1810980 – Explain better how to handle self signed CA for glance (bootstrap Ignition file in Glance)

Bug 1810980 - Explain better how to handle self signed CA for glance (bootstrap Ignition file in Glance)

Summary: Explain better how to handle self signed CA for glance (bootstrap Ignition fi...

Keywords:
Status:	CLOSED DUPLICATE of bug 1809921
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	4.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	4.5.0
Assignee:	Pierre Prinetti
QA Contact:	David Sanz
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-03-06 10:48 UTC by bart
Modified:	2020-03-12 15:32 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-03-12 15:32:47 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description bart 2020-03-06 10:48:14 UTC

Description of problem:
https://github.com/openshift/installer/blob/master/docs/user/openstack/install_upi.md

Lists OpenStack Glance as an option to help inject the bootstrap ignition file. However, some openstack installation run TLS with self-signed certs. This will prevent the CoreOS bootstrap machine to bootstrap.
Without knowing this the person deploying will wait forever for the api to come up.
We should at least list this as remark. 

Use OpenStack Glance making sure the CoreOS can use it via HTTP, or via HTTPS if it has a trusted CA. An untrusted CA (self signed) should either injected in the ignition file or added to the CoreOS image via other means.

Note You need to log in before you can comment on or make changes to this bug.