ironic driver does not support ssl cafile
Bug #1561796 reported by
aeva black
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Medium
|
aeva black |
Bug Description
Even though Ironic's python client supports SSL encrypted connections to the ironic service, and securing intra-service connections is a recommended practice, the nova.virt.Ironic driver currently lacks an option to specify a custom CA Certificate for validating the SSL connection to the Ironic service.
On the other hand, other OpenStack services which Nova connects to (eg, Glance, Neutron...) have support for this via a service-specific "cafile" config option.
tags: | added: ironic |
tags: | added: security |
Changed in nova: | |
importance: | Undecided → Medium |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/297467
Review: https:/