Update SSL metadata
- Don't require encrypting CA private key
- Add parameter specifying CA private key name
- Add parameter specifying client cert all file name
- Remove unneeded certificate parameters for API config and metadata
Depends on: https://gerrit.mcp.mirantis.net/7678
Related PROD: PROD-11933
Change-Id: Ieba4f680bff3ad992ec5372d4296fc5bc997e8ba
diff --git a/metadata/service/manager/single.yml b/metadata/service/manager/single.yml
index 13cdddf..3303e08 100644
--- a/metadata/service/manager/single.yml
+++ b/metadata/service/manager/single.yml
@@ -34,7 +34,6 @@
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
certificates:
- ca_private_key_passphrase: foobar
ca_private_key: '/etc/octavia/certs/private/cakey.pem'
ca_certificate: '/etc/octavia/certs/ca_01.pem'
controller_worker:
@@ -44,6 +43,8 @@
loadbalancer_topology: 'SINGLE'
haproxy_amphora:
client_cert: '/etc/octavia/certs/client.pem'
+ client_cert_key: '/etc/octavia/certs/client.key'
+ client_cert_all: '/etc/octavia/certs/client_all.pem'
server_ca: '/etc/octavia/certs/ca_01.pem'
health_manager:
bind_ip: ${_param:octavia_hm_bind_ip}