8d426d42e8
The ssl-ca element assumes a DISTRO_NAME variable is available in os-refresh-config scripts. This fails with: ../configure.d/51-ssl-load-ca-certs: DISTRO_NAME: unbound variable Change-Id: Ic7f8d3b108848928bed1b4875927f03eb8b8d342 |
||
---|---|---|
.. | ||
os-apply-config/etc/ssl | ||
os-refresh-config/configure.d | ||
README.md |
README.md
Install and trust a CA at the operating system level, making it available for use by OpenStack services and other network clients authenticating SSL-secured connections.
Configuration
ssl:
ca_certificate: certdata
The CA certificate will be written to /etc/ssl/from-heat-ca.crt and installed using update-ca-certificates (apt-based distros) or update-ca-trusts (yum-based distros).
This may be used in conjunction with openstack-ssl to enable SSL-secure connections between OpenStack services, or independently to enable secure integration with external resources such as Keystone -> LDAP server or Cinder -> external backend.
If multiple CA certificates are to be trusted, they should be concatenated in PEM format within the single ca_certificate property defining the trust store.