Add cacert to clouds.yaml
We need to add the cacert for both undercloud and overclud in clouds.yaml Closes-Bug: #1878540 Depends-On: https://review.opendev.org/728358 Change-Id: I1f209bcae7707af2c8653ad21f69097f81ec6947
This commit is contained in:
parent
0f7cca3e1b
commit
42cfbbc8bf
|
@ -52,6 +52,26 @@ parameters:
|
|||
default: 'fernet'
|
||||
constraints:
|
||||
- allowed_values: ['fernet']
|
||||
SSLCertificate:
|
||||
default: ''
|
||||
description: >
|
||||
The content of the SSL certificate (without Key) in PEM format.
|
||||
type: string
|
||||
PublicSSLCertificateAutogenerated:
|
||||
default: false
|
||||
description: >
|
||||
Whether the public SSL certificate was autogenerated or not.
|
||||
type: boolean
|
||||
EnablePublicTLS:
|
||||
default: true
|
||||
description: >
|
||||
Whether to enable TLS on the public interface or not.
|
||||
type: boolean
|
||||
InternalTLSCAFile:
|
||||
default: '/etc/ipa/ca.crt'
|
||||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
|
@ -318,6 +338,17 @@ resources:
|
|||
|
||||
conditions:
|
||||
|
||||
public_tls_enabled:
|
||||
and:
|
||||
- {get_param: EnablePublicTLS}
|
||||
- or:
|
||||
- not:
|
||||
equals:
|
||||
- {get_param: SSLCertificate}
|
||||
- ""
|
||||
- equals:
|
||||
- {get_param: PublicSSLCertificateAutogenerated}
|
||||
- true
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]}
|
||||
keystone_ldap_domain_enabled: {equals: [{get_param: KeystoneLDAPDomainEnable}, True]}
|
||||
|
@ -720,6 +751,11 @@ outputs:
|
|||
project_name: admin
|
||||
user_domain_name: Default
|
||||
username: admin
|
||||
cacert:
|
||||
if:
|
||||
- public_tls_enabled
|
||||
- {get_param: InternalTLSCAFile}
|
||||
- ''
|
||||
identity_api_version: '3'
|
||||
region_name: {get_param: KeystoneRegion}
|
||||
- name: Manage Keystone resources
|
||||
|
|
Loading…
Reference in New Issue