Correct, only public endpoints. On Wed, Mar 14, 2018 at 1:52 PM, Dmitry Tantsur <dtant...@redhat.com> wrote:
> Just to clarify: only for public endpoints, right? I don't think e.g. > ironic-python-agent can talk to self-signed certificates yet. > > > On 03/14/2018 07:03 AM, Juan Antonio Osorio wrote: > >> Hello, >> >> As part of the proposed changed by the Security Squad [1], we'd like the >> deployment to use TLS by default. >> >> The first target is to get the undercloud to use it, so a patch has been >> proposed recently [2] [3]. So, just wanted to give a heads up to people. >> >> This should be just fine from a quickstart/testing point of view, since >> we explicitly set the value for autogenerating certificates in the >> undercloud [4] [5]. >> >> Note that there are also plans to change these defaults for the >> containerized undercloud and the overcloud. >> >> BR >> >> [1] https://etherpad.openstack.org/p/tripleo-security-squad >> [2] https://review.openstack.org/#/c/552382/ >> [3] https://review.openstack.org/552781 >> [4] https://github.com/openstack/tripleo-quickstart-extras/blob/ >> master/roles/extras-common/defaults/main.yml#L15 >> [5] https://github.com/openstack/tripleo-quickstart-extras/blob/ >> master/roles/undercloud-deploy/templates/undercloud.conf.j2#L117 >> -- >> Juan Antonio Osorio R. >> e-mail: jaosor...@gmail.com <mailto:jaosor...@gmail.com> >> >> >> >> ____________________________________________________________ >> ______________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscrib >> e >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Juan Antonio Osorio R. e-mail: jaosor...@gmail.com
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev