summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarkos Chandras <mchandras@suse.de>2018-09-03 09:07:21 +0000
committerGerrit Code Review <gerrit@opnfv.org>2018-09-03 09:07:21 +0000
commitfb2cbfce4e9a1ea6e60aa2a361e02fdb189042a2 (patch)
tree0de5b2f5e2a82810dcff52709374530d8c117006
parenta8f65dd6f72e5ded2a652a892c43b47f16fb5610 (diff)
parentcc583f30f881ba956fb4f1402aa4dd1608b27da2 (diff)
Merge "Revert "xci: osa: Disable haproxy ssl configuration""
-rw-r--r--xci/installer/kubespray/playbooks/configure-opnfvhost.yml3
-rw-r--r--xci/installer/kubespray/playbooks/configure-targethosts.yml2
-rw-r--r--xci/installer/osa/files/ansible-role-requirements.yml3
-rw-r--r--xci/installer/osa/files/ha/user_variables.yml7
-rw-r--r--xci/installer/osa/files/mini/user_variables.yml7
-rw-r--r--xci/installer/osa/files/noha/user_variables.yml7
-rw-r--r--xci/installer/osa/playbooks/configure-opnfvhost.yml11
-rw-r--r--xci/playbooks/manage-ssl-certs.yml32
8 files changed, 8 insertions, 64 deletions
diff --git a/xci/installer/kubespray/playbooks/configure-opnfvhost.yml b/xci/installer/kubespray/playbooks/configure-opnfvhost.yml
index 00a8053f..36104b6c 100644
--- a/xci/installer/kubespray/playbooks/configure-opnfvhost.yml
+++ b/xci/installer/kubespray/playbooks/configure-opnfvhost.yml
@@ -83,9 +83,6 @@
- { name: 'netaddr' }
- { name: 'ansible-modules-hashivault' }
- - name: Configure SSL certificates
- include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssl-certs.yml"
-
- name: fetch xci environment
copy:
src: "{{ xci_path }}/.cache/xci.env"
diff --git a/xci/installer/kubespray/playbooks/configure-targethosts.yml b/xci/installer/kubespray/playbooks/configure-targethosts.yml
index 7989bfb6..859460c6 100644
--- a/xci/installer/kubespray/playbooks/configure-targethosts.yml
+++ b/xci/installer/kubespray/playbooks/configure-targethosts.yml
@@ -37,6 +37,4 @@
when: xci_flavor == 'ha'
- role: "haproxy_server"
haproxy_service_configs: "{{ haproxy_default_services}}"
- haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt"
- haproxy_user_ssl_key: "/etc/ssl/private/xci.key"
when: xci_flavor == 'ha'
diff --git a/xci/installer/osa/files/ansible-role-requirements.yml b/xci/installer/osa/files/ansible-role-requirements.yml
index 5905dc51..c958a2fc 100644
--- a/xci/installer/osa/files/ansible-role-requirements.yml
+++ b/xci/installer/osa/files/ansible-role-requirements.yml
@@ -64,7 +64,8 @@
- name: openstack_openrc
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc
- version: 33d59ddb00f27e9a2a3bb816621a55efd1b37ba7
+ version: 3b31242d4ecde28ac747dff83568f202112c79bf
+ refspec: refs/changes/78/598978/2
- name: os_aodh
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_aodh
diff --git a/xci/installer/osa/files/ha/user_variables.yml b/xci/installer/osa/files/ha/user_variables.yml
index c51a6e12..8c2e9f0c 100644
--- a/xci/installer/osa/files/ha/user_variables.yml
+++ b/xci/installer/osa/files/ha/user_variables.yml
@@ -154,7 +154,7 @@ trove_wsgi_processes: 1
sahara_api_workers_max: 2
sahara_api_workers: 1
-openrc_os_auth_url: "http://192.168.122.220:5000/v3"
+openrc_os_auth_url: "https://192.168.122.220:5000/v3"
keystone_auth_admin_password: "opnfv-secret-password"
openrc_os_password: "opnfv-secret-password"
openrc_os_domain_name: "Default"
@@ -163,9 +163,6 @@ openrc_nova_endpoint_type: "publicURL"
openrc_os_endpoint_type: "publicURL"
openrc_clouds_yml_interface: "public"
openrc_region_name: RegionOne
-haproxy_ssl: false
-openstack_service_publicuri_proto: http
-haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt"
-haproxy_user_ssl_key: "/etc/ssl/private/xci.key"
+openrc_insecure: true
keystone_service_adminuri_insecure: true
keystone_service_internaluri_insecure: true
diff --git a/xci/installer/osa/files/mini/user_variables.yml b/xci/installer/osa/files/mini/user_variables.yml
index ef56dd2c..b4d847bc 100644
--- a/xci/installer/osa/files/mini/user_variables.yml
+++ b/xci/installer/osa/files/mini/user_variables.yml
@@ -154,7 +154,7 @@ trove_wsgi_processes: 1
sahara_api_workers_max: 2
sahara_api_workers: 1
-openrc_os_auth_url: "http://192.168.122.3:5000/v3"
+openrc_os_auth_url: "https://192.168.122.3:5000/v3"
keystone_auth_admin_password: "opnfv-secret-password"
openrc_os_password: "opnfv-secret-password"
openrc_os_domain_name: "Default"
@@ -163,9 +163,6 @@ openrc_nova_endpoint_type: "publicURL"
openrc_os_endpoint_type: "publicURL"
openrc_clouds_yml_interface: "public"
openrc_region_name: RegionOne
-haproxy_ssl: false
-openstack_service_publicuri_proto: http
-haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt"
-haproxy_user_ssl_key: "/etc/ssl/private/xci.key"
+openrc_insecure: true
keystone_service_adminuri_insecure: true
keystone_service_internaluri_insecure: true
diff --git a/xci/installer/osa/files/noha/user_variables.yml b/xci/installer/osa/files/noha/user_variables.yml
index 4e578819..5e7ed83c 100644
--- a/xci/installer/osa/files/noha/user_variables.yml
+++ b/xci/installer/osa/files/noha/user_variables.yml
@@ -154,7 +154,7 @@ trove_wsgi_processes: 1
sahara_api_workers_max: 2
sahara_api_workers: 1
-openrc_os_auth_url: "http://192.168.122.3:5000/v3"
+openrc_os_auth_url: "https://192.168.122.3:5000/v3"
keystone_auth_admin_password: "opnfv-secret-password"
openrc_os_password: "opnfv-secret-password"
openrc_os_domain_name: "Default"
@@ -163,9 +163,6 @@ openrc_nova_endpoint_type: "publicURL"
openrc_os_endpoint_type: "publicURL"
openrc_clouds_yml_interface: "public"
openrc_region_name: RegionOne
-haproxy_ssl: false
-openstack_service_publicuri_proto: http
-haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt"
-haproxy_user_ssl_key: "/etc/ssl/private/xci.key"
+openrc_insecure: true
keystone_service_adminuri_insecure: true
keystone_service_internaluri_insecure: true
diff --git a/xci/installer/osa/playbooks/configure-opnfvhost.yml b/xci/installer/osa/playbooks/configure-opnfvhost.yml
index c92abd97..b3b798d2 100644
--- a/xci/installer/osa/playbooks/configure-opnfvhost.yml
+++ b/xci/installer/osa/playbooks/configure-opnfvhost.yml
@@ -158,11 +158,6 @@
chdir: "{{openstack_osa_path}}/scripts"
changed_when: True
- - name: Configure SSL certificates
- include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssl-certs.yml"
- vars:
- extra_args: "-c https://raw.githubusercontent.com/openstack/requirements/{{ requirements_git_install_branch }}/upper-constraints.txt"
-
- name: fetch xci environment
copy:
src: "{{ xci_path }}/.cache/xci.env"
@@ -176,12 +171,6 @@
include_role:
name: "openstack-ansible-openstack_openrc"
- - name: add extra insecure flag to generated openrc
- blockinfile:
- dest: "{{ ansible_env.HOME }}/openrc"
- block: |
- export OS_INSECURE=true
-
- name: fetch generated openrc
fetch:
src: "{{ ansible_env.HOME }}/openrc"
diff --git a/xci/playbooks/manage-ssl-certs.yml b/xci/playbooks/manage-ssl-certs.yml
deleted file mode 100644
index d0c5c518..00000000
--- a/xci/playbooks/manage-ssl-certs.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-# SPDX-license-identifier: Apache-2.0
-##############################################################################
-# Copyright (c) 2018 SUSE Linux GmbH and others.
-# All rights reserved. This program and the accompanying materials
-# are made available under the terms of the Apache License, Version 2.0
-# which accompanies this distribution, and is available at
-# http://www.apache.org/licenses/LICENSE-2.0
-##############################################################################
-- name: Install required pip packages for SSL
- pip:
- name: pyOpenSSL
- state: present
- extra_args: "{{ extra_args | default(omit) }}"
-
-- name: Generate XCI private key
- openssl_privatekey:
- path: /etc/ssl/private/xci.key
- size: 2048
-
-- name: Generate XCI certificate request
- openssl_csr:
- privatekey_path: /etc/ssl/private/xci.key
- path: /etc/ssl/private/xci.csr
- common_name: "{{ xci_ssl_subject }}"
-
-- name: Generate XCI self signed certificate
- openssl_certificate:
- path: /etc/ssl/certs/xci.crt
- privatekey_path: /etc/ssl/private/xci.key
- csr_path: /etc/ssl/private/xci.csr
- provider: selfsigned
- selfsigned_not_after: 20800101000000Z