The CA certificate is currently passed via ssl-source.yaml as
"stunnel.cacert", but this value is not currently used by stunnel
since we have no use case for client cert authentication.
This change proposes that it also be exposed as
"ssl.ca_certificate", which is consistent with the overall SSL
direction being driven by the PKI spec:
I32473fe797a4c1e28d14c3b82c8892c7c59a4e55
This new CA certificate value will be installed as a trusted CA
on all cloud nodes that issue SSL-secured connection requests to
OpenStack or other infrastructure (MySQL, RabbitMQ) services.
Change-Id: Ibacd7c98980520e11c0df89632013f2ba2dbe370
properties:
group: os-apply-config
config:
+ ssl:
+ ca_certificate:
+ get_input: ssl_ca_certificate
stunnel:
cert:
get_input: ssl_certificate
Code Review / apex-tripleo-heat-templates.git / commitdiff