1d11f0b7dd
This change enables operators to set [DEFAULT]listen_tls to true configure IPA to be host its WSGI server over TLS using existing SSL support in oslo.service. In addition to configuring this in IPA, a deployer will need to also set [ssl]cert_file, [ssl]key_file, and optionally [ssl]ca_file in their ipa config, in addition to embedding those files into the IPA ramdisk in order for this to be functional. In order to make this change work, we also need to monkey patch socket library early, or else oslo.service will end up passing an unpatched socket to the eventlet wsgi server, which causes deadlocks. Change-Id: Ib7decae410915f3c27b045ee08538c94d455b030
9 lines
304 B
YAML
9 lines
304 B
YAML
---
|
|
features:
|
|
- |
|
|
Enables support in IPA for hosting the API server over TLS. Using this
|
|
support requires setting ``[DEFAULT]listen_tls`` to True, and then setting
|
|
``[ssl]cert_file``, ``[ssl]key_file``, and optionally ``[ssl]ca_file`` to
|
|
files embedded in the ramdisk IPA runs inside.
|
|
|