Skip to content
Snippets Groups Projects
Select Git revision
  • deployment default
1 result
Search by author
  • Any Author
  • KANAPA SYLVERE p1919734 KANAPA SYLVERE p1919734 p1919734
1 author
  1. Feb 03, 2022
    • Mark Goddard's avatar
      certificates: generate libvirt TLS certificates · 33e93ab3
      Mark Goddard authored 
      Adds support to the 'kolla-ansible certificates' command for generating
certificates for libvirt TLS, when libvirt_tls is true. The same
certificate and key are used for the libvirt client and server.

The certificates use the same root CA as the other generated
certificates, and are written to
{{ node_custom_config }}/nova/nova-libvirt/, ready to be picked up by
nova-libvirt and nova-compute.

Change-Id: I1bde9fa018f66037aec82dc74c61ad1f477a7c12
      33e93ab3
  3. Sep 17, 2020
    • Mark Goddard's avatar
      Support TLS encryption of RabbitMQ client-server traffic · 761ea9a3
      Mark Goddard authored 
      This change adds support for encryption of communication between
OpenStack services and RabbitMQ. Server certificates are supported, but
currently client certificates are not.

The kolla-ansible certificates command has been updated to support
generating certificates for RabbitMQ for development and testing.

RabbitMQ TLS is enabled in the all-in-one source CI jobs, or when
The Zuul 'tls_enabled' variable is true.

Change-Id: I4f1d04150fb2b5af085b762890092f87ae6076b5
Implements: blueprint message-queue-ssl-support
      761ea9a3
  5. Apr 09, 2020
    • James Kirsch's avatar
      Add support for encrypting backend Keystone HAProxy traffic · b475643c
      James Kirsch authored 
      This patch introduces an optional backend encryption for Keystone
service. When used in conjunction with enabling TLS for service API
endpoints, network communcation will be encrypted end to end, from
client through HAProxy to the Keystone service.

Change-Id: I6351147ddaff8b2ae629179a9bc3bae2ebac9519
Partially-Implements: blueprint add-ssl-internal-network
      b475643c
  7. Mar 20, 2018
    • caoyuan's avatar
      Make the certificates role just run on deploy node · 82725dee
      caoyuan authored 
      when run command "kolla-ansible -i multinode certificates",
the certificates file will generated in all nodes, it is
unnecessary, this ps to make it in deploy node.

Change-Id: I3e98ab498eeec3e6b8f170dd29c95f7ff9dbd6c0
      82725dee
  9. Dec 05, 2016
  11. Feb 26, 2016
    • Dave McCowan's avatar
      Add Ansible scripts to generate TLS certificates for testing · fd280872
      Dave McCowan authored 
      Working towards the blueprint that will add TLS protection
for the external endpoints, kolla needs certificates.

When kolla deploys OpenStack, the external VIP will need
a server side certifcate.  Clients that access those endpoints will
need the public CA certificate that signed that certificate.

This ansible script will create these two certificates to make
it easy to use TLS in a test environment.  The generated
certificate files are:

/etc/kolla/certificates/haproxy.pem  (server side certificate)
/etc/kolla/certificates/haproxy-ca.pem (CA certificate)

The generated certificates are not suitable for use in a
production environment, but will be useful for testing and
verifying operations.

Partially-implements: blueprint ssl-kolla

Change-Id: I208777f9e5eee3bfb06810c7b18a2727beda234d
      fd280872
  13. Dec 26, 2015
    • SamYaple's avatar
      Fix file permissions · 9be1799b
      SamYaple authored 
      Throughout the project overtime some of these file permissions have
changed to have an executable bit. They should not have this bit set.

TrivialFix

Change-Id: I1748b5bde813a0fcac36aeecdfd83245b8ee5be3
      9be1799b
  15. Nov 13, 2015