Newer
Older
Adds support for generating self-signed certificates for both the internal
and external (public) networks via the ``kolla-ansible certificates``
command. If they are the same network, then the certificate files will be
the same.
upgrade:
- |
The default value for ``kolla_external_fqdn_cacert`` has been changed
from:
"{{ node_config }}/certificates/haproxy-ca.crt"
to:
"{{ node_config }}/certificates/ca/haproxy.crt"
and the default value for ``kolla_external_fqdn_cacert`` has been changed
from:
"{{ node_config }}/certificates/haproxy-ca-internal.crt"
to:
"{{ node_config }}/certificates/ca/haproxy-internal.crt"
These variables set the value for the ``OS_CACERT`` environment variable in
``admin-openrc.sh``. This has been done to allow these certificates to be
copied into containers when ``kolla_copy_ca_into_containers`` is true.