This likely requires some coordination between heat and os-collect-config.
The absolute bare minimum would be for os-collect-config.conf [cfn] and [heat] to gain an 'insecure' option, and for heat to populate that from its own /etc/heat/heat.conf [clients_heat] insecure.
Beyond that, /etc/heat/heat.conf [clients_heat] also has options ca_file, cert_file, key_file. We would need security expert input on whether it is appropriate to populate boot user_data with the contents of these files to allow similar options to be set in os-collec-config.conf.
If this is appropriate then the heat user_data cloud-init items can include the contents of ca_file, cert_file, key_file and heat can also populate os-collect-config.conf with the resulting paths.
If this is not appropriate then os-collect-config will need to check for cert paths by convention, and the image building process needs to copy in those cert files.
This likely requires some coordination between heat and os-collect-config.
The absolute bare minimum would be for os-collect- config. conf [cfn] and [heat] to gain an 'insecure' option, and for heat to populate that from its own /etc/heat/heat.conf [clients_heat] insecure.
Beyond that, /etc/heat/heat.conf [clients_heat] also has options ca_file, cert_file, key_file. We would need security expert input on whether it is appropriate to populate boot user_data with the contents of these files to allow similar options to be set in os-collec- config. conf.
If this is appropriate then the heat user_data cloud-init items can include the contents of ca_file, cert_file, key_file and heat can also populate os-collect- config. conf with the resulting paths.
If this is not appropriate then os-collect-config will need to check for cert paths by convention, and the image building process needs to copy in those cert files.