Let operator provide custom cacerts

Registered by Radosław Piliszek on 2019-10-02

Let operator provide custom cacerts for kolla-ansible to deploy them in containers.

Blueprint information

Status:
Complete
Approver:
Radosław Piliszek
Priority:
Medium
Drafter:
Radosław Piliszek
Direction:
Approved
Assignee:
James Kirsch
Definition:
Approved
Series goal:
Accepted for ussuri
Implementation:
Implemented
Milestone target:
milestone icon 10.0.0
Started by
Mark Goddard on 2019-10-16
Completed by
Mark Goddard on 2020-05-07

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.opendev.org/#/q/topic:bp/custom-cacerts

Addressed by: https://review.opendev.org/686024
    Custom CA certificates deployment

Addressed by: https://review.opendev.org/688273
    Custom CA certificates deployment (lightweight)

Gerrit topic: https://review.opendev.org/#/q/topic:bp/add-internal-network/configure-cacert-verification

Addressed by: https://review.opendev.org/699888
    Copy CA into containers.

Addressed by: https://review.opendev.org/700788
    Use kolla_toolbox to execute REST methods

Addressed by: https://review.opendev.org/701323
    Generate self signed TLS certificates

Addressed by: https://review.opendev.org/701414
    CI: Add TLS tests

Addressed by: https://review.opendev.org/709808
    CI: Fix TLS upgrade test

Addressed by: https://review.opendev.org/709830
    Fix neutron-metadata-agent to use provided CA for Nova metadata

Addressed by: https://review.opendev.org/712015
    Add notify restart container when cert changed

Addressed by: https://review.opendev.org/710879/
    Install uwsgi for Keystone

Addressed by: https://review.opendev.org/712005/
    Add support for encrypting backend HAProxy traffic

Addressed by: https://review.opendev.org/737839
    Copy CA into containers.

Addressed by: https://review.opendev.org/738277
    Add notify restart container when cert changed

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.