Thanks for the info Mark! 

Kind regards,
Tony Pearce


On Mon, 21 Jun 2021 at 16:42, Mark Goddard <mark@stackhpc.com> wrote:
On Wed, 16 Jun 2021 at 10:11, Tony Pearce <tonyppe@gmail.com> wrote:
>
> I have deployed Train with Kayobe. I'd like to enable SSL using a cert which is signed but NOT by a public CA. This means I need to add the CA cert to the containers.
>
> I came across this doc [1] and I wanted to ask / discover when this variable comes into play "kolla_copy_ca_into_containers"?
> Does this variable work only from Victoria onwards or will it work in Train?
The  kolla_copy_ca_into_containers variable was added to Kolla Ansible
in Ussuri.
> Do I require to have a "seed" to build containers, to enable this cert copy into containers? (kayobe overcloud container image build).
> OR if I do "kayobe overcloud container image pull" will the cert be copied at that point?
The certs are copied at runtime, not when the images are built.
>
> [1] OpenStack Docs: TLS
>
> Thanks and regards,
>
> Tony Pearce
>