magnum: Add CA certificate configuration for internal TLS
Magnum has various sections in its configuration file for OpenStack
clients. When internal TLS is enabled, these may need a CA certificate
to be specified.
This change adds a CA certificate configuration, based on
openstack_cacert, for all clients using internal endpoints.
Note: we are explicitly not adding the configuration for the
[magnum_client] ca_file and [drivers] openstack_ca_file options, since
these use the public endpoint by default. These options may be
provided via custom configuration if necessary.
Change-Id: Ie59b3777c0a2c142b580addd67e279bc4b2f2c90
Co-Authored-By: Kyle Dean
Closes-Bug: #1919389
(cherry picked from commit 48f0957a1c
)
This commit is contained in:
parent
d41e01406e
commit
338d977317
|
@ -32,30 +32,37 @@ endpoint_type = publicURL
|
|||
[heat_client]
|
||||
region_name = {{ openstack_region_name }}
|
||||
endpoint_type = internalURL
|
||||
ca_file = {{ openstack_cacert }}
|
||||
|
||||
[octavia_client]
|
||||
region_name = {{ openstack_region_name }}
|
||||
endpoint_type = internalURL
|
||||
ca_file = {{ openstack_cacert }}
|
||||
|
||||
[cinder_client]
|
||||
region_name = {{ openstack_region_name }}
|
||||
endpoint_type = internalURL
|
||||
ca_file = {{ openstack_cacert }}
|
||||
|
||||
[barbican_client]
|
||||
region_name = {{ openstack_region_name }}
|
||||
endpoint_type = internalURL
|
||||
ca_file = {{ openstack_cacert }}
|
||||
|
||||
[glance_client]
|
||||
region_name = {{ openstack_region_name }}
|
||||
endpoint_type = internalURL
|
||||
ca_file = {{ openstack_cacert }}
|
||||
|
||||
[neutron_client]
|
||||
region_name = {{ openstack_region_name }}
|
||||
endpoint_type = internalURL
|
||||
ca_file = {{ openstack_cacert }}
|
||||
|
||||
[nova_client]
|
||||
region_name = {{ openstack_region_name }}
|
||||
endpoint_type = internalURL
|
||||
ca_file = {{ openstack_cacert }}
|
||||
|
||||
[keystone_auth]
|
||||
auth_url = {{ keystone_internal_url }}/v3
|
||||
|
@ -78,6 +85,7 @@ user_domain_name = {{ default_user_domain_name }}
|
|||
project_name = service
|
||||
username = {{ magnum_keystone_user }}
|
||||
password = {{ magnum_keystone_password }}
|
||||
cafile = {{ openstack_cacert }}
|
||||
region_name = {{ openstack_region_name }}
|
||||
|
||||
memcache_security_strategy = ENCRYPT
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
fixes:
|
||||
- |
|
||||
Fixes an issue with Magnum when TLS is enabled. `LP#781062
|
||||
<https://review.opendev.org/c/openstack/kolla-ansible/+/781062>`__
|
Loading…
Reference in New Issue