Trust only Vault Certificate mode
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard Charm |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
It would be great if the charm allows a "trust only" Vault certificate mode to be able to use those certs while communicating with Vault issues internal OpenStack endpoints and still allowing to use an external SSL cert for the horizon web interface.
Currently adding vault:certificates relation naturally installs the SSL certs on Apache and has a higher precedence over ssl_* charm configs.
Currently the workaround is to add the vault:certificates then remove it and then populate the ssl_* config options. The issue with this approach is that once the vault issued certificate expires, the dashboard stops working with failed login errors and you have to do another round of vault:certificates relation add/remove.
Hope I was clear! Please let me know if there are any questions.
Thank you,
Alan
Changed in charm-openstack-dashboard: | |
importance: | Undecided → Wishlist |
status: | New → Triaged |