Code Review / apex-tripleo-heat-templates.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: b69a73b) | patch
Add certmonger-user profile
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>
Mon, 13 Mar 2017 12:30:03 +0000 (14:30 +0200)
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>
Mon, 13 Mar 2017 15:10:13 +0000 (17:10 +0200)
commit31bc6eaa88d3af337306349ff6138d01401874c7
tree8e44d68a75e78429f3598e986adffc28781ac4d8tree | snapshot
parentb69a73ba85682629460638aa7a8b8f5825c99a1fcommit | diff
Add certmonger-user profile

This profile will request the certificates for the services on the node.
So with this, we will remove the requesting of these certs on the
services' profiles themselves.

The reasoning for this is that for a containerized environment, the
containers won't have credentials to the CA while the baremetal node
does. So, with this, we will have this profile that still gets executed
in the baremetal nodes, and we can subsequently pass the requested
certificates by bind-mounting them on the containers. On the other hand,
this approach still works well for the TLS-everywhere case when the
services are running on baremetal.

Change-Id: Ibf58dfd7d783090e927de6629e487f968f7e05b6
Depends-On: I4d2e62b5c1b893551f9478cf5f69173c334ac81f
deployed-server/deployed-server-roles-data.yaml diff | blob | history
environments/contrail/roles_data_contrail.yaml diff | blob | history
environments/enable-internal-tls.yaml diff | blob | history
environments/hyperconverged-ceph.yaml diff | blob | history
overcloud-resource-registry-puppet.j2.yaml diff | blob | history
puppet/services/certmonger-user.yaml [new file with mode: 0644] blob
roles_data.yaml diff | blob | history