Merge "docs: add information about enabling TLS to automated guide"

db9ce40e · Zuul · Gerrit Code Review · 8576e719 · 804c1cb6 · db9ce40e
Commit db9ce40e authored 2 years ago by Zuul Committed by Gerrit Code Review 2 years ago
--- a/doc/source/contributor/automated.rst
+++ b/doc/source/contributor/automated.rst
@@ -89,6 +89,30 @@ This can be added using the following commands::
    sudo ip l set eth1 up
    sudo ip l set eth1 master breth1
+Configuration
+-------------
+Enable TLS
+^^^^^^^^^^
+Apply the following configuration if you wish to enable TLS for the OpenStack
+API:
+Set the following option in ``config/src/kayobe-config/etc/kayobe/kolla.yml``:
+.. code-block:: yaml
+   kolla_enable_tls_internal: "yes"
+Set the following options in
+``config/src/kayobe-config/etc/kayobe/kolla/globals.yml``:
+.. code-block:: yaml
+   kolla_copy_ca_into_containers: "yes"
+   openstack_cacert: "{% if os_distribution == 'ubuntu' %}/etc/ssl/certs/ca-certificates.crt{% else %}/etc/pki/tls/certs/ca-bundle.crt{% endif %}"
+   kolla_admin_openrc_cacert: "{% if os_distribution == 'ubuntu' %}/etc/ssl/certs/ca-certificates.crt{% else %}/etc/pki/tls/certs/ca-bundle.crt{% endif %}"
 Usage
 -----
@@ -109,6 +133,10 @@ its dependencies in a Python virtual environment::
   changes will not been seen until you reinstall the package. To do this you
   can run ``./dev/install.sh``.
+If you are using TLS and wish to generate self-signed certificates::
+    export KAYOBE_OVERCLOUD_GENERATE_CERTIFICATES=1
 Run the ``dev/overcloud-deploy.sh`` script to deploy the OpenStack control
 plane::