Commits · de79f77ef003a0e771548a6f2dab4e3b8ee58e19 · Very Demiurge Very Mindful / Kolla Ansible

Feb 03, 2022

certificates: generate libvirt TLS certificates · 33e93ab3

Mark Goddard authored 3 years ago

Adds support to the 'kolla-ansible certificates' command for generating
certificates for libvirt TLS, when libvirt_tls is true. The same
certificate and key are used for the libvirt client and server.

The certificates use the same root CA as the other generated
certificates, and are written to
{{ node_custom_config }}/nova/nova-libvirt/, ready to be picked up by
nova-libvirt and nova-compute.

Change-Id: I1bde9fa018f66037aec82dc74c61ad1f477a7c12

33e93ab3

Sep 17, 2020

Support TLS encryption of RabbitMQ client-server traffic · 761ea9a3

Mark Goddard authored 4 years ago

This change adds support for encryption of communication between
OpenStack services and RabbitMQ. Server certificates are supported, but
currently client certificates are not.

The kolla-ansible certificates command has been updated to support
generating certificates for RabbitMQ for development and testing.

RabbitMQ TLS is enabled in the all-in-one source CI jobs, or when
The Zuul 'tls_enabled' variable is true.

Change-Id: I4f1d04150fb2b5af085b762890092f87ae6076b5
Implements: blueprint message-queue-ssl-support

761ea9a3

Apr 09, 2020

Add support for encrypting backend Keystone HAProxy traffic · b475643c

James Kirsch authored 5 years ago

This patch introduces an optional backend encryption for Keystone
service. When used in conjunction with enabling TLS for service API
endpoints, network communcation will be encrypted end to end, from
client through HAProxy to the Keystone service.

Change-Id: I6351147ddaff8b2ae629179a9bc3bae2ebac9519
Partially-Implements: blueprint add-ssl-internal-network

b475643c

Mar 20, 2018

Make the certificates role just run on deploy node · 82725dee

caoyuan authored 7 years ago

when run command "kolla-ansible -i multinode certificates",
the certificates file will generated in all nodes, it is
unnecessary, this ps to make it in deploy node.

Change-Id: I3e98ab498eeec3e6b8f170dd29c95f7ff9dbd6c0

82725dee

Dec 05, 2016
- Give plays in the playbooks a name · 4c39f2e9
  Christian Berendt authored 8 years ago
  
  Change-Id: I44c2668a8ebb6dd3201a6eb4e47284871380e6d7
  4c39f2e9
Feb 26, 2016

Add Ansible scripts to generate TLS certificates for testing · fd280872

Dave McCowan authored 9 years ago

Working towards the blueprint that will add TLS protection
for the external endpoints, kolla needs certificates.

When kolla deploys OpenStack, the external VIP will need
a server side certifcate.  Clients that access those endpoints will
need the public CA certificate that signed that certificate.

This ansible script will create these two certificates to make
it easy to use TLS in a test environment.  The generated
certificate files are:

/etc/kolla/certificates/haproxy.pem  (server side certificate)
/etc/kolla/certificates/haproxy-ca.pem (CA certificate)

The generated certificates are not suitable for use in a
production environment, but will be useful for testing and
verifying operations.

Partially-implements: blueprint ssl-kolla

Change-Id: I208777f9e5eee3bfb06810c7b18a2727beda234d

fd280872

Dec 26, 2015

Fix file permissions · 9be1799b

SamYaple authored 9 years ago

Throughout the project overtime some of these file permissions have
changed to have an executable bit. They should not have this bit set.

TrivialFix

Change-Id: I1748b5bde813a0fcac36aeecdfd83245b8ee5be3

9be1799b

Nov 13, 2015

Add playbook for hosts pre-deployment checks (ports, files) · 3bd4c2a6

Vladislav Belogrudov authored 9 years ago

This playbook runs on hosts before deployment to be sure we don't
have any conflicting services running and systems are in expected
state.

DocImpact

Change-Id: If5f288b7fbdf269697ca834da4eb969b61683ca0
Partially-implements: blueprint precheck-tasks

3bd4c2a6