Just to clarify: only for public endpoints, right? I don't think e.g.
ironic-python-agent can talk to self-signed certificates yet.
On 03/14/2018 07:03 AM, Juan Antonio Osorio wrote:
Hello,
As part of the proposed changed by the Security Squad [1], we'd like the
deployment to use TLS by default.
The first target is to get the undercloud to use it, so a patch has been
proposed recently [2] [3]. So, just wanted to give a heads up to people.
This should be just fine from a quickstart/testing point of view, since we
explicitly set the value for autogenerating certificates in the undercloud [4] [5].
Note that there are also plans to change these defaults for the containerized
undercloud and the overcloud.
BR
[1] https://etherpad.openstack.org/p/tripleo-security-squad
[2] https://review.openstack.org/#/c/552382/
[3] https://review.openstack.org/552781
[4]
https://github.com/openstack/tripleo-quickstart-extras/blob/master/roles/extras-common/defaults/main.yml#L15
[5]
https://github.com/openstack/tripleo-quickstart-extras/blob/master/roles/undercloud-deploy/templates/undercloud.conf.j2#L117
--
Juan Antonio Osorio R.
e-mail: [email protected] <mailto:[email protected]>
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
