In order to get a more secure thing with TLS, we should stop creating one shared certificate across multiple containers/services. In order to do so, we should move away from the puppet code and, instead, manage the certificate directly via ansible, using either a dedicated module or a reusable role, and calling this facility directly from within tripleo-heat-templates, in the right files. The Spec has been approved: http://specs.openstack.org/openstack/tripleo-specs/specs/train/certificate-management.html The DFG:Security is all for that, especially if we can get proper, dedicated internal certificate for each service.
This RFE was not marked MVP for OSP 17.0, it will be moved to 17.1. If Tech Preview is required for OSP 17.0 please clone issue and follow procedure, contact the TRAC team.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Release of components for Red Hat OpenStack Platform 17.1 (Wallaby)), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2023:4577