+ - name: ssl/inject-trust-anchor
+ title: Inject SSL Trust Anchor on Overcloud Nodes
+ description: |
+ When using an SSL certificate signed by a CA that is not in the default
+ list of CAs, this environment allows adding a custom CA certificate to
+ the overcloud nodes.
+ files:
+ puppet/extraconfig/tls/ca-inject.yaml:
+ parameters:
+ - SSLRootCertificate
+ sample_values:
+ SSLRootCertificate: |-
+ |
+ The contents of your certificate go here
+ resource_registry:
+ OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml
+ children:
+ - name: ssl/inject-trust-anchor-hiera
+ files:
+ puppet/services/ca-certs.yaml:
+ parameters:
+ - CAMap
+ # Need to clear this so we don't inherit the parent registry
+ resource_registry: {}
+ sample_values:
+ CAMap: |-2
+
+ first-ca-name:
+ content: |
+ The content of the CA cert goes here
+ second-ca-name:
+ content: |
+ The content of the CA cert goes here