| noonedeadpunk | I think you can/should probably use your org root ca as osa one, just issue a different intermediate for your deployment | 14:05 |
|---|---|---|
| noonedeadpunk | and then if you have the CA added to the system trust store - you can set openstack_pki_authorities: [] openstack_pki_install_ca: [] and openstack_pki_service_intermediate_cert_name: "MyOrgOpenstackIntermediate" | 14:06 |
| noonedeadpunk | and then place certs maually: https://paste.openstack.org/show/bQMVomW7jlVXRdLgOw4a/ | 14:07 |
| noonedeadpunk | or you can leverage our PKI role to rollout root CA of your org from your laptop or smth like that... | 14:08 |
| noonedeadpunk | https://opendev.org/openstack/ansible-role-pki | 14:08 |
| noonedeadpunk | it's agnostic enough to be able to run from anywhere | 14:08 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!