Open Stack

Hi,

I'm not familiar with kolla, but the docs also mention this option:

kolla_copy_ca_into_containers: "yes"

As I understand it the CA cert is required within the containers so  
they can trust the self-signed certs. At least that's how I configure  
it in a manually deployed openstack cloud. Do you have that option  
enabled? If it is enabled, did you verify it with openssl tools?

Regards,
Eugen

Zitat von wodel youchi <wodel.youchi at gmail.com>:

> Some help please.
>
> On Tue, Nov 8, 2022, 14:44 wodel youchi <wodel.youchi at gmail.com> wrote:
>
>> Hi,
>>
>> To deploy Openstack with a self-signed certificate, the documentation says
>> to generate the certificates using kolla-ansible certificates, to configure
>> the support of TLS in globals.yml and to deploy.
>>
>> I am facing a problem, my old certificate has expired, I want to use a
>> self-signed certificate.
>> I backported my servers to an older date, then generated a self-signed
>> certificate using kolla, but the deploy/reconfigure won't work, they say :
>>
>> self._sslobj.do_handshake()\n  File \"/usr/lib64/python3.6/ssl.py\", line
>> 648, in do_handshakeself._sslobj.do_handshake()\nssl.SSLError: [SSL:
>> CERTIFICATE_VERIFY_FAILED certificate verify failed
>>
>> PS : in my globals.yml i have : *kolla_verify_tls_backend: "yes"*
>>
>> Regards.
>>