<div dir="ltr">Correct, only public endpoints.<br><div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Mar 14, 2018 at 1:52 PM, Dmitry Tantsur <span dir="ltr"><<a href="mailto:dtantsur@redhat.com" target="_blank">dtantsur@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Just to clarify: only for public endpoints, right? I don't think e.g. ironic-python-agent can talk to self-signed certificates yet.<div><div class="h5"><br>
<br>
On 03/14/2018 07:03 AM, Juan Antonio Osorio wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
Hello,<br>
<br>
As part of the proposed changed by the Security Squad [1], we'd like the deployment to use TLS by default.<br>
<br>
The first target is to get the undercloud to use it, so a patch has been proposed recently [2] [3]. So, just wanted to give a heads up to people.<br>
<br>
This should be just fine from a quickstart/testing point of view, since we explicitly set the value for autogenerating certificates in the undercloud [4] [5].<br>
<br>
Note that there are also plans to change these defaults for the containerized undercloud and the overcloud.<br>
<br>
BR<br>
<br>
[1] <a href="https://etherpad.openstack.org/p/tripleo-security-squad" rel="noreferrer" target="_blank">https://etherpad.openstack.org<wbr>/p/tripleo-security-squad</a><br>
[2] <a href="https://review.openstack.org/#/c/552382/" rel="noreferrer" target="_blank">https://review.openstack.org/#<wbr>/c/552382/</a><br>
[3] <a href="https://review.openstack.org/552781" rel="noreferrer" target="_blank">https://review.openstack.org/5<wbr>52781</a><br>
[4] <a href="https://github.com/openstack/tripleo-quickstart-extras/blob/master/roles/extras-common/defaults/main.yml#L15" rel="noreferrer" target="_blank">https://github.com/openstack/t<wbr>ripleo-quickstart-extras/blob/<wbr>master/roles/extras-common/<wbr>defaults/main.yml#L15</a><br>
[5] <a href="https://github.com/openstack/tripleo-quickstart-extras/blob/master/roles/undercloud-deploy/templates/undercloud.conf.j2#L117" rel="noreferrer" target="_blank">https://github.com/openstack/t<wbr>ripleo-quickstart-extras/blob/<wbr>master/roles/undercloud-deploy<wbr>/templates/undercloud.conf.j2#<wbr>L117</a><br>
-- <br>
Juan Antonio Osorio R.<br></div></div>
e-mail: <a href="mailto:jaosorior@gmail.com" target="_blank">jaosorior@gmail.com</a> <mailto:<a href="mailto:jaosorior@gmail.com" target="_blank">jaosorior@gmail.com</a>><br>
<br>
<br>
<br>
______________________________<wbr>______________________________<wbr>______________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.op<wbr>enstack.org?subject:unsubscrib<wbr>e</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi<wbr>-bin/mailman/listinfo/openstac<wbr>k-dev</a><br>
<br>
</blockquote>
<br>
<br>
______________________________<wbr>______________________________<wbr>______________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.op<wbr>enstack.org?subject:unsubscrib<wbr>e</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi<wbr>-bin/mailman/listinfo/openstac<wbr>k-dev</a><br>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><font style="font-family:arial narrow,sans-serif;color:rgb(102,102,102)" size="2">Juan Antonio Osorio R.<br>e-mail: <a href="mailto:jaosorior@gmail.com" target="_blank">jaosorior@gmail.com</a><br></font><font style="font-family:arial narrow,sans-serif;color:rgb(102,102,102)" size="2"><br></font></div></div></div>
</div></div></div>