openstack
/
openstack-ansible-os_nova
Code Issues Proposed changes

Merge "Add nova_libvirt_live_migration_inbound_addr to compute SAN"

This commit is contained in:
Zuul 2023-10-26 09:58:24 +00:00 committed by Gerrit Code Review
parent 5b7678c503 155323fe68
commit f372c88a09
1 changed files with 8 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
defaults/main.yml
View File

@ -618,17 +618,19 @@ nova_pki_intermediate_chain_path: >-
{{ nova_pki_dir ~ '/roots/' ~ nova_pki_intermediate_cert_name ~ '/certs/' ~ nova_pki_intermediate_cert_name ~ '-chain.crt' }}
nova_pki_regen_cert: ''
nova_pki_san: "{{ openstack_pki_san | default('DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ management_address) }}"
nova_pki_compute_san: >-
{{
'DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['nodename'] ~ ',IP:' ~ (nova_management_address == 'localhost') | ternary(
'127.0.0.1', nova_management_address) ~ (nova_libvirt_live_migration_inbound_addr != nova_management_address) |ternary(
',IP:' ~ nova_libvirt_live_migration_inbound_addr, '')
}}
# Create client and server cert for compute hosts
# This certiticate is used to secure TLS live migrations and VNC sessions
nova_pki_compute_certificates:
- name: "nova_{{ ansible_facts['hostname'] }}"
provider: ownca
cn: "{{ ansible_facts['nodename'] }}"
san: >-
{{
'DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['nodename'] ~ ',IP:' ~ (nova_management_address == 'localhost') | ternary(
'127.0.0.1', nova_management_address)
}}
san: "{{ nova_pki_compute_san }}"
signed_by: "{{ nova_pki_intermediate_cert_name }}"
key_usage:
- digitalSignature
@ -721,11 +723,7 @@ nova_pki_console_certificates:
- name: "nova_{{ ansible_facts['hostname'] }}-client"
provider: ownca
cn: "{{ ansible_facts['nodename'] }}"
san: >-
{{
'DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['nodename'] ~ ',IP:' ~ (nova_management_address == 'localhost') | ternary(
'127.0.0.1', nova_management_address)
}}
san: "{{ nova_pki_compute_san }}"
signed_by: "{{ nova_pki_intermediate_cert_name }}"
key_usage:
- digitalSignature