Merge "Add nova_libvirt_live_migration_inbound_addr to compute SAN"
This commit is contained in:
commit
f372c88a09
|
@ -618,17 +618,19 @@ nova_pki_intermediate_chain_path: >-
|
||||||
{{ nova_pki_dir ~ '/roots/' ~ nova_pki_intermediate_cert_name ~ '/certs/' ~ nova_pki_intermediate_cert_name ~ '-chain.crt' }}
|
{{ nova_pki_dir ~ '/roots/' ~ nova_pki_intermediate_cert_name ~ '/certs/' ~ nova_pki_intermediate_cert_name ~ '-chain.crt' }}
|
||||||
nova_pki_regen_cert: ''
|
nova_pki_regen_cert: ''
|
||||||
nova_pki_san: "{{ openstack_pki_san | default('DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ management_address) }}"
|
nova_pki_san: "{{ openstack_pki_san | default('DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ management_address) }}"
|
||||||
|
nova_pki_compute_san: >-
|
||||||
|
{{
|
||||||
|
'DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['nodename'] ~ ',IP:' ~ (nova_management_address == 'localhost') | ternary(
|
||||||
|
'127.0.0.1', nova_management_address) ~ (nova_libvirt_live_migration_inbound_addr != nova_management_address) |ternary(
|
||||||
|
',IP:' ~ nova_libvirt_live_migration_inbound_addr, '')
|
||||||
|
}}
|
||||||
# Create client and server cert for compute hosts
|
# Create client and server cert for compute hosts
|
||||||
# This certiticate is used to secure TLS live migrations and VNC sessions
|
# This certiticate is used to secure TLS live migrations and VNC sessions
|
||||||
nova_pki_compute_certificates:
|
nova_pki_compute_certificates:
|
||||||
- name: "nova_{{ ansible_facts['hostname'] }}"
|
- name: "nova_{{ ansible_facts['hostname'] }}"
|
||||||
provider: ownca
|
provider: ownca
|
||||||
cn: "{{ ansible_facts['nodename'] }}"
|
cn: "{{ ansible_facts['nodename'] }}"
|
||||||
san: >-
|
san: "{{ nova_pki_compute_san }}"
|
||||||
{{
|
|
||||||
'DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['nodename'] ~ ',IP:' ~ (nova_management_address == 'localhost') | ternary(
|
|
||||||
'127.0.0.1', nova_management_address)
|
|
||||||
}}
|
|
||||||
signed_by: "{{ nova_pki_intermediate_cert_name }}"
|
signed_by: "{{ nova_pki_intermediate_cert_name }}"
|
||||||
key_usage:
|
key_usage:
|
||||||
- digitalSignature
|
- digitalSignature
|
||||||
|
@ -721,11 +723,7 @@ nova_pki_console_certificates:
|
||||||
- name: "nova_{{ ansible_facts['hostname'] }}-client"
|
- name: "nova_{{ ansible_facts['hostname'] }}-client"
|
||||||
provider: ownca
|
provider: ownca
|
||||||
cn: "{{ ansible_facts['nodename'] }}"
|
cn: "{{ ansible_facts['nodename'] }}"
|
||||||
san: >-
|
san: "{{ nova_pki_compute_san }}"
|
||||||
{{
|
|
||||||
'DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['nodename'] ~ ',IP:' ~ (nova_management_address == 'localhost') | ternary(
|
|
||||||
'127.0.0.1', nova_management_address)
|
|
||||||
}}
|
|
||||||
signed_by: "{{ nova_pki_intermediate_cert_name }}"
|
signed_by: "{{ nova_pki_intermediate_cert_name }}"
|
||||||
key_usage:
|
key_usage:
|
||||||
- digitalSignature
|
- digitalSignature
|
||||||
|
|
Loading…
Reference in New Issue