198bea78ac
In the past, the options ca_certificates_file, nova_ca_certificates_file, cinder_ca_certificates_file, api_insecure, nova_api_insecure, cinder_api_insecure were supplied to instantiate nova, neutron and cinder clients. These options have now been subsumed in a more generic way into the Keystone session logic as 'cafile' and 'insecure'. Deprecate the older options in Stein so that we can remove them in a future release. This deprecation began many releases ago when we switched to using keystone sessions [1]. However, we were still overriding the values of "insecure" and "cafile" if provided, forcing users to continue using deprecated parameters "api_insecure" and "ca_certificates_file". So despite this fix originating in the Stein release, it would be prudent to backport it to all maintained releases and remove support for these older options in/beyond Train release (9.0.0). [1] Ic211a11308a3295409467efd88bff413482ee58d Change-Id: I148e9079c7c1ab119f519f727d4ad97758473325 Related-Bug: #1802393 Closes-Bug: #1809318
20 lines
941 B
YAML
20 lines
941 B
YAML
---
|
|
fixes:
|
|
- |
|
|
`Launchpad bug 1809318 <https://bugs.launchpad.net/manila/+bug/1809318>`_
|
|
has been fixed. The deprecated options ``api_insecure`` and
|
|
``ca_certificates_file`` from nova, cinder, neutron or DEFAULT
|
|
configuration groups no longer override the newer ``insecure`` option if
|
|
provided. Always use ``insecure`` and ``cafile`` to control SSL
|
|
and validation since the deprecated options will be removed in a future
|
|
release.
|
|
deprecations:
|
|
- |
|
|
The options ``ca_certificates_file``, ``nova_ca_certificates_file``,
|
|
``cinder_ca_certificates_file``, ``api_insecure``, ``nova_api_insecure``
|
|
and ``cinder_api_insecure`` have been deprecated from the ``DEFAULT``
|
|
group as well as ``nova``, ``neutron`` and ``cinder`` configuration
|
|
groups. Use ``cafile`` to specify the CA certificates and ``insecure``
|
|
to turn off SSL validation in these respective groups (nova, neutron and
|
|
cinder).
|