Add ssl_minimum_version tls1.2 to tls overrides

This change adds the minimum version of tls1.2 to not allow insecure older tls versions to be allowed. Change-Id: I880ac1caf31d2a26ca78389d5f96b07cf42b61ac
2022-01-24 12:20:52 -06:00 · 2022-01-24 12:20:52 -06:00 · 3f4b2b97b6
commit 3f4b2b97b6
parent 7726dd98c8
4 changed files with 5 additions and 1 deletions
--- a/nova/Chart.yaml
+++ b/nova/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Nova
 name: nova
-version: 0.2.26
+version: 0.2.27
 home: https://docs.openstack.org/nova/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
 sources:
--- a/nova/values_overrides/tls.yaml
+++ b/nova/values_overrides/tls.yaml
@ -126,6 +126,8 @@ conf:
        WSGIPassAuthorization On
    </Location>
  nova:
+    DEFAULT:
+      ssl_minimum_version: tlsv1_2
    glance:
      cafile: /etc/nova/certs/ca.crt
    ironic:
--- a/releasenotes/notes/nova.yaml
+++ b/releasenotes/notes/nova.yaml
@ -47,4 +47,5 @@ nova:
  - 0.2.24 Fix nova-bootstrap job labels
  - 0.2.25 Add check for compute nodes
  - 0.2.26 Fix _ssh-init.sh.tpl to copy the ssh keys to the user on the security context
+  - 0.2.27 Add tls1.2 minimum version to tls overrides
 ...
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@ -33,6 +33,7 @@
        - openstack-helm-compute-kit-wallaby-ubuntu_focal
        - openstack-helm-horizon-train-ubuntu_bionic
        - openstack-helm-keystone-ldap
+        - openstack-helm-tls
    gate:
      jobs:
        - openstack-helm-lint