Juniper Openstack

  1. Series trunk
  2. Bug #1760051
  3. Comment #18

Comment 18 for bug 1760051

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/41753
Committed: http://github.com/Juniper/contrail-ansible-deployer/commit/cd61114393eeac844c1bb4d514394377f8a21655
Submitter: Zuul v3 CI (<email address hidden>)
Branch: R5.0

commit cd61114393eeac844c1bb4d514394377f8a21655
Author: nitishkrishna <email address hidden>
Date: Mon Apr 9 11:32:17 2018 -0700

Closes-Bug: #1760051 - Loading of SSL certs per Server for Metadata SSL

As in SM, these certs are created for each server and Subject Alt Names are set based on IP/DNS
To enable SSL, please add to config/instances.yml:

contrail_configuration:
SSL_ENABLE: True

This will mount the certs created in node init container to the "default" paths specified here:
https://github.com/Juniper/contrail-container-builder/blob/master/containers/base/common.sh#L26

We will need to implement separately what to do if user created certs are supplied.
This ability is not there in container-builder today so I haven't implemented it.

Patch 2:
Changed to using node init container for cert creation
Patch 3:
Make mounting un-conditional
Patch 4:
Added dpdk vrouter file

Change-Id: I322b153e46c3a86119626f3ec8315a31aad2e4e5
(cherry picked from commit 915b220a39ca3104b1f5871c65047c21d543ca9b)