This website requires JavaScript.
Explore
Get Started
openstack
/
kolla-ansible
Code
Issues
Proposed changes
2b662cfb12
Branches
Tags
View all branches
kolla-ansible
/
ansible
/
certificates.yml
6 lines
83 B
YAML
Raw
Normal View
History
Unescape
Escape
Add Ansible scripts to generate TLS certificates for testing Working towards the blueprint that will add TLS protection for the external endpoints, kolla needs certificates. When kolla deploys OpenStack, the external VIP will need a server side certifcate. Clients that access those endpoints will need the public CA certificate that signed that certificate. This ansible script will create these two certificates to make it easy to use TLS in a test environment. The generated certificate files are: /etc/kolla/certificates/haproxy.pem (server side certificate) /etc/kolla/certificates/haproxy-ca.pem (CA certificate) The generated certificates are not suitable for use in a production environment, but will be useful for testing and verifying operations. Partially-implements: blueprint ssl-kolla Change-Id: I208777f9e5eee3bfb06810c7b18a2727beda234d
2016-02-20 14:54:41 -05:00
---
Give plays in the playbooks a name Change-Id: I44c2668a8ebb6dd3201a6eb4e47284871380e6d7
2016-11-30 16:23:36 +01:00
-
name
:
Apply role certificates
Make the certificates role just run on deploy node when run command "kolla-ansible -i multinode certificates", the certificates file will generated in all nodes, it is unnecessary, this ps to make it in deploy node. Change-Id: I3e98ab498eeec3e6b8f170dd29c95f7ff9dbd6c0
2018-03-19 14:40:32 +08:00
hosts
:
localhost
Add Ansible scripts to generate TLS certificates for testing Working towards the blueprint that will add TLS protection for the external endpoints, kolla needs certificates. When kolla deploys OpenStack, the external VIP will need a server side certifcate. Clients that access those endpoints will need the public CA certificate that signed that certificate. This ansible script will create these two certificates to make it easy to use TLS in a test environment. The generated certificate files are: /etc/kolla/certificates/haproxy.pem (server side certificate) /etc/kolla/certificates/haproxy-ca.pem (CA certificate) The generated certificates are not suitable for use in a production environment, but will be useful for testing and verifying operations. Partially-implements: blueprint ssl-kolla Change-Id: I208777f9e5eee3bfb06810c7b18a2727beda234d
2016-02-20 14:54:41 -05:00
roles
:
-
certificates
Copy Permalink
