92b1d408b8
In order to force requests module inside venvs to trust system-trusted certificate authorities, we need to define environment variable that will provide full path to CA file. Otherwise certifi provided file will be used, that can't be updated with new CA once they're added to system trust store. Change-Id: I79446813602ae094bb788d3c29654fb814ec19a8
16 lines
645 B
YAML
16 lines
645 B
YAML
---
|
|
features:
|
|
- |
|
|
New variable ``openstack_ca_bundle_path`` has been added which defines
|
|
the path to the ca-bundle certificate which contains all system-trusted CA
|
|
and will be used by the Python Requests module.
|
|
- |
|
|
Added variable ``openstack_systemd_global_overrides`` that defines
|
|
some defaults for all systemd services. It will be deployed to all hosts
|
|
and containers, but can be controlled with group_vars or host_vars as well
|
|
if needed.
|
|
deprecations:
|
|
- |
|
|
Since certificates and CA distribution are now handled with PKI role,
|
|
variable ``openstack_host_ca_location`` has been deprecated and removed.
|