fbda283da8
Octavia is using certificate authorities to manage the amp communication but the built-in ansible certificate commands can't generate proper CA certificates (they omit the necessary X509 extensions) nor properly sign CSRs and reference the CA. The changes here replace the parts where ansible's certificate commands fall short with running the openssl command directly. To do so it sets up the necessary files, directories, and templates an openssl config file. Once ansible's certificate capabilities improve we can retire those commands. Also improve tests so we gate when this fails. Change-Id: Iaae462844d783bd6086ce6a2816ea01cafc14e6d |
||
|---|---|---|
| .. | ||
| group_vars | ||
| host_vars | ||
| ansible-role-requirements.yml | ||
| inventory | ||
| os_octavia-overrides.yml | ||
| test-configure-octavia.yml | ||
| test-install-octavia.yml | ||
| test-octavia.yml | ||
| test.yml | ||