1 heat_template_version: ocata
4 This is a template which will inject the trusted anchor.
7 # Can be overridden via parameter_defaults in the environment
10 The content of a CA's SSL certificate file in PEM format.
11 This is evaluated on the client side.
13 SSLRootCertificatePath:
14 default: '/etc/pki/ca-trust/source/anchors/ca.crt.pem'
16 The filepath of the root certificate as it will be stored in the nodes.
17 Note that the path has to be one that can be picked up by the update
18 trust anchor command. e.g. in RHEL it would be
19 /etc/pki/ca-trust/source/anchors/ca.crt.pem
21 UpdateTrustAnchorsCommand:
22 default: update-ca-trust extract
24 command that will be executed to update the trust anchors.
27 # Passed in by controller.yaml
29 description: ID of the node to apply this config to
34 type: OS::Heat::SoftwareConfig
39 - name: cacert_content
40 - name: update_anchor_command
42 - name: root_cert_md5sum
45 cat > ${cacert_path} << EOF
48 chmod 0444 ${cacert_path}
49 chown root:root ${cacert_path}
50 ${update_anchor_command}
51 md5sum ${cacert_path} > ${heat_outputs_path}.root_cert_md5sum
54 type: OS::Heat::SoftwareDeployment
57 config: {get_resource: CAConfig}
58 server: {get_param: server}
60 cacert_path: {get_param: SSLRootCertificatePath}
61 cacert_content: {get_param: SSLRootCertificate}
62 update_anchor_command: {get_param: UpdateTrustAnchorsCommand}
66 description: Deployment reference
67 value: {get_attr: [CADeployment, root_cert_md5sum]}