Generate and use certificates for OSA

Instead of making OSA to generate self signed certs, bring our
own and pass them.
By this way we will be able to trust in that certs, and start
consuming OpenStack easily.

It will also generate proper openrc file to source it and start
consuming the cloud properly.

Change-Id: Ic72a8b05e6efb222926fc5fa0800e033b2dbd22f
Closes-Bug: RELENG-266
Signed-off-by: Yolanda Robla <yroblamo@redhat.com>

4 files changed, 45 insertions, 0 deletions

diff --git a/xci/file/ha/user_variables.yml b/xci/file/ha/user_variables.yml
index 58ba5679..8235f6f7 100644
--- a/xci/file/ha/user_variables.yml
+++ b/xci/file/ha/user_variables.yml
@@ -146,3 +146,17 @@ trove_wsgi_processes: 1
 ## Sahara
 sahara_api_workers_max: 2
 sahara_api_workers: 1
+
+openrc_os_auth_url: "https://192.168.122.220:5000/v3"
+keystone_auth_admin_password: "opnfv-secret-password"
+openrc_os_password: "opnfv-secret-password"
+openrc_os_domain_name: "Default"
+openrc_cinder_endpoint_type: "publicURL"
+openrc_nova_endpoint_type: "publicURL"
+openrc_os_endpoint_type: "publicURL"
+openrc_clouds_yml_interface: "public"
+openrc_region_name: RegionOne
+haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt"
+haproxy_user_ssl_key: "/etc/ssl/private/xci.key"
+keystone_service_adminuri_insecure: true
+keystone_service_internaluri_insecure: true
diff --git a/xci/file/install-ansible.sh b/xci/file/install-ansible.sh
index 67a49b39..16ff86c8 100644
--- a/xci/file/install-ansible.sh
+++ b/xci/file/install-ansible.sh
@@ -30,6 +30,7 @@ if [ -x '/usr/bin/zypper' ]; then
         [python-devel]=python-devel
         [venv]=python-virtualenv
         [wget]=wget
+        [openssl]=openssl
     )
     EXTRA_PKG_DEPS=( python-xml )
     # NOTE (cinerama): we can't install python without removing this package
@@ -50,6 +51,7 @@ elif [ -x '/usr/bin/apt-get' ]; then
               [python-devel]=libpython-dev
               [venv]=python-virtualenv
               [wget]=wget
+              [openssl]=openssl
             )
     EXTRA_PKG_DEPS=()
 elif [ -x '/usr/bin/dnf' ] || [ -x '/usr/bin/yum' ]; then
@@ -67,6 +69,7 @@ elif [ -x '/usr/bin/dnf' ] || [ -x '/usr/bin/yum' ]; then
         [python-devel]=python-devel
         [venv]=python-virtualenv
         [wget]=wget
+        [openssl]=openssl
     )
     EXTRA_PKG_DEPS=()
 else
diff --git a/xci/file/mini/user_variables.yml b/xci/file/mini/user_variables.yml
index fa8a38f3..0b8c6cd7 100644
--- a/xci/file/mini/user_variables.yml
+++ b/xci/file/mini/user_variables.yml
@@ -146,3 +146,17 @@ trove_wsgi_processes: 1
 ## Sahara
 sahara_api_workers_max: 2
 sahara_api_workers: 1
+
+openrc_os_auth_url: "https://192.168.122.3:5000/v3"
+keystone_auth_admin_password: "opnfv-secret-password"
+openrc_os_password: "opnfv-secret-password"
+openrc_os_domain_name: "Default"
+openrc_cinder_endpoint_type: "publicURL"
+openrc_nova_endpoint_type: "publicURL"
+openrc_os_endpoint_type: "publicURL"
+openrc_clouds_yml_interface: "public"
+openrc_region_name: RegionOne
+haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt"
+haproxy_user_ssl_key: "/etc/ssl/private/xci.key"
+keystone_service_adminuri_insecure: true
+keystone_service_internaluri_insecure: true
diff --git a/xci/file/noha/user_variables.yml b/xci/file/noha/user_variables.yml
index bdb2df09..72a8ab7d 100644
--- a/xci/file/noha/user_variables.yml
+++ b/xci/file/noha/user_variables.yml
@@ -146,3 +146,17 @@ trove_wsgi_processes: 1
 ## Sahara
 sahara_api_workers_max: 2
 sahara_api_workers: 1
+
+openrc_os_auth_url: "https://192.168.122.3:5000/v3"
+keystone_auth_admin_password: "opnfv-secret-password"
+openrc_os_password: "opnfv-secret-password"
+openrc_os_domain_name: "Default"
+openrc_cinder_endpoint_type: "publicURL"
+openrc_nova_endpoint_type: "publicURL"
+openrc_os_endpoint_type: "publicURL"
+openrc_clouds_yml_interface: "public"
+openrc_region_name: RegionOne
+haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt"
+haproxy_user_ssl_key: "/etc/ssl/private/xci.key"
+keystone_service_adminuri_insecure: true
+keystone_service_internaluri_insecure: true