a1da18aed6
Fixes for etcd's certmonger cert and key generation:
- Do not chown the cert and key files generated on the host. In addition
to the fact that "etcd" is not a valid user|grep name on the host, an
ACL must be used to allow other services (such as cinder) to access
the files. That ACL will be handled at the THT layer.
- New $dnsnames parameter supports adding a list of subject alternative
name (SAN) to the cert.
- Remove obsolete default $postsave_cmd (see comment in the code), but
make it a parameter so it can be overridden if necessary.
The cinder-volume service uses etcd when cinder is configured for
active/active mode. When internal TLS is enabled, the backend_url must
include references to etcd's cert and key files.
Partial-Bug: #1869955
Change-Id: Ifa7452ec15b81f48d7e5fb1252f20b5af1dff95c
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| acceptance/nodesets | ||
| classes | ||
| defines | ||
| fixtures | ||
| functions | ||
| unit | ||
| shared_examples.rb | ||
| spec_helper.rb | ||
| spec_helper_acceptance.rb | ||