Comment 9 for bug 1704746

The above change is as per issue 2 as mentioned below.
Issue 1 should be handled in contrail-tripleo-puppet repo as you mentioned.

---------------------------------------------------------------------------
From: Marco Passalacqua
Sent: Saturday, July 22, 2017 12:11 AM
To: DP Ayyadevara <email address hidden>; Biswajit Mandal <email address hidden>
Cc: Rene Triana <email address hidden>; Michael Henkel <email address hidden>; Pratik Roychowdhury <email address hidden>; Marc Rapoport <email address hidden>; Richard Roberts <email address hidden>; Nicolas Marcoux <email address hidden>; Slobodan Blatnjak <email address hidden>; Naga Kiran K Y S <email address hidden>
Subject: Re: Small enhancement for certificate on Contrail-tripleo

Hi DP,
Let me try to re-phrase my previous answer.

There’s 2 issues:
1. We need to be able to configure the WebUI with custom certificates during the Contrail TripleO Provisioning. For instance, Orange has its own self-generated certs and they need to configure them in the WebUI during provisioning. This basically means an extension of our current contrail-tripleo-heat-templates to introduce new properties able to handle those information (certs contents).

2. Generate self-signed certs during the WebUI RPM installation (this should be what Biswajit is referring to). Currently the RPM already contains certs files (I guess generated during the build) that of course is not exactly “secure”. So, we need to implement, at the RPM level (%post?), the creation of those self-signed certs. Of course, those self-signed certs generated during the RPM installation will be replaced by TripleO in case a user decides to user his own certs (see 1).

Hope it is clear now, but please do not hesitate in case you have any additional query.
Thanks.

Ciao,