Awesome! But, Ironic will still need a way to inject the SSL cert into the instance, eg. config-drive over virtual media, or something. -D On Jan 24, 2014 2:32 PM, "Clint Byrum" <clint at fewbar.com> wrote: > Excerpts from Joshua Harlow's message of 2014-01-24 14:17:38 -0800: > > Cloud-init 0.7.5 (not yet released) will have the ability to read from an > > ec2-metadata server using SSL. > > > > In a recent change I did we now use requests which correctly does SSL for > > the ec2-metadata/ec2-userdata reading. > > > > - > http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/revision/910 > > > > For ssl-certs that it will use by default (if not provided) will be > looked > > for in the following locations. > > > > - /var/lib/cloud/data/ssl > > - cert.pem > > - key > > - /var/lib/cloud/instance/data/ssl > > - cert.pem > > - key > > - ... Other custom paths (typically datasource dependent) > > > > So I think in 0.7.5 for cloud-init this support will be improved and as > > long as there is a supporting ssl ec2 metadata endpoint then this should > > all work out fine... > > \o/ my heroes! ;) > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140124/354bda28/attachment.html>