802f7c6218
To follow best security practices and help fellow operators. More details inline and in the linked bug report. Closes-Bug: #1940547 Change-Id: Ide9e9009a6e272f20a43319f27d257efdf315f68
19 lines
828 B
YAML
19 lines
828 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
Kolla Ansible now defaults ``docker_registry_insecure`` to ``false``.
|
|
If you relied on the previous behaviour, please switch it back on
|
|
but bear in mind the consequences as discussed in the related security
|
|
note as well as the linked bug report.
|
|
`LP#1940547 <https://launchpad.net/bugs/1940547>`__
|
|
security:
|
|
- |
|
|
Previously, Kolla Ansible, by default (as documented in several places),
|
|
configured Docker to insecure mode for the configured registry (i.e., if
|
|
not using the default one). This is controlled by the
|
|
``docker_registry_insecure`` variable.
|
|
If operators did not notice this quirk, they could have opened their
|
|
deployments up for potential MITM attacks. See the bug report for
|
|
more discussion.
|
|
`LP#1940547 <https://launchpad.net/bugs/1940547>`__
|