a0665cd9c6
Previously we were using the zuul user in the TLS jobs. This was due to a permissions issue when accessing the CA certificate in kayobe-config in the zuul user's home directory. This change reverts to the default of using the stack user for the TLS jobs. In order to make this work, the generated CA cert chain is added to the trust store. Change-Id: I875f8976df75dee68ba00842fe624c29cc1b123c
26 lines
803 B
Django/Jinja
26 lines
803 B
Django/Jinja
---
|
|
# Use HTTPS opendev quay.io registry proxy.
|
|
docker_registry_insecure: no
|
|
|
|
# Most development environments will use nested virtualisation, and we can't
|
|
# guarantee that nested KVM support is available. Use QEMU as a lowest common
|
|
# denominator.
|
|
nova_compute_virt_type: qemu
|
|
|
|
# Reduce the control plane's memory footprint by limiting the number of worker
|
|
# processes to one per-service.
|
|
openstack_service_workers: "1"
|
|
openstack_service_rpc_workers: "1"
|
|
|
|
# Reduce size of libvirt logs when OpenStack debug logging is enabled
|
|
nova_libvirt_logging_debug: False
|
|
|
|
{% if tls_enabled %}
|
|
# TLS
|
|
kolla_copy_ca_into_containers: "yes"
|
|
kolla_enable_tls_backend: "yes"
|
|
openstack_cacert: "/etc/pki/tls/certs/ca-bundle.crt"
|
|
kolla_admin_openrc_cacert: "/etc/pki/tls/certs/ca-bundle.crt"
|
|
libvirt_tls: "yes"
|
|
{% endif %}
|