20 lines
1011 B
YAML
20 lines
1011 B
YAML
---
|
|
features:
|
|
- |
|
|
When ``kolla_copy_ca_into_containers`` is configured to ``yes``, the
|
|
certificate authority files in ``/etc/kolla/certificates/ca`` will be
|
|
copied into service containers to enable trust for those CA certificates.
|
|
This is required for any certificates that are either self-signed or signed
|
|
by a private CA, and are not already present in the service image trust
|
|
store. Otherwise, either CA validation will need to be explicitly disabled
|
|
or the path to the CA certificate must be configured in the service using
|
|
the ``openstack_cacert`` parameter.
|
|
|
|
issues:
|
|
- |
|
|
Python Requests library will not trust self-signed or privately signed CAs
|
|
even if they are added into the OS trusted CA folder and update-ca-trust is
|
|
executed. For services that rely on the Python Requests library, either CA
|
|
verification must be explicitly disabled in the service or the path to the
|
|
CA certificate must be configured using the ``openstack_cacert`` parameter.
|