openstack
/
openstack
Code Issues Proposed changes

Update git submodules 

* Update openstack-ansible-os_nova from branch 'master'
  to dd00e710d7a1edbce6600032aed5c63354346f7d
  - Merge "Add TLS support to nova API backends"
  - Add TLS support to nova API backends
    
    By overriding the variable `nova_backend_ssl: True` HTTPS will
    be enabled, disabling HTTP support on the nova backend api.
    
    The ansible-role-pki is used to generate the required TLS
    certificates if this functionality is enabled.
    
    `nova_pki_console_certificates` are used to encrypt:
    - traffic between console proxy and compute hosts
    
    `nova_pki_certificates` are used to encrypt:
    - traffic between haproxy and its backends(including console proxy)
    
    It would be complex to use nova_pki_console_certificates to encrypt
    traffic between haproxy and console proxy because they don't have valid
    key_usage for that and changing key_usage would require to manually set
    `pki_regen_cert` for existing environments.
    
    Certs securing traffic between haproxy and console proxy are provided in
    execstarts because otherwise they would have to be defined in nova.conf
    that may be shared with nova-api(which stands behind uwsgi and should
    not use TLS).
    
    Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
    Change-Id: Ibff3bf0b5eedc87c221bbb1b5976b12972fda608
This commit is contained in:
Zuul 2023-05-03 14:57:07 +00:00 committed by Gerrit Code Review
parent 7852eb2aeb
commit 5f212aadbb
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openstack-ansible-os_nova

@ -1 +1 @@
Subproject commit cb62372a31da4633525977bf93cfa952a7531108
Subproject commit dd00e710d7a1edbce6600032aed5c63354346f7d