instack-undercloud is no longer in use by the TripleO project. Removing
the code to avoid confusion. Stable branches will continue to be
maintained for their life however no new features should be added.
Change-Id: I63a813c7c1ffd30ca30017133d31a497b77a9a4d
Blueprint: remove-instack-undercloud
This was needed because puppet-certmonger didn't have the means to
request the appropriate EKU values manually (it relied on the defaults
per CA). This is no longer the case, so we can remove it.
Depends-On: Ie54d10fd4da45a73529a05e29aaa8eb19f986df3
Change-Id: I0eb466d7311e012d10fe03651c39dfd9a77bc517
Previously, certmonger tried to reload haproxy every time after a
certificate is requested. This is useful for certificate resubmits or
renewals. However, it turned out problematic on installation, when
haproxy is not yet active, as it would try many times and end up having
a race-condition with puppet.
This checks if haproxy is active and only then will it attempt to reload
it.
Closes-Bug: #1712377
Change-Id: I4edd42b888a0bbbb8eb0e71f5c17750bac46c2ce
Add EKUS, or Extended Key Usage parameters, of id-kp-clientAuth and
id-kp-serverAuth to the certificate that certmonge generates, which is
used by haproxy to proxy public-facing hosts. This is necessary due to
the criteria by which Firefox and related browsers validate which
required extensions are acceptable when interpreting a certificate.
Change-Id: Ideec7d23769e68ae1b738c0118ec061b195e3bd7
Closes-Bug: 1668775
This will enable us to use a real CA to request the service certificates.
bp tls-via-certmonger
Depends-On: I32ded4e33abffd51f220fb8a7dc6263aace72acd
Change-Id: I5009273110154f0327ad542d75e83ff67bf72613
Alex Schultz