Update SSL metadata
- Don't require encrypting CA private key
- Add parameter specifying CA private key name
- Add parameter specifying client cert all file name
- Remove unneeded certificate parameters for API config and metadata
Depends on: https://gerrit.mcp.mirantis.net/7678
Related PROD: PROD-11933
Change-Id: Ieba4f680bff3ad992ec5372d4296fc5bc997e8ba
diff --git a/README.rst b/README.rst
index ab07147..9c19a3f 100644
--- a/README.rst
+++ b/README.rst
@@ -52,9 +52,6 @@
user: openstack
password: password
virtual_host: '/openstack'
- haproxy_amphora:
- client_cert: '/etc/octavia/certs/client.pem'
- server_ca: '/etc/octavia/certs/ca_01.pem'
Octavia manager service pillar:
@@ -88,7 +85,6 @@
password: password
virtual_host: '/openstack'
certificates:
- ca_private_key_passphrase: foobar
ca_private_key: '/etc/octavia/certs/private/cakey.pem'
ca_certificate: '/etc/octavia/certs/ca_01.pem'
controller_worker:
@@ -98,6 +94,8 @@
loadbalancer_topology: 'SINGLE'
haproxy_amphora:
client_cert: '/etc/octavia/certs/client.pem'
+ client_cert_key: '/etc/octavia/certs/client.key'
+ client_cert_all: '/etc/octavia/certs/client_all.pem'
server_ca: '/etc/octavia/certs/ca_01.pem'
health_manager:
bind_ip: 192.168.0.12