Merge "Add nova_libvirt_live_migration_inbound_addr to compute SAN"
This commit is contained in:
1 changed files with 8 additions and 10 deletions
@@ -618,17 +618,19 @@ nova_pki_intermediate_chain_path: >-
{{ nova_pki_dir ~ '/roots/' ~ nova_pki_intermediate_cert_name ~ '/certs/' ~ nova_pki_intermediate_cert_name ~ '-chain.crt' }}
nova_pki_regen_cert:''
nova_pki_san:"{{ openstack_pki_san | default('DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ management_address) }}"
nova_pki_compute_san:>-
{{
'DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['nodename'] ~ ',IP:' ~ (nova_management_address == 'localhost') | ternary(
'127.0.0.1', nova_management_address) ~ (nova_libvirt_live_migration_inbound_addr != nova_management_address) |ternary(
',IP:' ~ nova_libvirt_live_migration_inbound_addr, '')
}}
# Create client and server cert for compute hosts
# This certiticate is used to secure TLS live migrations and VNC sessions
nova_pki_compute_certificates:
- name:"nova_{{ ansible_facts['hostname'] }}"
provider:ownca
cn:"{{ ansible_facts['nodename'] }}"
san:>-
{{
'DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['nodename'] ~ ',IP:' ~ (nova_management_address == 'localhost') | ternary(
'127.0.0.1', nova_management_address)
}}
san:"{{ nova_pki_compute_san }}"
signed_by:"{{ nova_pki_intermediate_cert_name }}"
key_usage:
- digitalSignature
@@ -721,11 +723,7 @@ nova_pki_console_certificates:
- name:"nova_{{ ansible_facts['hostname'] }}-client"
provider:ownca
cn:"{{ ansible_facts['nodename'] }}"
san:>-
{{
'DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['nodename'] ~ ',IP:' ~ (nova_management_address == 'localhost') | ternary(
'127.0.0.1', nova_management_address)
}}
san:"{{ nova_pki_compute_san }}"
signed_by:"{{ nova_pki_intermediate_cert_name }}"
key_usage:
- digitalSignature
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.