Just to clarify: only for public endpoints, right? I don't think e.g. ironic-python-agent can talk to self-signed certificates yet. On 03/14/2018 07:03 AM, Juan Antonio Osorio wrote: > Hello, > > As part of the proposed changed by the Security Squad [1], we'd like the > deployment to use TLS by default. > > The first target is to get the undercloud to use it, so a patch has been > proposed recently [2] [3]. So, just wanted to give a heads up to people. > > This should be just fine from a quickstart/testing point of view, since we > explicitly set the value for autogenerating certificates in the undercloud [4] [5]. > > Note that there are also plans to change these defaults for the containerized > undercloud and the overcloud. > > BR > > [1] https://etherpad.openstack.org/p/tripleo-security-squad > [2] https://review.openstack.org/#/c/552382/ > [3] https://review.openstack.org/552781 > [4] > https://github.com/openstack/tripleo-quickstart-extras/blob/master/roles/extras-common/defaults/main.yml#L15 > [5] > https://github.com/openstack/tripleo-quickstart-extras/blob/master/roles/undercloud-deploy/templates/undercloud.conf.j2#L117 > -- > Juan Antonio Osorio R. > e-mail: jaosorior at gmail.com <mailto:jaosorior at gmail.com> > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >