export XCI_ANSIBLE_PIP_VERSION="2.5.8"
export ANSIBLE_HOST_KEY_CHECKING=False
-# subject of the certificate
-export XCI_SSL_SUBJECT=${XCI_SSL_SUBJECT:-"/C=US/ST=California/L=San Francisco/O=IT/CN=xci.releng.opnfv.org"}
export DEPLOY_SCENARIO=${DEPLOY_SCENARIO:-"os-nosdn-nofeature"}
# attempt to sync Ansible version used by Kubespray with the rest
export XCI_KUBE_ANSIBLE_PIP_VERSION=$XCI_ANSIBLE_PIP_VERSION
- { name: 'netaddr' }
- { name: 'ansible-modules-hashivault' }
- - name: Configure SSL certificates
- include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssl-certs.yml"
-
- name: fetch xci environment
copy:
src: "{{ xci_path }}/.cache/xci.env"
when: xci_flavor == 'ha'
- role: "haproxy_server"
haproxy_service_configs: "{{ haproxy_default_services}}"
- haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt"
- haproxy_user_ssl_key: "/etc/ssl/private/xci.key"
when: xci_flavor == 'ha'
openrc_clouds_yml_interface: "public"
openrc_region_name: RegionOne
openrc_insecure: true
-haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt"
-haproxy_user_ssl_key: "/etc/ssl/private/xci.key"
keystone_service_adminuri_insecure: true
keystone_service_internaluri_insecure: true
openrc_clouds_yml_interface: "public"
openrc_region_name: RegionOne
openrc_insecure: true
-haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt"
-haproxy_user_ssl_key: "/etc/ssl/private/xci.key"
keystone_service_adminuri_insecure: true
keystone_service_internaluri_insecure: true
openrc_clouds_yml_interface: "public"
openrc_region_name: RegionOne
openrc_insecure: true
-haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt"
-haproxy_user_ssl_key: "/etc/ssl/private/xci.key"
keystone_service_adminuri_insecure: true
keystone_service_internaluri_insecure: true
chdir: "{{openstack_osa_path}}/scripts"
changed_when: True
- - name: Configure SSL certificates
- include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssl-certs.yml"
- vars:
- extra_args: "-c https://raw.githubusercontent.com/openstack/requirements/{{ requirements_git_install_branch }}/upper-constraints.txt"
-
- name: fetch xci environment
copy:
src: "{{ xci_path }}/.cache/xci.env"
+++ /dev/null
-# SPDX-license-identifier: Apache-2.0
-##############################################################################
-# Copyright (c) 2018 SUSE Linux GmbH and others.
-# All rights reserved. This program and the accompanying materials
-# are made available under the terms of the Apache License, Version 2.0
-# which accompanies this distribution, and is available at
-# http://www.apache.org/licenses/LICENSE-2.0
-##############################################################################
-- name: Install required pip packages for SSL
- pip:
- name: pyOpenSSL
- state: present
- extra_args: "{{ extra_args | default(omit) }}"
-
-- name: Generate XCI private key
- openssl_privatekey:
- path: /etc/ssl/private/xci.key
- size: 2048
-
-- name: Generate XCI certificate request
- openssl_csr:
- privatekey_path: /etc/ssl/private/xci.key
- path: /etc/ssl/private/xci.csr
- common_name: "{{ xci_ssl_subject }}"
-
-- name: Generate XCI self signed certificate
- openssl_certificate:
- path: /etc/ssl/certs/xci.crt
- privatekey_path: /etc/ssl/private/xci.key
- csr_path: /etc/ssl/private/xci.csr
- provider: selfsigned
- selfsigned_not_after: 20800101000000Z
rc_file_vol="-v /root/admin.conf:/etc/yardstick/admin.conf"
{% endif %}
-OS_CACERT="/etc/ssl/certs/xci.crt"
+OS_CACERT="/etc/ssl/certs/haproxy.cert"
DOCKER_IMAGE_NAME="opnfv/yardstick"
YARDSTICK_SCENARIO_SUITE_NAME="opnfv_${DEPLOY_SCENARIO}_daily.yaml"
Code Review / releng-xci.git / commitdiff