magnum/releasenotes/notes/bug-1580704-32a0e91e285792ea.yaml
Spyros Trigazis 65dfb2009f Add openstack_ca_file configuration option
In the drivers section of magnum.conf add openstack_ca_file.
This file is expected to be a CA Certificate OR CA bundle
which will be passed on every node and it will be installed
on the host's CA bundle.

Update devstack plugin to use the ssl bundle if tls-proxy is
enabled.

Install the CA for drivers:
k8s_coreos_v1
k8s_fedora_atomic_v1
k8s_fedora_ironic_v1
mesos_ubuntu_v1
swarm_fedora_atomic_v1
swarm_fedora_atomic_v2

Add doc in troubleshooting-guide.

Add release notes.

Closes-Bug: #1580704
Partially-Implements: blueprint heat-agent
Change-Id: Id48fbea187da667a5e7334694c3ec17c8e2504db
2018-01-17 14:58:56 +00:00

8 lines
301 B
YAML

---
security:
- |
Add new configuration option `openstack_ca_file` in the `drivers` section
to pass the CA bundle used for the OpenStack API. Setting this file and
setting `verify_ca` to `true` will result to all requests from the cluster
nodes to the OpenStack APIs to be verified.