From 247794672a200d5385164adf59771cbcda7ba704 Mon Sep 17 00:00:00 2001 From: David Moreau Simard Date: Tue, 13 Mar 2018 18:21:22 -0400 Subject: [PATCH] Install the limestone cacert The endpoint SSL certificate for the new limestone provider is currently self-signed. We're going to trust it in the same way we did with infracloud by using the certificate itself for validation. Change-Id: I56cae339312d0bc8ad94c98f118c215f610a6b23 --- hiera/common.yaml | 24 ++++++++++++++++++++++++ manifests/site.pp | 8 ++++++++ 2 files changed, 32 insertions(+) diff --git a/hiera/common.yaml b/hiera/common.yaml index a0841e2508..b985d40354 100644 --- a/hiera/common.yaml +++ b/hiera/common.yaml @@ -612,6 +612,30 @@ infracloud_chocolate_ssl_cert_file_contents: | hSjXxXxM4KpXfGZQ8rdvB+TrladcBpRqsaFXN07BRU6OWZ59z6b1KFEV//XOkj8h osIiNUq7LRJe9znYYeHvQVcp8vQhxBsfgv7IFW89gntNCpq7YITCVQ== -----END CERTIFICATE----- +limestone_ssl_cert_file_contents: | + -----BEGIN CERTIFICATE----- + MIIDzTCCArWgAwIBAgIJAMjKv/sJrt0JMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV + BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEUMBIGA1UEBwwLU2FuIEFudG9uaW8xCzAJ + BgNVBAoMAklUMRowGAYDVQQDDBFvc2EuY29udGludW91cy5wdzEfMB0GA1UdEQwW + SVAuMT1vc2EuY29udGludW91cy5wdzAeFw0xODAzMDIxNTM1NDZaFw0yODAyMjgx + NTM1NDZaMH0xCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEUMBIGA1UEBwwL + U2FuIEFudG9uaW8xCzAJBgNVBAoMAklUMRowGAYDVQQDDBFvc2EuY29udGludW91 + cy5wdzEfMB0GA1UdEQwWSVAuMT1vc2EuY29udGludW91cy5wdzCCASIwDQYJKoZI + hvcNAQEBBQADggEPADCCAQoCggEBANjzeNQOfZPLWEYXcyn4htcjli6QCT8FKU8I + edvaPDEjefcdBmD2f49bc8RRqbB8cje/B6vAAeBfXoQKoh5HQ/rec1S2aSQsYObl + ecaQTYKVVVUsAhbsmLf39rpqIhmKKA+qZCAJPsdtUQ2fTfwNnF2+9XhZ40LsZDse + cCCtwM3sKq5OymZ1JsHKMp1FEJINDAiV1aekmNjoaOeCCbuEgKKiniGJ7iVp18x8 + 80tGUwFq2gXrlmzYQntA80vN9MtWgnkn5KACVvE3vLpzPyKRsn5htsedmccNWGa5 + eQHgAIoaP1AI57ryZHOFQxebWCWanxm19RdekyhTeqsGSso70b8CAwEAAaNQME4w + HQYDVR0OBBYEFHHOdo0iyJbl15Q3/61oYMMAGLH1MB8GA1UdIwQYMBaAFHHOdo0i + yJbl15Q3/61oYMMAGLH1MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB + AAFh2mLQmGePooS/OoDNfeTORVSmq3u+l/F+5XGSSXjujY3tkl8AvXhvwVRKYFkE + y8viOR8yTvT6kyA7jQ2Fe2g0CVK+TyxpFiXQgCxISN9zAM/E2mGiM4FXqkrkl6vs + XacpMa7FAr1ZCp//rWT8NDPPMdq1L5BO4BEpE1tseaJSRv8SWztLpQZUic4YgvN2 + HKnG4qpuA90nrDL30uB/dQxcVad4lG9f2vXYgbjg6QMyY1s4VVd3v9w+do8GLeia + ddlRJ6Pnmk26Kgs/0WoVVBNYVUrdo+Hk0k2BpO0/Yk+0+rz8wa+Ee4vAA3M4xT1p + NhQjSPoo+M+vDa6hxK8/Z/c= + -----END CERTIFICATE----- statusbot_auth_nicks: - jeblair - corvus diff --git a/manifests/site.pp b/manifests/site.pp index c88b4cdabb..939f4ea48f 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -189,6 +189,14 @@ node 'puppetmaster.openstack.org' { content => hiera('infracloud_chocolate_ssl_cert_file_contents'), require => Class['::openstack_project::puppetmaster'], } + file { '/etc/openstack/limestone_cacert.pem': + ensure => present, + owner => 'root', + group => 'root', + mode => '0444', + content => hiera('limestone_ssl_cert_file_contents'), + require => Class['::openstack_project::puppetmaster'], + } } # Node-OS: trusty