[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: how to supply ca trust bundle to bootstrap ignition config for openstack



I believe the ca bundle value should show up here:

$ cat terraform.openstack.auto.tfvars.json | jq -r .openstack_bootstrap_shim_ignition | jq .ignition.security
{
  "tls": {}
}


While attempting to influence that, I've had no luck by placing the CA cert in install-config.yaml at any of .platform.openstack.{userCA,userCAIgnition} subsequent to running create cluster. What am I missing to influence the TLS payload of bootstrap shim for ignition?

$ ~/Downloads/openshift-install version
/Users/dlbewley/Downloads/openshift-install v4.3.0
built from commit 2355d9b2dd662c0043133d76273c5cf10e0ce00a
release image quay.io/openshift-release-dev/ocp-release-nightly sha256:3828e79b24b1891b9bec8b47fb7bf2fe093d7211dc9687cff317f475fa15f999


On Wed, Nov 20, 2019 at 9:38 AM Dale Bewley <dale bewley net> wrote:
After this merge I understand I can supply a CA bundle to enable ignition to trust my OpenStack Swift endpoint
https://github.com/openshift/installer/pull/2587/files#diff-8f7812d0db7f9cf17958b3a70170f7a0
I am trying with the openshift-install-mac-4.3.0-0.nightly-2019-11-19-053808.tar.gz build. 

Can you help me help myself with this?

How do I translate `bootstrap_shim_ignition = var.openstack_bootstrap_shim_ignition` into a expected value in install-config.yaml?

Thanks

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]