Public bug reported: Even though Ironic's python client supports SSL encrypted connections to the ironic service, and securing intra-service connections is a recommended practice, the nova.virt.Ironic driver currently lacks an option to specify a custom CA Certificate for validating the SSL connection to the Ironic service.
On the other hand, other OpenStack services which Nova connects to (eg, Glance, Neutron...) have support for this via a service-specific "cafile" config option. ** Affects: nova Importance: Undecided Assignee: Devananda van der Veen (devananda) Status: In Progress ** Tags: ironic security ** Tags added: ironic ** Tags added: security -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1561796 Title: ironic driver does not support ssl cafile Status in OpenStack Compute (nova): In Progress Bug description: Even though Ironic's python client supports SSL encrypted connections to the ironic service, and securing intra-service connections is a recommended practice, the nova.virt.Ironic driver currently lacks an option to specify a custom CA Certificate for validating the SSL connection to the Ironic service. On the other hand, other OpenStack services which Nova connects to (eg, Glance, Neutron...) have support for this via a service-specific "cafile" config option. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1561796/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp