Allow Kayobe to set kolla_external_fqdn_cacert

This variable can be used to customize the CA certificate file used as
the OS_CACERT environment variable in openrc files when TLS is enabled.

Change-Id: Ia157e91dfab176b84a53354065172cac2d60fb78
Story: 2004876
Task: 29150
This commit is contained in:
Pierre Riteau 2019-01-28 18:45:53 +00:00
parent 9db9c413d4
commit 9156fa0e2d
5 changed files with 16 additions and 0 deletions

View File

@ -402,3 +402,7 @@ kolla_ansible_custom_passwords: "{{ kolla_ansible_default_custom_passwords }}"
# #
# Note that this should be formatted as a literal style block scalar. # Note that this should be formatted as a literal style block scalar.
kolla_tls_cert: kolla_tls_cert:
# Path to a CA certificate file to use for the OS_CACERT environment variable in
# openrc files when TLS is enabled, instead of Kolla-Ansible's default.
kolla_external_fqdn_cacert:

View File

@ -197,6 +197,7 @@ kolla_neutron_ml2_tenant_network_types: []
# allow clients to perform authentication. # allow clients to perform authentication.
kolla_enable_tls_external: kolla_enable_tls_external:
kolla_external_fqdn_cert: kolla_external_fqdn_cert:
kolla_external_fqdn_cacert:
############################# #############################
# Ironic options # Ironic options

View File

@ -128,6 +128,7 @@ neutron_tenant_network_types: {{ kolla_neutron_ml2_tenant_network_types | join('
# allow clients to perform authentication. # allow clients to perform authentication.
kolla_enable_tls_external: {{ kolla_enable_tls_external | bool }} kolla_enable_tls_external: {{ kolla_enable_tls_external | bool }}
kolla_external_fqdn_cert: "{{ kolla_external_fqdn_cert }}" kolla_external_fqdn_cert: "{{ kolla_external_fqdn_cert }}"
kolla_external_fqdn_cacert: "{{ kolla_external_fqdn_cacert }}"
############## ##############

View File

@ -260,6 +260,10 @@
# Note that this should be formatted as a literal style block scalar. # Note that this should be formatted as a literal style block scalar.
#kolla_tls_cert: #kolla_tls_cert:
# Path to a CA certificate file to use for the OS_CACERT environment variable in
# openrc files when TLS is enabled, instead of Kolla-Ansible's default.
#kolla_external_fqdn_cacert:
############################################################################### ###############################################################################
# Dummy variable to allow Ansible to accept this file. # Dummy variable to allow Ansible to accept this file.
workaround_ansible_issue_8743: yes workaround_ansible_issue_8743: yes

View File

@ -0,0 +1,6 @@
---
features:
- |
Adds support for setting the `kolla_external_fqdn_cacert` variable which
allows customizing the CA certificate file to be used as the OS_CACERT
environment variable in openrc files when TLS is enabled.