[kayobe][train] kolla_copy_ca_into_containers variable
I have deployed Train with Kayobe. I'd like to enable SSL using a cert which is signed but NOT by a public CA. This means I need to add the CA cert to the containers. I came across this doc [1] and I wanted to ask / discover when this variable comes into play "kolla_copy_ca_into_containers"? Does this variable work only from Victoria onwards or will it work in Train? Do I require to have a "seed" to build containers, to enable this cert copy into containers? (kayobe overcloud container image build). OR if I do "kayobe overcloud container image pull" will the cert be copied at that point? [1] OpenStack Docs: TLS <https://docs.openstack.org/kolla-ansible/victoria/admin/tls.html> Thanks and regards, Tony Pearce
On Wed, 16 Jun 2021 at 10:11, Tony Pearce <tonyppe@gmail.com> wrote:
I have deployed Train with Kayobe. I'd like to enable SSL using a cert which is signed but NOT by a public CA. This means I need to add the CA cert to the containers.
I came across this doc [1] and I wanted to ask / discover when this variable comes into play "kolla_copy_ca_into_containers"? Does this variable work only from Victoria onwards or will it work in Train?
The kolla_copy_ca_into_containers variable was added to Kolla Ansible in Ussuri.
Do I require to have a "seed" to build containers, to enable this cert copy into containers? (kayobe overcloud container image build). OR if I do "kayobe overcloud container image pull" will the cert be copied at that point? The certs are copied at runtime, not when the images are built.
[1] OpenStack Docs: TLS
Thanks and regards,
Tony Pearce
Thanks for the info Mark! Kind regards, Tony Pearce On Mon, 21 Jun 2021 at 16:42, Mark Goddard <mark@stackhpc.com> wrote:
On Wed, 16 Jun 2021 at 10:11, Tony Pearce <tonyppe@gmail.com> wrote:
I have deployed Train with Kayobe. I'd like to enable SSL using a cert
which is signed but NOT by a public CA. This means I need to add the CA cert to the containers.
I came across this doc [1] and I wanted to ask / discover when this
variable comes into play "kolla_copy_ca_into_containers"?
Does this variable work only from Victoria onwards or will it work in Train? The kolla_copy_ca_into_containers variable was added to Kolla Ansible in Ussuri. Do I require to have a "seed" to build containers, to enable this cert copy into containers? (kayobe overcloud container image build). OR if I do "kayobe overcloud container image pull" will the cert be copied at that point? The certs are copied at runtime, not when the images are built.
[1] OpenStack Docs: TLS
Thanks and regards,
Tony Pearce
participants (2)
-
Mark Goddard
-
Tony Pearce