© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
2eb648a
demo site
(Get the code!)
Denis, let me explain it a bit.
This option in heat.conf was added just for supporting easy work with WaitConditions.
It does not affect other security in Heat itself.
It was added in upstream for handling follow situation. User has template, which works on openstack without SSL.
Then he wants to use SSL or (copy example of template from somewhere, where was not used SSL).
He try to create stack with this template and got some unexpected error, due to internal heat misunderstanding.
How user should deal with it before?
there are two options:
1. add manually --insecure option in template (p.s. forgot to say, that config options insecure just trigger adding this option to WaitConditionHandle resource)
2. use full approach with certificates like generate them - upload one in Heat template and another to controller with heat services. (Honestly I have not heard that somebody followed this way. Most part prefer option #1)
So now we have option 3:
enable insecure WHEN we have ENABLE SSL (please make it dependence from SSL option, don't set it true for all - it's not bad, but looks weird :) )
So this bug is about option 3.