Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Binary file tripleo/user_images/debian-wheezy-amd64-20140929-disk.img matches
- Binary file tripleo/user_images/debian-7.tar.xz matches
- tripleo/tripleo-heat-templates/swift-storage-server.yaml: ssl_certificate: {get_param: SSLCertificate}
- tripleo/tripleo-heat-templates/swift-storage-server.yaml: ssl_ca_certificate: {get_param: SSLCACertificate}
- tripleo/tripleo-heat-templates/swift-storage-server.yaml: ssl_certificate_location: {get_param: SSLCertificateLocation}
- tripleo/tripleo-heat-templates/undercloud-vm.yaml: EphemeralCaCert:
- tripleo/tripleo-heat-templates/undercloud-vm.yaml: description: Cert used by check_mk agent to call into the overcloud
- tripleo/tripleo-heat-templates/undercloud-vm.yaml: KeystoneCACertificate:
- tripleo/tripleo-heat-templates/undercloud-vm.yaml: description: Keystone self-signed certificate authority certificate.
- tripleo/tripleo-heat-templates/undercloud-vm.yaml: KeystoneSigningCertificate:
- tripleo/tripleo-heat-templates/undercloud-vm.yaml: description: Keystone certificate for verifying token validity.
- tripleo/tripleo-heat-templates/undercloud-vm.yaml: ca_certificate:
- tripleo/tripleo-heat-templates/undercloud-vm.yaml: get_param: KeystoneCACertificate
- tripleo/tripleo-heat-templates/undercloud-vm.yaml: signing_certificate:
- tripleo/tripleo-heat-templates/undercloud-vm.yaml: get_param: KeystoneSigningCertificate
- tripleo/tripleo-heat-templates/overcloud-source.yaml: description: The number of hours a cert issued by the ECA server is valid for
- tripleo/tripleo-heat-templates/overcloud-source.yaml: EphemeralCaCert:
- tripleo/tripleo-heat-templates/overcloud-source.yaml: description: The certificate the ECA server will use to in a CSR
- tripleo/tripleo-heat-templates/overcloud-source.yaml: description: The private key for the ECA server certificate
- tripleo/tripleo-heat-templates/overcloud-source.yaml: MysqlClusterCertificate:
- tripleo/tripleo-heat-templates/overcloud-source.yaml: description: The certificate used for MySQL Galera clustering.
- tripleo/tripleo-heat-templates/overcloud-source.yaml: description: Keystone certificate authority key. Remove this later (kerrin)
- tripleo/tripleo-heat-templates/overcloud-source.yaml: KeystoneCACertificate:
- tripleo/tripleo-heat-templates/overcloud-source.yaml: description: Keystone self-signed certificate authority certificate.
- tripleo/tripleo-heat-templates/overcloud-source.yaml: KeystoneSigningCertificate:
- tripleo/tripleo-heat-templates/overcloud-source.yaml: description: Keystone certificate for verifying token validity.
- tripleo/tripleo-heat-templates/overcloud-source.yaml: ca_certificate: {get_param: KeystoneCACertificate}
- tripleo/tripleo-heat-templates/overcloud-source.yaml: signing_certificate: {get_param: KeystoneSigningCertificate}
- tripleo/tripleo-heat-templates/overcloud-source.yaml: cluster_certificate: {get_param: MysqlClusterCertificate}
- tripleo/tripleo-heat-templates/overcloud-source.yaml: ca_cert_location: {get_param: SSLCACertificateLocation}
- tripleo/tripleo-heat-templates/overcloud-source.yaml: cert: { get_param: EphemeralCaCert }
- tripleo/tripleo-heat-templates/overcloud-source.yaml: ssl_certificate: {get_param: SSLCertificate}
- tripleo/tripleo-heat-templates/overcloud-source.yaml: ssl_ca_certificate: {get_param: SSLCACertificate}
- tripleo/tripleo-heat-templates/overcloud-source.yaml: ssl_certificate_location: {get_param: SSLCertificateLocation}
- tripleo/tripleo-heat-templates/ssl-source.yaml: SSLCertificate:
- tripleo/tripleo-heat-templates/ssl-source.yaml: description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
- tripleo/tripleo-heat-templates/ssl-source.yaml: description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
- tripleo/tripleo-heat-templates/ssl-source.yaml: SSLCertificateLocation:
- tripleo/tripleo-heat-templates/ssl-source.yaml: description: The location of an SSL certificate .crt file for encrypting SSL endpoints.
- tripleo/tripleo-heat-templates/ssl-source.yaml: description: The location of an SSL certificate .key file for encrypting SSL endpoints.
- tripleo/tripleo-heat-templates/ssl-source.yaml: SSLCACertificate:
- tripleo/tripleo-heat-templates/ssl-source.yaml: description: If set, the contents of an SSL certificate authority file.
- tripleo/tripleo-heat-templates/ssl-source.yaml: SSLCACertificateLocation:
- tripleo/tripleo-heat-templates/ssl-source.yaml: default: '/etc/ssl/certs/ca-certificates.crt'
- tripleo/tripleo-heat-templates/ssl-source.yaml: description: The location of the CA Certificate used for signing the SSL cert and key.
- tripleo/tripleo-heat-templates/ssl-source.yaml: ca_certificate:
- tripleo/tripleo-heat-templates/ssl-source.yaml: get_input: ssl_ca_certificate
- tripleo/tripleo-heat-templates/ssl-source.yaml: cert: {get_input: ssl_certificate}
- tripleo/tripleo-heat-templates/ssl-source.yaml: cacert: {get_input: ssl_ca_certificate}
- tripleo/tripleo-heat-templates/ssl-source.yaml: cert_location: {get_input: ssl_certificate_location}
- tripleo/tripleo-heat-templates/soswift-storage.yaml: ssl_certificate: {get_param: SSLCertificate}
- tripleo/tripleo-heat-templates/soswift-storage.yaml: ssl_ca_certificate: {get_param: SSLCACertificate}
- tripleo/tripleo-heat-templates/soswift-storage.yaml: ssl_certificate_location: {get_param: SSLCertificateLocation}
- tripleo/tripleo-heat-templates/undercloud-vm-ironic.yaml: EphemeralCaCert:
- tripleo/tripleo-heat-templates/undercloud-vm-ironic.yaml: description: Cert used by check_mk agent to call into the overcloud
- tripleo/tripleo-heat-templates/undercloud-vm-ironic.yaml: KeystoneCACertificate:
- tripleo/tripleo-heat-templates/undercloud-vm-ironic.yaml: description: Keystone self-signed certificate authority certificate.
- tripleo/tripleo-heat-templates/undercloud-vm-ironic.yaml: KeystoneSigningCertificate:
- tripleo/tripleo-heat-templates/undercloud-vm-ironic.yaml: description: Keystone certificate for verifying token validity.
- tripleo/tripleo-heat-templates/undercloud-vm-ironic.yaml: ca_certificate:
- tripleo/tripleo-heat-templates/undercloud-vm-ironic.yaml: get_param: KeystoneCACertificate
- tripleo/tripleo-heat-templates/undercloud-vm-ironic.yaml: signing_certificate:
- tripleo/tripleo-heat-templates/undercloud-vm-ironic.yaml: get_param: KeystoneSigningCertificate
- tripleo/tripleo-heat-templates/vsa-storage.yaml: ssl_certificate: {get_param: SSLCertificate}
- tripleo/tripleo-heat-templates/vsa-storage.yaml: ssl_ca_certificate: {get_param: SSLCACertificate}
- tripleo/tripleo-heat-templates/vsa-storage.yaml: ssl_certificate_location: {get_param: SSLCertificateLocation}
- tripleo/tripleo-heat-templates/vsa-storage.yaml: ssl_certificate: {get_param: SSLCertificate}
- tripleo/tripleo-heat-templates/vsa-storage.yaml: ssl_ca_certificate: {get_param: SSLCACertificate}
- tripleo/tripleo-heat-templates/vsa-storage.yaml: ssl_certificate_location: {get_param: SSLCertificateLocation}
- tripleo/tripleo-heat-templates/nova-compute-instance.yaml: ssl_certificate: {get_param: SSLCertificate}
- tripleo/tripleo-heat-templates/nova-compute-instance.yaml: ssl_ca_certificate: {get_param: SSLCACertificate}
- tripleo/tripleo-heat-templates/nova-compute-instance.yaml: ssl_certificate_location: {get_param: SSLCertificateLocation}
- tripleo/tripleo-heat-templates/soswift-proxy.yaml: ssl_certificate: {get_param: SSLCertificate}
- tripleo/tripleo-heat-templates/soswift-proxy.yaml: ssl_ca_certificate: {get_param: SSLCACertificate}
- tripleo/tripleo-heat-templates/soswift-proxy.yaml: ssl_certificate_location: {get_param: SSLCertificateLocation}
- tripleo/tripleo-heat-templates/undercloud-bm.yaml: EphemeralCaCert:
- tripleo/tripleo-heat-templates/undercloud-bm.yaml: description: Cert used by check_mk agent to call into the overcloud
- tripleo/tripleo-heat-templates/undercloud-bm.yaml: KeystoneCACertificate:
- tripleo/tripleo-heat-templates/undercloud-bm.yaml: description: Keystone self-signed certificate authority certificate.
- tripleo/tripleo-heat-templates/undercloud-bm.yaml: KeystoneSigningCertificate:
- tripleo/tripleo-heat-templates/undercloud-bm.yaml: description: Keystone certificate for verifying token validity.
- tripleo/tripleo-heat-templates/undercloud-bm.yaml: ca_certificate:
- tripleo/tripleo-heat-templates/undercloud-bm.yaml: get_param: KeystoneCACertificate
- tripleo/tripleo-heat-templates/undercloud-bm.yaml: signing_certificate:
- tripleo/tripleo-heat-templates/undercloud-bm.yaml: get_param: KeystoneSigningCertificate
- Binary file tripleo/images/overcloud-vsa-81.qcow2 matches
- Binary file tripleo/images/overcloud-esx-compute.qcow2 matches
- Binary file tripleo/images/undercloud-81.qcow2 matches
- Binary file tripleo/images/overcloud-compute-81.qcow2 matches
- Binary file tripleo/images/seed.qcow2 matches
- Binary file tripleo/images/overcloud-control-81.qcow2 matches
- tripleo/bin/load_ee_config.py: specs = [('ssl/ca_certs', 'OVERCLOUD_SSL_CA_CERT'),
- tripleo/bin/load_ee_config.py: ('ssl/cluster_backend/certificate', 'OVERCLOUD_CLUSTER_CERT'),
- tripleo/bin/load_ee_config.py: ('ssl/public_vip/certificate', 'OVERCLOUD_SSL_CERT')]
- tripleo/hp-ovsvapp/scripts/ovsvapp_autoprep:export CERT_CHECK="%s"
- tripleo/hp-ovsvapp/scripts/ovsvapp_autoprep:export CERT_PATH="%s"
- tripleo/hp-ovsvapp/scripts/ovsvapp_autoprep:sudo /bin/sed -i "s/^cert_check.*=.*/cert_check = ${CERT_CHECK}/" $NEUTRON_PLUGIN_FILE
- tripleo/hp-ovsvapp/scripts/ovsvapp_autoprep:sudo /bin/sed -i "s/^cert_path.*=.*/cert_path = ${CERT_PATH}/" $NEUTRON_PLUGIN_FILE
- tripleo/hp-ovsvapp/doc/OVSvApp_Installation_Documentation.txt:#Vcenter FQDN(Provide FQDN, only if your vcenter certificate is generated with FQDN)(*OPTIONAL)
- tripleo/hp-ovsvapp/doc/OVSvApp_Installation_Documentation.txt:cert_check=true_or_false
- tripleo/hp-ovsvapp/doc/OVSvApp_Installation_Documentation.txt:#Certificate Path. Must required if cert_check=True(*OPTIONAL)
- tripleo/hp-ovsvapp/doc/OVSvApp_Installation_Documentation.txt:cert_path=/path/to/vcenter/certificate
- tripleo/hp-ovsvapp/src/util/vapp_constants.py:# VCENTER CERTIFICATE location inside OVSVAPP
- tripleo/hp-ovsvapp/src/util/vapp_constants.py:VCENTER_CERTIFICATE = '/home/stack/Vcenter_Certificate.pem'
- tripleo/hp-ovsvapp/src/util/vapp_config_parser.py: inputs['cert_check'] = _str2bool(config.get('vmware', 'cert_check'))
- tripleo/hp-ovsvapp/src/util/vapp_config_parser.py: inputs['cert_path'] = config.get('vmware', 'cert_path')
- tripleo/hp-ovsvapp/src/util/validate_inputs.py: if (settings['cert_check'] and
- tripleo/hp-ovsvapp/src/util/validate_inputs.py: not os.path.isfile(settings['cert_path'])):
- tripleo/hp-ovsvapp/src/util/validate_inputs.py: raise Exception("Vcenter Certificate check is true but "
- tripleo/hp-ovsvapp/src/util/validate_inputs.py: "Vcenter Certificate path is either not provided "
- tripleo/hp-ovsvapp/src/util/validate_inputs.py: "Provide valid Vcenter certificate path to "
- tripleo/hp-ovsvapp/src/installer/configure_ovsvapp.py: VCENTER_CERTIFICATE,
- tripleo/hp-ovsvapp/src/installer/configure_ovsvapp.py: def _send_vcenter_certificate(self, content, vm, creds, inputs):
- tripleo/hp-ovsvapp/src/installer/configure_ovsvapp.py: vcenter_certificate = self._read_file(inputs['cert_path'])
- tripleo/hp-ovsvapp/src/installer/configure_ovsvapp.py: response = self._send_file(content, vm, creds, vcenter_certificate,
- tripleo/hp-ovsvapp/src/installer/configure_ovsvapp.py: VCENTER_CERTIFICATE)
- tripleo/hp-ovsvapp/src/installer/configure_ovsvapp.py: self.logger.error("Couldn't send the Vcenter Certificate inside "
- tripleo/hp-ovsvapp/src/installer/configure_ovsvapp.py: self.logger.info("Vcenter Certificate copied successfully "
- tripleo/hp-ovsvapp/src/installer/configure_ovsvapp.py: "at %s" % VCENTER_CERTIFICATE)
- tripleo/hp-ovsvapp/src/installer/configure_ovsvapp.py: cert_path = ''
- tripleo/hp-ovsvapp/src/installer/configure_ovsvapp.py: if inputs['cert_check']:
- tripleo/hp-ovsvapp/src/installer/configure_ovsvapp.py: if inputs['cert_path']:
- tripleo/hp-ovsvapp/src/installer/configure_ovsvapp.py: cert_path = VCENTER_CERTIFICATE.replace('/', '\\\\/')
- tripleo/hp-ovsvapp/src/installer/configure_ovsvapp.py: inputs['vcenter_password'], port, inputs['cert_check'],
- tripleo/hp-ovsvapp/src/installer/configure_ovsvapp.py: cert_path, inputs['datacenter'], params['cluster'],
- tripleo/hp-ovsvapp/src/installer/configure_ovsvapp.py: if inputs['cert_check']:
- tripleo/hp-ovsvapp/src/installer/configure_ovsvapp.py: if inputs['cert_path']:
- tripleo/hp-ovsvapp/src/installer/configure_ovsvapp.py: self._send_vcenter_certificate(content, vm, creds, inputs)
- tripleo/hp-ovsvapp/conf/ovs_vapp.ini:#Vcenter FQDN(Provide FQDN, only if your vcenter certificate is generated with FQDN)(*OPTIONAL)
- tripleo/hp-ovsvapp/conf/ovs_vapp.ini:cert_check=
- tripleo/hp-ovsvapp/conf/ovs_vapp.ini:#Certificate Path. Must required if cert_check=True(*OPTIONAL)
- tripleo/hp-ovsvapp/conf/ovs_vapp.ini:cert_path=
- Binary file tripleo/CMC_11.5.01.0079.0_Installer_Linux.bin matches
- tripleo/helion-update/tripleo-ansible/playbooks/update_cloud.yml: # Issue a killall for the certmonger and stunnel processes in case they are still running
- tripleo/helion-update/tripleo-ansible/playbooks/update_cloud.yml: - command: pkill -f certmonger
- tripleo/helion-update/tripleo-ansible/playbooks/update_cloud.yml: - command: pkill -9 -f certmonger
- tripleo/helion-update/tripleo-ansible/playbooks/update_cloud.yml: # Issue a killall for the certmonger and stunnel processes in case they are still running
- tripleo/helion-update/tripleo-ansible/playbooks/update_cloud.yml: - command: pkill -f certmonger
- tripleo/helion-update/tripleo-ansible/playbooks/update_cloud.yml: - command: pkill -9 -f certmonger
- tripleo/helion-update/tripleo-ansible/playbooks/update_cloud.yml: # Issue a killall for the certmonger and stunnel processes in case they are still running
- tripleo/helion-update/tripleo-ansible/playbooks/update_cloud.yml: - command: pkill -f certmonger
- tripleo/helion-update/tripleo-ansible/playbooks/update_cloud.yml: - command: pkill -9 -f certmonger
- tripleo/helion-update/tripleo-ansible/playbooks/update_cloud.yml: # Issue a killall for the certmonger and stunnel processes in case they are still running
- tripleo/helion-update/tripleo-ansible/playbooks/update_cloud.yml: - command: pkill -f certmonger
- tripleo/helion-update/tripleo-ansible/playbooks/update_cloud.yml: - command: pkill -9 -f certmonger
- tripleo/helion-update/tripleo-ansible/playbooks/update_cloud.yml: # Issue a killall for the certmonger and stunnel processes in case they are still running
- tripleo/helion-update/tripleo-ansible/playbooks/update_cloud.yml: - command: pkill -f certmonger
- tripleo/helion-update/tripleo-ansible/playbooks/update_cloud.yml: - command: pkill -9 -f certmonger
- tripleo/helion-update/tripleo-ansible/plugins/inventory/group_vars/all: - nova-cert
- tripleo/helion-update/tripleo-ansible/plugins/inventory/group_vars/all: - nova-cert
- tripleo/helion-update/tripleo-ansible/plugins/inventory/group_vars/all: - certmonger
- tripleo/helion-update/tripleo-ansible/plugins/inventory/group_vars/all: - nova-cert
- tripleo/helion-update/tripleo-ansible/plugins/inventory/group_vars/all: - certmonger
- tripleo/helion-update/tripleo-ansible/plugins/inventory/group_vars/all: - certmonger
- tripleo/helion-update/tripleo-ansible/plugins/inventory/group_vars/all: - certmonger
- tripleo/helion-update/tripleo-ansible/plugins/inventory/group_vars/all: - nova-cert
- tripleo/helion-update/tripleo-ansible/plugins/inventory/group_vars/all: - certmonger
- tripleo/helion-update/tripleo-ansible/Troubleshooting.rst: * If restarting MySQL fails, then the database is most certainly out of sync
- tripleo/helion-update/tripleo-ansible/Troubleshooting.rst:Apache2 requires some self-signed SSL certificates to be put in place
- tripleo/helion-update/tripleo-ansible/Troubleshooting.rst: * /etc/ssl/certs/ssl-cert-snakeoil.pem is missing or empty
- tripleo/helion-update/tripleo-ansible/Troubleshooting.rst: * Re-run `os-collect-config` to reassert the SSL certificates::
- tripleo/helion-update/tripleo-ansible/Troubleshooting.rst:There are certain system states that cause RabbitMQ to fail to die on normal kill signals.
- tripleo/helion-update/seed_update/seed_restore_1_5:cp -a "${RESTORE_DIR}/ephemeralca-cacert.crt" /usr/local/share/ca-certificates
- tripleo/helion-update/seed_update/seed_restore_1_5:# local certificate refresh to allow connection to overcloud.
- tripleo/helion-update/seed_update/seed_restore_1_5:update-ca-certificates --fresh
- tripleo/helion-update/seed_update/seed_restore_1_5:# Restore SSH and Certificates
- tripleo/helion-update/seed_update/seed_backup_1_5:cp -a /usr/local/share/ca-certificates/ephemeralca-cacert.crt "${BACKUP_DIR}"
- tripleo/helion-update/seed_update/seed_backup_1_5:# Copying SSH and Certificates.
- tripleo/hp_passthrough/undercloud_tempest_conf.json: "option": "ca_certificates_file",
- tripleo/hp_passthrough/undercloud_tempest_conf.json: "value": "/usr/local/share/ca-certificates/ephemeralca-cacert.crt"
- tripleo/hp_passthrough/overcloud_nova_conf.json: "option": "ca_certificates_file",
- tripleo/hp_passthrough/overcloud_nova_conf.json: "value": "/usr/local/share/ca-certificates/ephemeralca-cacert.crt"
- tripleo/hp_passthrough/overcloud_beaver.json: "section": "/var/log/nova/nova-cert-json.log",
- tripleo/hp_passthrough/overcloud_heat_conf.json: { "option": "cafile", "value": "/usr/local/share/ca-certificates/ephemeralca-cacert.crt" }
- tripleo/hp_passthrough/overcloud_heat_conf.json: { "option": "cafile", "value": "/usr/local/share/ca-certificates/ephemeralca-cacert.crt" }
- tripleo/hp_passthrough/overcloud_heat_conf.json: { "option": "ca_file", "value": "/etc/ssl/certs/ca-certificates.crt" }
- tripleo/hp_passthrough/undercloud_nova_conf.json: "cert_config": [
- tripleo/hp_passthrough/overcloud_ceilometer_conf.json: {"option":"cafile","value":"/etc/ssl/certs/ca-certificates.crt"}
- tripleo/hp_passthrough/undercloud_beaver.json: "section": "/var/log/nova/nova-cert-json.log",
- tripleo/tripleo-incubator/scripts/hp_ced_host_manager.sh: echo "This script depends on certain baseline capabilities of the HOST operating system"
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh:## #. Load ECA server cert and key
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh:EPHEMERAL_CA_CERT_FILE=${EPHEMERAL_CA_CERT_FILE:-${TRIPLEO_ROOT}/../eca.crt}
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh:if [[ ! -f "${EPHEMERAL_CA_CERT_FILE}" || ! -f ${EPHEMERAL_CA_KEY_FILE} ]]; then
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh: echo "Error: Could not find ECA Cert file or ECA key file." >&2
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh:EPHEMERAL_CA_CERT=$(<${EPHEMERAL_CA_CERT_FILE})
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh:## #. Add ECA server cert to local certificate store
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh:OVERCLOUD_CACERT_LOCATION=$(os-apply-config -m $TE_DATAFILE --key overcloud.cacert --type raw)
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh:if [[ -n "${EPHEMERAL_CA_CERT:-}" ]]; then
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh: echo "${EPHEMERAL_CA_CERT}" > "${OVERCLOUD_CACERT_LOCATION}" && update-ca-certificates
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh:## set this to the DNS name you're using for your SSL certificate - the heat
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh:if [ -z "${OVERCLOUD_CLUSTER_CERT:-}" ] || [ -z "${OVERCLOUD_CLUSTER_KEY:-}" ]; then
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh: OVERCLOUD_CLUSTER_CERT=$(<$OVERCLOUD_CLUSTER_PATH/cluster.crt)
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh: "EphemeralCaCert": "'"${EPHEMERAL_CA_CERT}"'",
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh: "MysqlClusterCertificate": "'"${OVERCLOUD_CLUSTER_CERT}"'",
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh:## #. Add Keystone certs/key into the environment file.::
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh:NEW_JSON=$(jq '.overcloud.password="'${OVERCLOUD_ADMIN_PASSWORD}'" | .overcloud.endpoint="'${OVERCLOUD_ENDPOINT}'" | .overcloud.endpointhost="'${OVERCLOUD_IP}'" | .overcloud.cacert="'${OVERCLOUD_CACERT_LOCATION}'"' $TE_DATAFILE)
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh: -e "s,\(OS_CACERT=\).*$,\1${OVERCLOUD_CACERT_LOCATION}," \
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh:## #. Deploy overcloud CA certificate to undercloud
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh:if [[ -f "${OVERCLOUD_CACERT_LOCATION}" ]]; then
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh: echo "Deploying overcloud CA certificate to undercloud for tempest"
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh: wait_for 10 60 scp ${SSH_ARGS} "${OVERCLOUD_CACERT_LOCATION}" heat-admin@${UNDERCLOUD_IP}:/home/heat-admin/eca.crt
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh: wait_for 10 60 ssh ${SSH_ARGS} heat-admin@${UNDERCLOUD_IP} "sudo cp /home/heat-admin/eca.crt ${OVERCLOUD_CACERT_LOCATION} && sudo update-ca-certificates --fresh"
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh: echo "Undercloud deployed with overcloud CA certificate"
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh: --os-cacert $OS_CACERT \
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh: --os-cacert $OS_CACERT \
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh: --os-cacert $OS_CACERT \
- tripleo/tripleo-incubator/scripts/hp_ced_overcloud.sh: --os-cacert $OS_CACERT \
- tripleo/tripleo-incubator/scripts/hp_ced_setup.sh:# Add overcloud cacert location
- tripleo/tripleo-incubator/scripts/hp_ced_setup.sh:OVERCLOUD_CACERT_LOCATION=/usr/local/share/ca-certificates/ephemeralca-cacert.crt
- tripleo/tripleo-incubator/scripts/hp_ced_setup.sh:ENV_JSON=$(jq '.["overcloud"]["cacert"]="'$OVERCLOUD_CACERT_LOCATION'" ' $JSONFILE)
- tripleo/tripleo-incubator/scripts/hp_ced_undercloud.sh:## #. Load ECA server cert and key and generate if necessary
- tripleo/tripleo-incubator/scripts/hp_ced_undercloud.sh:EPHEMERAL_CA_CERT_FILE=${EPHEMERAL_CA_CERT_FILE:-${TRIPLEO_ROOT}/../eca.crt}
- tripleo/tripleo-incubator/scripts/hp_ced_undercloud.sh:if [[ -z "${EPHEMERAL_CA_KEY:-}" && -z "${EPHEMERAL_CA_CERT:-}" ]]; then
- tripleo/tripleo-incubator/scripts/hp_ced_undercloud.sh: if [[ -f "${EPHEMERAL_CA_KEY_FILE}" && -f "${EPHEMERAL_CA_CERT_FILE}" ]]; then
- tripleo/tripleo-incubator/scripts/hp_ced_undercloud.sh: echo "ECA key and cert files found"
- tripleo/tripleo-incubator/scripts/hp_ced_undercloud.sh: elif [[ ! -f "${EPHEMERAL_CA_KEY_FILE}" && ! -f "${EPHEMERAL_CA_CERT_FILE}" ]]; then
- tripleo/tripleo-incubator/scripts/hp_ced_undercloud.sh: echo "ECA key and cert files not found, generating new pair"
- tripleo/tripleo-incubator/scripts/hp_ced_undercloud.sh: openssl req -x509 -batch -newkey rsa:2048 -nodes -out "${EPHEMERAL_CA_CERT_FILE}" \
- tripleo/tripleo-incubator/scripts/hp_ced_undercloud.sh: -subj "/C=UK/O=hp/CN=Autogenerated Helion Certificate Authority" \
- tripleo/tripleo-incubator/scripts/hp_ced_undercloud.sh: echo "Error: Inconsistent ECA key and cert files found" >&2
- tripleo/tripleo-incubator/scripts/hp_ced_undercloud.sh: echo "Reading ECA key and cert from files"
- tripleo/tripleo-incubator/scripts/hp_ced_undercloud.sh: EPHEMERAL_CA_CERT=$(<${EPHEMERAL_CA_CERT_FILE})
- tripleo/tripleo-incubator/scripts/hp_ced_undercloud.sh:elif [[ -z "${EPHEMERAL_CA_KEY:-}" || -z "${EPHEMERAL_CA_CERT:-}" ]]; then
- tripleo/tripleo-incubator/scripts/hp_ced_undercloud.sh: echo "Error: Inconsistent ECA key and cert variables" >&2
- tripleo/tripleo-incubator/scripts/hp_ced_undercloud.sh: echo "Using passed in ECA key and cert values"
- tripleo/tripleo-incubator/scripts/hp_ced_undercloud.sh: "EphemeralCaCert": "'"${EPHEMERAL_CA_CERT}"'",
- tripleo/tripleo-incubator/scripts/hp_ced_undercloud.sh:## #. Add Keystone certs/key into the environment file.::
- tripleo/tripleo-incubator/scripts/hp_ced_load_config.sh: # Write overcloud SSL certificates to the HEAT_ENV
- tripleo/tripleo-incubator/scripts/hp_ced_load_config.sh: if [ -n "${OVERCLOUD_SSL_CA_CERT:-}" ] ; then
- tripleo/tripleo-incubator/scripts/hp_ced_load_config.sh: "SSLCACertificate": "'"${OVERCLOUD_SSL_CA_CERT:-}"'",
- tripleo/tripleo-incubator/scripts/hp_ced_load_config.sh: if [ -n "${OVERCLOUD_SSL_CERT:-}" -a -n "${OVERCLOUD_SSL_KEY}" ] ; then
- tripleo/tripleo-incubator/scripts/hp_ced_load_config.sh: # Extract the common name (containing the IP address) from the certificate
- tripleo/tripleo-incubator/scripts/hp_ced_load_config.sh: export PUBLIC_API_URL=$(openssl x509 -text -noout <<< "${OVERCLOUD_SSL_CERT}" | grep Subject: | sed "s/ //g" | awk -v RS=',' -v FS='=' '$1=="CN"{print $2}')
- tripleo/tripleo-incubator/scripts/hp_ced_load_config.sh: echo "Using common name of SSL certificate as IP address for REST APIs: ${PUBLIC_API_URL}"
- tripleo/tripleo-incubator/scripts/hp_ced_load_config.sh: "SSLCertificate": "'"${OVERCLOUD_SSL_CERT}"'",
- tripleo/tripleo-incubator/overcloudrc:export OS_CACERT=$(os-apply-config -m $TE_DATAFILE --type raw --key overcloud.cacert --key-default '')
- tripleo/tripleo-incubator/overcloudrc-user:export OS_CACERT=$(os-apply-config -m $TE_DATAFILE --type raw --key overcloud.cacert --key-default '')
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement