pki work, and keystone cert generated
ignore retry files
load variables for localhost as wel
split root/intermediate generation
use array for creating server certs
configure openstack with certs from server via lookup('file',...
move root CA cert to old location, testing
indent ssl info
more places where the CA cert is used
don't have juju self-manage certs
juju requires certs be base64 encoded (not documented)
install both root/intermediate CA certs, as juju/trusty apache is too old to support chaining
provide ca/im chain to juju keystone config
yaml error
updated name for onos source per jono
fixed the onos-fabric-install role
whitespace
copy CA certs to compute node
stop wasting time
diagnostically print contents of /usr/local/share/ca-certificates/ dir
Change-Id: Idbd4891736b07690a260bf3d117c547de1ae7424
diff --git a/vars/cord.yml b/vars/cord.yml
index 0a41fd1..c1d8798 100644
--- a/vars/cord.yml
+++ b/vars/cord.yml
@@ -23,13 +23,21 @@
# site domain suffix
site_suffix: cord.lab
+# SSL server certificate generation
+server_certs:
+ - cn: "keystone.{{ site_suffix }}"
+ subj: "/C=US/ST=California/L=Menlo Park/O=ON.Lab/OU=Test Deployment/CN=keystone.{{ site_suffix }}"
+ altnames:
+ - "DNS:keystone.{{ site_suffix }}"
+ - "DNS:{{ site_suffix }}"
+
# resolv.conf settings
dns_search:
- - cord.lab
+ - "{{ site_suffix }}"
# NSD/Unbound settings
nsd_zones:
- - name: cord.lab
+ - name: "{{ site_suffix }}"
ipv4_first_octets: 192.168.122
name_reverse_unbound: "168.192.in-addr.arpa"
soa: ns1
@@ -55,4 +63,4 @@
data_plane_ip: 10.168.0.253/24
# CORD ONOS app version
-cord_app_version: 1.2-SNAPSHOT
\ No newline at end of file
+cord_app_version: 1.2-SNAPSHOT
diff --git a/vars/local_vars.yml b/vars/local_vars.yml
new file mode 100644
index 0000000..9153e0a
--- /dev/null
+++ b/vars/local_vars.yml
@@ -0,0 +1,3 @@
+# local_custom_vars.yaml
+# Put any local customizations to variables in this file.
+