Update git submodules
* Update openstack-ansible-os_nova from branch 'master' to dd00e710d7a1edbce6600032aed5c63354346f7d - Merge "Add TLS support to nova API backends" - Add TLS support to nova API backends By overriding the variable `nova_backend_ssl: True` HTTPS will be enabled, disabling HTTP support on the nova backend api. The ansible-role-pki is used to generate the required TLS certificates if this functionality is enabled. `nova_pki_console_certificates` are used to encrypt: - traffic between console proxy and compute hosts `nova_pki_certificates` are used to encrypt: - traffic between haproxy and its backends(including console proxy) It would be complex to use nova_pki_console_certificates to encrypt traffic between haproxy and console proxy because they don't have valid key_usage for that and changing key_usage would require to manually set `pki_regen_cert` for existing environments. Certs securing traffic between haproxy and console proxy are provided in execstarts because otherwise they would have to be defined in nova.conf that may be shared with nova-api(which stands behind uwsgi and should not use TLS). Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085 Change-Id: Ibff3bf0b5eedc87c221bbb1b5976b12972fda608
This commit is contained in:
parent
7852eb2aeb
commit
5f212aadbb
|
@ -1 +1 @@
|
|||
Subproject commit cb62372a31da4633525977bf93cfa952a7531108
|
||||
Subproject commit dd00e710d7a1edbce6600032aed5c63354346f7d
|
Loading…
Reference in New Issue