Browse Source

Improve TLS explanation

Better explain how applications get TLS-enabled,
the cloud database in particular.

Change-Id: I8cb74c7cc8ddde61f86544db8feedf25253a5496
changes/80/780980/3
Peter Matulis 9 months ago
parent
commit
b7f5823f27
  1. 8
      deploy-guide/source/app-certificate-management.rst
  2. 8
      deploy-guide/source/install-openstack.rst

8
deploy-guide/source/app-certificate-management.rst

@ -210,6 +210,14 @@ A request will result in the transfer of certificates and keys from Vault. The
corresponding API endpoint will also be updated in Keystone's service catalogue
list to reflect that it is now using HTTPS. The service is now TLS-enabled.
A special client is mysql-innodb-cluster, the cloud database. It has a
self-signed certificate but it is recommended to use the one signed by Vault's
CA:
.. code-block:: none
juju add-relation mysql-innodb-cluster:certificates vault:certificates
.. important::
Once Keystone is TLS-enabled every application that talks to Keystone (i.e.

8
deploy-guide/source/install-openstack.rst

@ -244,6 +244,14 @@ status` should look similar to this:
vault/0* active idle 3/lxd/0 10.0.0.178 8200/tcp Unit is ready (active: true, mlock: disabled)
vault-mysql-router/0* active idle 10.0.0.178 Unit is ready
Cloud applications are TLS-enabled via the ``vault:certificates`` relation.
Below we start with the cloud database. Although the latter has a self-signed
certificate, it is recommended to use the one signed by Vault's CA:
.. code-block:: none
juju add-relation mysql-innodb-cluster:certificates vault:certificates
.. _neutron_networking:
Neutron networking

Loading…
Cancel
Save