: "{{ xci_path }}/.cache/xci.env" diff --git a/xci/playbooks/manage-ssl-certs.yml b/xci/playbooks/manage-ssl-certs.yml deleted file mode 100644 index d0c5c518..00000000 --- a/xci/playbooks/manage-ssl-certs.yml +++ /dev/null @@ -1,32 +0,0 @@ -# SPDX-license-identifier: Apache-2.0 -############################################################################## -# Copyright (c) 2018 SUSE Linux GmbH and others. -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -- name: Install required pip packages for SSL - pip: - name: pyOpenSSL - state: present - extra_args: "{{ extra_args | default(omit) }}" - -- name: Generate XCI private key - openssl_privatekey: - path: /etc/ssl/private/xci.key - size: 2048 - -- name: Generate XCI certificate request - openssl_csr: - privatekey_path: /etc/ssl/private/xci.key - path: /etc/ssl/private/xci.csr - common_name: "{{ xci_ssl_subject }}" - -- name: Generate XCI self signed certificate - openssl_certificate: - path: /etc/ssl/certs/xci.crt - privatekey_path: /etc/ssl/private/xci.key - csr_path: /etc/ssl/private/xci.csr - provider: selfsigned - selfsigned_not_after: 20800101000000Z diff --git a/xci/playbooks/roles/prepare-tests/templates/run-yardstick.sh.j2 b/xci/playbooks/roles/prepare-tests/templates/run-yardstick.sh.j2 index 1cb43be2..6a7fd8be 100644 --- a/xci/playbooks/roles/prepare-tests/templates/run-yardstick.sh.j2 +++ b/xci/playbooks/roles/prepare-tests/templates/run-yardstick.sh.j2 @@ -22,7 +22,7 @@ DEPLOY_SCENARIO="k8-nosdn-nofeature-noha" rc_file_vol="-v /root/admin.conf:/etc/yardstick/admin.conf" {% endif %} -OS_CACERT="/etc/ssl/certs/xci.crt" +OS_CACERT="/etc/ssl/certs/haproxy.cert" DOCKER_IMAGE_NAME="opnfv/yardstick" YARDSTICK_SCENARIO_SUITE_NAME="opnfv_${DEPLOY_SCENARIO}_daily.yaml" |