tripleo

Shared x509 certificate between multiple controllers

Registered by Cédric Jeanneret deactivated on 2017-09-05

In order to be able to use Let's Encrypt (or other automated CA) for TLS endpoints, a way to share x509 keypairs must be created. To avoid chicken-and-egg issue, that service must be installed on the undercloud, and be accessible through the provisioning network.

A script must be deployed on the controllers. It will manage the vault certificate update, fetching and service reloading.

A good start would be to install/configure "custodia" on the undercloud, and exposing it on the provisioning network.

Blueprint information

Status:: Not started

Approver:: None

Priority:: Low

Drafter:: Cédric Jeanneret deactivated

Direction:: Approved

Assignee:: Juan Antonio Osorio Robles

Definition:: Discussion

Series goal:: Accepted for future

Implementation:: Not started

Milestone target:: None

Related branches

Related bugs

Sprints

Whiteboard

[2017-12-08] Moving out to Rocky. Please request FFE if this is needed for Queens.
[2018-04-09] No update for Rocky. Moving to future. Please update and move back to Rocky if this will be worked on.

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

William Huang