summaryrefslogtreecommitdiffstats
path: root/docs/configguide/configguide.rst
diff options
context:
space:
mode:
authorjose.lausuch <jose.lausuch@ericsson.com>2016-03-18 12:25:33 +0100
committerjose.lausuch <jose.lausuch@ericsson.com>2016-03-18 15:08:49 +0100
commitb1924aa709a6ce74952e461a07a2fc10c2f2aae3 (patch)
tree3ab3aac31a7137edc6108b9a7cc52a274a70c9ff /docs/configguide/configguide.rst
parent99c413688b68cb78181845ea891ea4db451abf40 (diff)
Fix support for CACERT and set OS_INSECURE=true
JIRA: FUNCTEST-145 Change-Id: If8fce037117d7c7d16d08a558d0675cbfe5f9836 Signed-off-by: jose.lausuch <jose.lausuch@ericsson.com>
Diffstat (limited to 'docs/configguide/configguide.rst')
-rw-r--r--docs/configguide/configguide.rst16
1 files changed, 12 insertions, 4 deletions
diff --git a/docs/configguide/configguide.rst b/docs/configguide/configguide.rst
index b7a25c7d5..120951c4d 100644
--- a/docs/configguide/configguide.rst
+++ b/docs/configguide/configguide.rst
@@ -234,10 +234,10 @@ environment variable. Check the deployment settings.
SSL Support
-----------
-If the OpenStack deployment is defined to use HTTPS endpoints, a certificate
-will be needed in the container in order to launch any command.
-
-The OS variable will point to that file. For example::
+If you need to connect to a server that is TLS-enabled (the auth URL begins with ‘https’)
+and it uses a certificate from a private CA or a self-signed certificate you will
+need to specify the path to an appropriate CA certificate to use to validate the
+server certificate with the environment variable OS_CACERT::
echo $OS_CACERT
/etc/ssl/certs/ca.crt
@@ -252,7 +252,15 @@ be copied manually from the OpenStack deployment. This can be done in 2 ways:
-v <path_to_your_cert_file>:/etc/ssl/certs/ca.cert
+You might need to export OS_CACERT environment variable inside the container::
+
+ export OS_CACERT=/etc/ssl/certs/ca.crt
+
+
+Certificate verification can be turned off using OS_INSECURE=true.
+For example, Fuel uses self-signed cacerts by default, so an pre step would be::
+ export OS_INSECURE=true
Additional Options