From b1924aa709a6ce74952e461a07a2fc10c2f2aae3 Mon Sep 17 00:00:00 2001 From: "jose.lausuch" Date: Fri, 18 Mar 2016 12:25:33 +0100 Subject: Fix support for CACERT and set OS_INSECURE=true JIRA: FUNCTEST-145 Change-Id: If8fce037117d7c7d16d08a558d0675cbfe5f9836 Signed-off-by: jose.lausuch --- docs/configguide/configguide.rst | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'docs/configguide') diff --git a/docs/configguide/configguide.rst b/docs/configguide/configguide.rst index b7a25c7d5..120951c4d 100644 --- a/docs/configguide/configguide.rst +++ b/docs/configguide/configguide.rst @@ -234,10 +234,10 @@ environment variable. Check the deployment settings. SSL Support ----------- -If the OpenStack deployment is defined to use HTTPS endpoints, a certificate -will be needed in the container in order to launch any command. - -The OS variable will point to that file. For example:: +If you need to connect to a server that is TLS-enabled (the auth URL begins with ‘https’) +and it uses a certificate from a private CA or a self-signed certificate you will +need to specify the path to an appropriate CA certificate to use to validate the +server certificate with the environment variable OS_CACERT:: echo $OS_CACERT /etc/ssl/certs/ca.crt @@ -252,7 +252,15 @@ be copied manually from the OpenStack deployment. This can be done in 2 ways: -v :/etc/ssl/certs/ca.cert +You might need to export OS_CACERT environment variable inside the container:: + + export OS_CACERT=/etc/ssl/certs/ca.crt + + +Certificate verification can be turned off using OS_INSECURE=true. +For example, Fuel uses self-signed cacerts by default, so an pre step would be:: + export OS_INSECURE=true Additional Options -- cgit 1.2.3-korg