openstack
/
tripleo-image-elements
Code Issues Proposed changes
tripleo-image-elements/elements/ssl-ca
History
Kiall Mac Innes 8d426d42e8 Correct unbound variable in ssl-ca element 
The ssl-ca element assumes a DISTRO_NAME variable is available in
os-refresh-config scripts. This fails with:

    ../configure.d/51-ssl-load-ca-certs: DISTRO_NAME: unbound variable

Change-Id: Ic7f8d3b108848928bed1b4875927f03eb8b8d342
 		2015-01-09 18:25:30 +00:00
..
os-apply-config/etc/ssl ssl-ca: Allow CA certificate to be specified 2014-08-11 11:09:20 -07:00
os-refresh-config/configure.d Correct unbound variable in ssl-ca element 2015-01-09 18:25:30 +00:00
README.md Properly format markdown code blocks 2014-11-12 10:31:01 +09:00

README.md

Install and trust a CA at the operating system level, making it available for use by OpenStack services and other network clients authenticating SSL-secured connections.

Configuration

ssl:
  ca_certificate: certdata

The CA certificate will be written to /etc/ssl/from-heat-ca.crt and installed using update-ca-certificates (apt-based distros) or update-ca-trusts (yum-based distros).

This may be used in conjunction with openstack-ssl to enable SSL-secure connections between OpenStack services, or independently to enable secure integration with external resources such as Keystone -> LDAP server or Cinder -> external backend.

If multiple CA certificates are to be trusted, they should be concatenated in PEM format within the single ca_certificate property defining the trust store.