openstack/kolla-ansible
Code Issues Proposed changes
cea076f379
kolla-ansible/releasenotes/notes/generate-self-signed-root-ca-bc523acab7290cfe.yaml
James Kirsch e3cd02eda4 Replace internal and external VIP CA with root CA 
Replaced "kolla_external_fqdn_cacert" and "kolla_internal_fqdn_cacert" with
"kolla_admin_openrc_cacert". OS_CACERT is now set to the value of
"kolla_admin_openrc_cacert" in the generated admin-openrc.sh file.

Change-Id: If195d5402579cee9a14b91f63f5fde84eb84cccf
Partially-Implements: blueprint add-ssl-internal-network
Depends-On: https://review.opendev.org/#/c/731344/
2020-06-16 11:46:34 +01:00

18 lines
832 B
YAML
Raw Blame History

---
features:
- |
Self-signed TLS certificates can be used to test TLS in a
development OpenStack environment. The ``kolla-ansible certificates``
command will generate the required self-signed TLS certificates. This
command has been updated to first create a self-signed root certificate
authority. The command then generates the internal and external facing
certificates and signs them using the root CA. If backend TLS is enabled,
the command will generate the backend certificate and sign it with the
root CA.
upgrade:
- |
Replaced ``kolla_external_fqdn_cacert`` and ``kolla_internal_fqdn_cacert``
with ``kolla_admin_openrc_cacert``, which by default is not set.
``OS_CACERT`` is now set to the value of ``kolla_admin_openrc_cacert`` in
the generated ``admin-openrc.sh`` file.
View Git Blame Copy Permalink