<div dir="ltr"><div><div><div><div><div>Hello,<br><br></div>As part of the proposed changed by the Security Squad [1], we'd like the deployment to use TLS by default.<br><br></div>The first target is to get the undercloud to use it, so a patch has been proposed recently [2] [3]. So, just wanted to give a heads up to people.<br><br></div>This should be just fine from a quickstart/testing point of view, since we explicitly set the value for autogenerating certificates in the undercloud [4] [5].<br><br></div>Note that there are also plans to change these defaults for the containerized undercloud and the overcloud.<br><br></div>BR<br><div><div><div><div><br>[1] <a href="https://etherpad.openstack.org/p/tripleo-security-squad">https://etherpad.openstack.org/p/tripleo-security-squad</a><br clear="all"><div><div>[2] <a href="https://review.openstack.org/#/c/552382/">https://review.openstack.org/#/c/552382/</a><br>[3] <a href="https://review.openstack.org/552781">https://review.openstack.org/552781</a><br>[4] <a href="https://github.com/openstack/tripleo-quickstart-extras/blob/master/roles/extras-common/defaults/main.yml#L15">https://github.com/openstack/tripleo-quickstart-extras/blob/master/roles/extras-common/defaults/main.yml#L15</a><br>[5] <a href="https://github.com/openstack/tripleo-quickstart-extras/blob/master/roles/undercloud-deploy/templates/undercloud.conf.j2#L117">https://github.com/openstack/tripleo-quickstart-extras/blob/master/roles/undercloud-deploy/templates/undercloud.conf.j2#L117</a><br>-- <br><div class="gmail_signature"><div dir="ltr"><div><font style="font-family: arial\ narrow, sans-serif; color: rgb(102, 102, 102);" size="2">Juan Antonio Osorio R.<br>e-mail: <a href="mailto:jaosorior@gmail.com" target="_blank">jaosorior@gmail.com</a><br></font><font style="font-family: arial\ narrow, sans-serif; color: rgb(102, 102, 102);" size="2"><br></font></div></div></div>
</div></div></div></div></div></div></div>