Add ability to deploy custom CA certificates
Bug #1649844 reported by
Adrien Cunin
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack-Ansible |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
This is a wishlist bug, it'd be nice if OSA could deploy custom CA certificates (specified by the user through user_variables.yml) onto all hosts (bare metal and LXC containers) and configure them to be trusted system-wide.
Here is an example use case:
I configure the Keystone service to use and LDAP backend and connect to it through SSL. The LDAP server uses an SSL certificated issued by a custom CA. I therefore need that custom CA to be trusted by my Keystone containers.
Changed in openstack-ansible: | |
status: | New → Confirmed |
importance: | Undecided → Wishlist |
To post a comment you must log in.
See conversation here:
http:// eavesdrop. openstack. org/irclogs/ %23openstack- ansible/ %23openstack- ansible. 2016-12- 20.log. html#t2016- 12-20T16: 17:40
Basically it's deployer's work to handle this.
We could improve our documentation, and we could have helper playbooks in the ops repo, but this isn't mandatory to ship as part of OSA.