The impact is metadata ssl encryption feature "vRouter support for SSL meta-data service when proxying" won't work without the server side config in nova.conf
Expectation is when:-
"contrail_4": { "metadata_ssl_enable": true,
is set to true, nova side config should be updated with below parameters
The impact is metadata ssl encryption feature "vRouter support for SSL meta-data service when proxying" won't work without the server side config in nova.conf
Expectation is when:-
"contrail_4": {
"metadata_ ssl_enable" : true,
is set to true, nova side config should be updated with below parameters
enabled_ssl_apis= metadata protocol= https insecure= False ssl/certs/ nova.pem ssl/private/ novakey. pem ssl/certs/ ca.pem
nova_metadata_
nova_metadata_
ssl_cert_file= /etc/nova/
ssl_key_file= /etc/nova/
ssl_ca_file= /etc/nova/
All the changes to support this till date has gone into puppet side to configure openstack and here are few bugs that were filled related to that:- /bugs.launchpad .net/juniperope nstack/ +bug/1711049 /bugs.launchpad .net/juniperope nstack/ +bug/1721834 /bugs.launchpad .net/juniperope nstack/ +bug/1724468
https:/
https:/
https:/
Similarly this needs to be taken care for Ocata where nova is being provisioned using kolla.