So this likely works on docker because docker will simply create a non-existing bind-mount (like /etc/pki/tls/private/haproxy in this case).
The command that failed for us is the following (normal deploy via infrared but with the additional 'overcloud-ssl true' param):
openstack overcloud deploy \
--timeout 100 \
--templates /usr/share/openstack-tripleo-heat-templates \
--libvirt-type kvm \
--stack overcloud \
-r /home/stack/composable_roles/roles/roles_data.yaml \
-e /home/stack/composable_roles/roles/nodes.yaml \
-e /home/stack/composable_roles/config_lvm.yaml \
-e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml \
-e /home/stack/composable_roles/network/network-environment.yaml \
-e /home/stack/composable_roles/enable-tls.yaml \
-e /home/stack/composable_roles/inject-trust-anchor.yaml \
-e /home/stack/composable_roles/public_vip.yaml \
-e /usr/share/openstack-tripleo-heat-templates/environments/ssl/tls-endpoints-public-ip.yaml \
-e ~/fencing.yaml \
-e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovn-ha.yaml \
-e /home/stack/composable_roles/debug.yaml \
-e /home/stack/composable_roles/config_heat.yaml \
--log-file overcloud_deployment_67.log
Here are the custom ones that might be relevant here:
### /home/stack/composable_roles/enable-tls.yaml ###
parameter_defaults:
# Set CSRF_COOKIE_SECURE / SESSION_COOKIE_SECURE in Horizon
# Type: boolean
HorizonSecureCookies: True
# The content of the SSL certificate (without Key) in PEM format.
# Type: string
SSLCertificate: |
-----BEGIN CERTIFICATE-----
MIIDaDCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEL
MAkGA1UECAwCTkMxEDAOBgNVBAcMB1JhbGVpZ2gxEDAOBgNVBAoMB1JlZCBIQXQx
CzAJBgNVBAsMAlFFMRUwEwYDVQQDDAwxOTIuMTY4LjI0LjIwHhcNMTkwMzE4MTcy
MzEwWhcNMjAwMzE3MTcyMzEwWjBgMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkMx
EDAOBgNVBAcMB1JhbGVpZ2gxEDAOBgNVBAoMB1JlZCBIQXQxCzAJBgNVBAsMAlFF
MRMwEQYDVQQDDAoxMC4wLjAuMTAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA3eues7Hlhtzo7IO8dohSeQzQx9K9gu/UNBIypq5cDKng99td8OGL//dy
ijAiOw3LkE+z9QjoEXRGONmu+m1f429G8JDtW47WfzAEZ5Fr1GojRUs/ZkmBwI6g
TfxZKqX8XX4Ws3PDb70giwcANi/9B7kN6ltbL/U6seyEOSmFfEF1juS/otARqQe4
lZioxJKwaQn0pSmPHMIwyQj0zOctiXY9GqEf3dQgFyfi7InC5wnU/RUAcmOUJpoy
GalyXf6RI8oaIjPdCt9Ox+ZEogyAgdPgpGjKyGLlj4uG+sqj2/Xap0VnmTWYioQG
wkD9VRrKYq6k80JuGmyEZ2+VHSXEQQIDAQABoyswKTAJBgNVHRMEAjAAMAsGA1Ud
DwQEAwIF4DAPBgNVHREECDAGhwQKAABlMA0GCSqGSIb3DQEBCwUAA4IBAQBWcQkj
3I2/mbOnYZt7nUTNGqPZctTLqFfN2UvMjHla2ZFBb3BfW2LUkj0Z91kmztRCNRbh
Z8dKq583CCbLnWpjbKpWJfP0nWD/zvrB76tzJXZXQdM81t92C2AOelhaivfuBw9b
ZoBiN/CfHOroZgN7oOZzmhjxm+y5/mr3sBxbuMsdk7UdCgzNmFv06hnG1V3HnacP
uApJ55FDelvNDFrypbCdLm5aw00CDD+CFZy9I10nM3vFF1MOJXU/bvTa1Dc94uY6
nsxYiUaH+E7X6ONxyP0Ttz2XvQe5n9B/sHCpSmySlV7Xnwlu4QhFFh9qT0QxGeq8
wlW8xDcD+88LP815
-----END CERTIFICATE-----
# The content of an SSL intermediate CA certificate in PEM format.
# Type: string
SSLIntermediateCertificate: ''
# The content of the SSL Key in PEM format.
# Type: string
SSLKey: |
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA3eues7Hlhtzo7IO8dohSeQzQx9K9gu/UNBIypq5cDKng99td
8OGL//dyijAiOw3LkE+z9QjoEXRGONmu+m1f429G8JDtW47WfzAEZ5Fr1GojRUs/
ZkmBwI6gTfxZKqX8XX4Ws3PDb70giwcANi/9B7kN6ltbL/U6seyEOSmFfEF1juS/
otARqQe4lZioxJKwaQn0pSmPHMIwyQj0zOctiXY9GqEf3dQgFyfi7InC5wnU/RUA
cmOUJpoyGalyXf6RI8oaIjPdCt9Ox+ZEogyAgdPgpGjKyGLlj4uG+sqj2/Xap0Vn
mTWYioQGwkD9VRrKYq6k80JuGmyEZ2+VHSXEQQIDAQABAoIBAGtTO3JuU7IQfnl8
EJZGwZQXdZVePxbnA/qW3nYsFwps0gcsyVbozbtiIbvhIXzr5AoL8d1MjGd8k0WF
SZGFef1VYLqRbKl+ABCM2WR5OOwG1L37cVL3s8+7ap2ssDbnBZD1nOb20orkratv
HFQYi0fD4I351rTv5Y4M87ltckgvvaQhM4I6xuSq+fU3CMXex8SodJaRp8ryMXtg
TCc3F7HvZHkWGJAAGSyJ7BGIK59Re4bVVGoLtQAbWHQlCvK4qK1FuD/anpMrbJCJ
z1h82bq7afPRk6S7RrGq+XgEYXQQvzGb5gNynk0i2EziMN8SLWKJI8IJHw9ENDGN
zlBtrO0CgYEA8r1Vz/6sQa+148ljhUBgjDH1YxsMRszaHyI8EHKRMirj5S2WnSuh
5GFZ35k8zoV6eEpkDpo9pykIbf5xWF4x/W0sayHB8owRg9hR/JCEu2dKS0tXk2Kz
Yd2jw9gEkwTgjhIRj/y0N+DrIgyQdH7efCjVCdk/HX0t6AwNKnev/pMCgYEA6gsh
4jKVUTfcXNQltjgruzPnfziAqKQ21Q2tvi1J3f5C0G5Ahi8/L/P49iPc0AGpQAWs
3zUrd1e4zj8/HqU4C8+BigdcJSLMiOxH4dwj0MUrrtQ0ZWCCR6auVXNRjz/bMPTn
6/A1y5JJL6qUa6cQyoqI7CkqlZze84q5QNiWYlsCgYAQaWq24GInIskqeIBJDxw3
/ly38ak31DvfJQJonkZg3POBmD55q+yLM2XPL14kHHQ2U9lF/3mxpp2SSkTBk8TP
fKUnLSYezweUIXkRmXfP7+DfDF4EcgTs1f5vjFhq1EaWdHRJhu1sZcGgELdnmPhT
7rLQsqaIyODksoPlXihBDwKBgBaiUPqRLcOXBWas1aDTudb25BJ3ommsx+i+0+iq
dJRVfJyvrOnNM+0tSQx012v+XSHl6pwDhlqaTzMTBsWt8Mejn8F7iLvGq8UqJKGB
Kq2MA/d6aj7LoI3RXtbAukiCQm5voOY+atVvJkjH1Ga813DfCPLd4FJrw1wGNHhC
+fg1AoGBALjJjxtI8hRU2jtHHqv/TStT8zVeXQCkQEXq1HrbKG37RRk2qpnQWuSC
Vb8ehWIvJu44htJ78W9o7z3GcGccnd6ihWs87lOOs4SJbj1sg2tO3hGcfqnuA0mU
bSepd0aZd5IXVPRrxG0IT2GC4v2GwPe8qryeaIUqEx1jxhKohmec
-----END RSA PRIVATE KEY-----
# Static parameters - these are values that must be
# included in the environment but should not be changed.
# The filepath of the certificate as it will be stored in the controller.
# Type: string
DeployedSSLCertificatePath: /etc/pki/tls/private/overcloud_endpoint.pem
# End static parameters
### /home/stack/composable_roles/inject-trust-anchor.yaml ###
parameter_defaults:
# The content of a CA's SSL certificate file in PEM format. This is evaluated on the client side.
# Mandatory. This parameter must be set by the user.
# Type: string
SSLRootCertificate: |
-----BEGIN CERTIFICATE-----
MIIDpTCCAo2gAwIBAgIUItY3H2WSwy+lZDPBTDSuQnrGes8wDQYJKoZIhvcNAQEL
BQAwYjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5DMRAwDgYDVQQHDAdSYWxlaWdo
MRAwDgYDVQQKDAdSZWQgSEF0MQswCQYDVQQLDAJRRTEVMBMGA1UEAwwMMTkyLjE2
OC4yNC4yMB4XDTE5MDMxODE2Mzc1M1oXDTIwMDMxNzE2Mzc1M1owYjELMAkGA1UE
BhMCVVMxCzAJBgNVBAgMAk5DMRAwDgYDVQQHDAdSYWxlaWdoMRAwDgYDVQQKDAdS
ZWQgSEF0MQswCQYDVQQLDAJRRTEVMBMGA1UEAwwMMTkyLjE2OC4yNC4yMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxl21+ya9LcASoCL18ntty751ezFV
olT4RZeV9KA+jdMKgd8ErIFaZar+i/W47ZZZWBVaFQo3sdLad/gQEAGbrTKYaWir
ZlJIAmLJ/dQaPo/IPR1MItQtXMKAyQsPnTHUkihiXrLNgbtpSgXDHXgvpq+DeaUq
b7EzJ/S5A3gTEZtwCHBjQ5svhEooMm5ZbWqmqNuJcC3hEYSy7eH72qM/KYXKB5pD
Ofulx6CNQKy886gS99aOb7P8gnVL5j9krz5mG6UlN1Y5PAAT3RiZpNSG8bPjwGsc
QHyoG7reIK+/K3W2Mit00qJSDKOugatqpCOYkINcPAIq6KIGPdI7Iq7BSQIDAQAB
o1MwUTAdBgNVHQ4EFgQUVBRXM9WAqOYhW42KgRD+uY0x+L8wHwYDVR0jBBgwFoAU
VBRXM9WAqOYhW42KgRD+uY0x+L8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAQEAvj1HwjZhNOTDu+X9Ou3DAz1FAo14xBytP6uBDjoJGsP+mq5CkBwN
32SGBiPqlwQSj/uvdA7cc/gz5i//uYWl9TU85Lu0sMYKb36UQWRo/59rsB0lu7sf
MWJIaUSqkJerSX9Mw1xJ7HTSY7j1Ur4jxs4JZgHIPdcPJN31TwodTYF/mFHxE8ro
Ty21BQT9B7K9XLJAq/cHXnn7uh4q4DxFSe7glUJUCz3LXpHZoR1rSzAMYbLKrolD
P8bwJu94UG3pera4EPYLLx+v+JoLTlsPl9fO5r6mvEcFIIs0PR5FFVXt2X7rRtm9
ALYhwaOhOkCXxjDhyV0nA2HnCJSUrkndww==
-----END CERTIFICATE-----
resource_registry:
OS::TripleO::NodeTLSCAData: /usr/share/openstack-tripleo-heat-templates/puppet/extraconfig/tls/ca-inject.yaml
So this likely works on docker because docker will simply create a non-existing bind-mount (like /etc/pki/ tls/private/ haproxy in this case).
The command that failed for us is the following (normal deploy via infrared but with the additional 'overcloud-ssl true' param): openstack- tripleo- heat-templates \ composable_ roles/roles/ roles_data. yaml \ composable_ roles/roles/ nodes.yaml \ composable_ roles/config_ lvm.yaml \ openstack- tripleo- heat-templates/ environments/ network- isolation. yaml \ composable_ roles/network/ network- environment. yaml \ composable_ roles/enable- tls.yaml \ composable_ roles/inject- trust-anchor. yaml \ composable_ roles/public_ vip.yaml \ openstack- tripleo- heat-templates/ environments/ ssl/tls- endpoints- public- ip.yaml \ openstack- tripleo- heat-templates/ environments/ services/ neutron- ovn-ha. yaml \ composable_ roles/debug. yaml \ composable_ roles/config_ heat.yaml \ deployment_ 67.log
openstack overcloud deploy \
--timeout 100 \
--templates /usr/share/
--libvirt-type kvm \
--stack overcloud \
-r /home/stack/
-e /home/stack/
-e /home/stack/
-e /usr/share/
-e /home/stack/
-e /home/stack/
-e /home/stack/
-e /home/stack/
-e /usr/share/
-e ~/fencing.yaml \
-e /usr/share/
-e /home/stack/
-e /home/stack/
--log-file overcloud_
Here are the custom ones that might be relevant here: composable_ roles/enable- tls.yaml ### COOKIE_ SECURE in Horizon Cookies: True gAwIBAgIBATANBg kqhkiG9w0BAQsFA DBiMQswCQYDVQQG EwJVUzEL CTkMxEDAOBgNVBA cMB1JhbGVpZ2gxE DAOBgNVBAoMB1Jl ZCBIQXQx MAlFFMRUwEwYDVQ QDDAwxOTIuMTY4L jI0LjIwHhcNMTkw MzE4MTcy wMzE3MTcyMzEwWj BgMQswCQYDVQQGE wJVUzELMAkGA1UE CAwCTkMx MB1JhbGVpZ2gxED AOBgNVBAoMB1JlZ CBIQXQxCzAJBgNV BAsMAlFF DDAoxMC4wLjAuMT AxMIIBIjANBgkqh kiG9w0BAQEFAAOC AQ8AMIIB es7Hlhtzo7IO8do hSeQzQx9K9gu/ UNBIypq5cDKng99 td8OGL/ /dy z9QjoEXRGONmu+ m1f429G8JDtW47W fzAEZ5Fr1GojRUs /ZkmBwI6g Ws3PDb70giwcANi /9B7kN6ltbL/ U6seyEOSmFfEF1j uS/otARqQe4 0pSmPHMIwyQj0zO ctiXY9GqEf3dQgF yfi7InC5wnU/ RUAcmOUJpoy aIjPdCt9Ox+ ZEogyAgdPgpGjKy GLlj4uG+ sqj2/Xap0VnmTWY ioQG k80JuGmyEZ2+ VHSXEQQIDAQABoy swKTAJBgNVHRMEA jAAMAsGA1Ud PBgNVHREECDAGhw QKAABlMA0GCSqGS Ib3DQEBCwUAA4IB AQBWcQkj mbOnYZt7nUTNGqP ZctTLqFfN2UvMjH la2ZFBb3BfW2LUk j0Z91kmztRCNRbh LnWpjbKpWJfP0nW D/zvrB76tzJXZXQ dM81t92C2AOelha ivfuBw9b CfHOroZgN7oOZzm hjxm+y5/ mr3sBxbuMsdk7Ud CgzNmFv06hnG1V3 HnacP NDFrypbCdLm5aw0 0CDD+CFZy9I10nM 3vFF1MOJXU/ bvTa1Dc94uY6 E7X6ONxyP0Ttz2X vQe5n9B/ sHCpSmySlV7Xnwl u4QhFFh9qT0QxGe q8 88LP815 teCertificate: '' CAQEA3eues7Hlht zo7IO8dohSeQzQx 9K9gu/UNBIypq5c DKng99td /dyijAiOw3LkE+ z9QjoEXRGONmu+ m1f429G8JDtW47W fzAEZ5Fr1GojRUs / ZKqX8XX4Ws3PDb7 0giwcANi/ 9B7kN6ltbL/ U6seyEOSmFfEF1j uS/ oxJKwaQn0pSmPHM IwyQj0zOctiXY9G qEf3dQgFyfi7InC 5wnU/RUA yXf6RI8oaIjPdCt 9Ox+ZEogyAgdPgp GjKyGLlj4uG+ sqj2/Xap0Vn 9VRrKYq6k80JuGm yEZ2+VHSXEQQIDA QABAoIBAGtTO3Ju U7IQfnl8 ePxbnA/ qW3nYsFwps0gcsy VbozbtiIbvhIXzr 5AoL8d1MjGd8k0W F RbKl+ABCM2WR5OO wG1L37cVL3s8+ 7ap2ssDbnBZD1nO b20orkratv 51rTv5Y4M87ltck gvvaQhM4I6xuSq+ fU3CMXex8SodJaR p8ryMXtg WGJAAGSyJ7BGIK5 9Re4bVVGoLtQAbW HQlCvK4qK1FuD/ anpMrbJCJ Rk6S7RrGq+ XgEYXQQvzGb5gNy nk0i2EziMN8SLWK JI8IJHw9ENDGN A8r1Vz/ 6sQa+148ljhUBgj DH1YxsMRszaHyI8 EHKRMirj5S2WnSu h 6eEpkDpo9pykIbf 5xWF4x/ W0sayHB8owRg9hR /JCEu2dKS0tXk2K z gjhIRj/ y0N+DrIgyQdH7ef CjVCdk/ HX0t6AwNKnev/ pMCgYEA6gsh ltjgruzPnfziAqK Q21Q2tvi1J3f5C0 G5Ahi8/ L/P49iPc0AGpQAW s /HqU4C8+ BigdcJSLMiOxH4d wj0MUrrtQ0ZWCCR 6auVXNRjz/ bMPTn Ua6cQyoqI7CkqlZ ze84q5QNiWYlsCg YAQaWq24GInIskq eIBJDxw3 fJQJonkZg3POBmD 55q+yLM2XPL14kH HQ2U9lF/ 3mxpp2SSkTBk8TP UIXkRmXfP7+ DfDF4EcgTs1f5vj Fhq1EaWdHRJhu1s ZcGgELdnmPhT ksoPlXihBDwKBgB aiUPqRLcOXBWas1 aDTudb25BJ3omms x+i+0+iq NM+0tSQx012v+ XSHl6pwDhlqaTzM TBsWt8Mejn8F7iL vGq8UqJKGB d6aj7LoI3RXtbAu kiCQm5voOY+ atVvJkjH1Ga813D fCPLd4FJrw1wGNH hC JjxtI8hRU2jtHHq v/TStT8zVeXQCkQ EXq1HrbKG37RRk2 qpnQWuSC 4htJ78W9o7z3GcG ccnd6ihWs87lOOs 4SJbj1sg2tO3hGc fqnuA0mU XVPRrxG0IT2GC4v 2GwPe8qryeaIUqE x1jxhKohmec rtificatePath: /etc/pki/ tls/private/ overcloud_ endpoint. pem composable_ roles/inject- trust-anchor. yaml ### icate: | gAwIBAgIUItY3H2 WSwy+lZDPBTDSuQ nrGes8wDQYJKoZI hvcNAQEL GA1UEBhMCVVMxCz AJBgNVBAgMAk5DM RAwDgYDVQQHDAdS YWxlaWdo KDAdSZWQgSEF0MQ swCQYDVQQLDAJRR TEVMBMGA1UEAwwM MTkyLjE2 XDTE5MDMxODE2Mz c1M1oXDTIwMDMxN zE2Mzc1M1owYjEL MAkGA1UE JBgNVBAgMAk5DMR AwDgYDVQQHDAdSY WxlaWdoMRAwDgYD VQQKDAdS wCQYDVQQLDAJRRT EVMBMGA1UEAwwMM TkyLjE2OC4yNC4y MIIBIjAN BAQEFAAOCAQ8AMI IBCgKCAQEAxl21+ ya9LcASoCL18ntt y751ezFV +jdMKgd8ErIFaZa r+i/W47ZZZWBVaF Qo3sdLad/ gQEAGbrTKYaWir dQaPo/IPR1MItQt XMKAyQsPnTHUkih iXrLNgbtpSgXDHX gvpq+DeaUq S5A3gTEZtwCHBjQ 5svhEooMm5ZbWqm qNuJcC3hEYSy7eH 72qM/KYXKB5pD 886gS99aOb7P8gn VL5j9krz5mG6UlN 1Y5PAAT3RiZpNSG 8bPjwGsc /K3W2Mit00qJSDK OugatqpCOYkINcP AIq6KIGPdI7Iq7B SQIDAQAB VHQ4EFgQUVBRXM9 WAqOYhW42KgRD+ uY0x+L8wHwYDVR0 jBBgwFoAU hW42KgRD+ uY0x+L8wDwYDVR0 TAQH/BAUwAwEB/ zANBgkqhkiG9w0B Avj1HwjZhNOTDu+ X9Ou3DAz1FAo14x BytP6uBDjoJGsP+ mq5CkBwN Sj/uvdA7cc/ gz5i//uYWl9TU85 Lu0sMYKb36UQWRo /59rsB0lu7sf rSX9Mw1xJ7HTSY7 j1Ur4jxs4JZgHIP dcPJN31TwodTYF/ mFHxE8ro 9XLJAq/ cHXnn7uh4q4DxFS e7glUJUCz3LXpHZ oR1rSzAMYbLKrol D pera4EPYLLx+ v+JoLTlsPl9fO5r 6mvEcFIIs0PR5FF VXt2X7rRtm9 XxjDhyV0nA2HnCJ SUrkndww= = :NodeTLSCAData: /usr/share/ openstack- tripleo- heat-templates/ puppet/ extraconfig/ tls/ca- inject. yaml
### /home/stack/
parameter_defaults:
# Set CSRF_COOKIE_SECURE / SESSION_
# Type: boolean
HorizonSecure
# The content of the SSL certificate (without Key) in PEM format.
# Type: string
SSLCertificate: |
-----BEGIN CERTIFICATE-----
MIIDaDCCAlC
MAkGA1UECAw
CzAJBgNVBAs
MzEwWhcNMjA
EDAOBgNVBAc
MRMwEQYDVQQ
CgKCAQEA3eu
ijAiOw3LkE+
TfxZKqX8XX4
lZioxJKwaQn
GalyXf6RI8o
wkD9VRrKYq6
DwQEAwIF4DA
3I2/
Z8dKq583CCb
ZoBiN/
uApJ55FDelv
nsxYiUaH+
wlW8xDcD+
-----END CERTIFICATE-----
# The content of an SSL intermediate CA certificate in PEM format.
# Type: string
SSLIntermedia
# The content of the SSL Key in PEM format.
# Type: string
SSLKey: |
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAK
8OGL/
ZkmBwI6gTfx
otARqQe4lZi
cmOUJpoyGal
mTWYioQGwkD
EJZGwZQXdZV
SZGFef1VYLq
HFQYi0fD4I3
TCc3F7HvZHk
z1h82bq7afP
zlBtrO0CgYE
5GFZ35k8zoV
Yd2jw9gEkwT
4jKVUTfcXNQ
3zUrd1e4zj8
6/A1y5JJL6q
/ly38ak31Dv
fKUnLSYezwe
7rLQsqaIyOD
dJRVfJyvrOn
Kq2MA/
+fg1AoGBALj
Vb8ehWIvJu4
bSepd0aZd5I
-----END RSA PRIVATE KEY-----
# Static parameters - these are values that must be
# included in the environment but should not be changed.
# The filepath of the certificate as it will be stored in the controller.
# Type: string
DeployedSSLCe
# End static parameters
### /home/stack/
parameter_defaults:
# The content of a CA's SSL certificate file in PEM format. This is evaluated on the client side.
# Mandatory. This parameter must be set by the user.
# Type: string
SSLRootCertif
-----BEGIN CERTIFICATE-----
MIIDpTCCAo2
BQAwYjELMAk
MRAwDgYDVQQ
OC4yNC4yMB4
BhMCVVMxCzA
ZWQgSEF0MQs
BgkqhkiG9w0
olT4RZeV9KA
ZlJIAmLJ/
b7EzJ/
Ofulx6CNQKy
QHyoG7reIK+
o1MwUTAdBgN
VBRXM9WAqOY
AQsFAAOCAQE
32SGBiPqlwQ
MWJIaUSqkJe
Ty21BQT9B7K
P8bwJu94UG3
ALYhwaOhOkC
-----END CERTIFICATE-----
resource_registry:
OS::TripleO: