From 302649631f0ac0106bf2647418e0b1f96c7ec3c6 Mon Sep 17 00:00:00 2001 From: Francesco Pantano Date: Tue, 12 Nov 2024 09:37:46 +0100 Subject: [PATCH] Update Glance s3 config with s3_store_cacert config option Signed-off-by: Francesco Pantano --- config/samples/backends/README.md | 20 ++++++++++++++++++++ config/samples/backends/s3/s3.yaml | 1 + 2 files changed, 21 insertions(+) diff --git a/config/samples/backends/README.md b/config/samples/backends/README.md index 589aeb6c..73e7bff7 100644 --- a/config/samples/backends/README.md +++ b/config/samples/backends/README.md @@ -438,6 +438,26 @@ spec: ... ``` +**Note:** +If s3 is consumed via `https`, the option `s3_store_cacert` must be set, pointing +to the `ca-bundle.crt` path. +The `OpenStackControlPlane` is usually deployed by default with tls enabled, +and a CA certificate is mounted to the Pod in `/etc/pki/tls/certs/ca-bundle.crt`. +GlanceAPI `customServiceConfig` must be updated to reflect the following: + +``` +customServiceConfig: | + [DEFAULT] + debug=true + enabled_backends = default_backend:s3 + [glance_store] + default_backend = default_backend + [default_backend] + s3_store_create_bucket_on_put = True + s3_store_bucket_url_format = "path" + s3_store_cacert = "/etc/pki/tls/certs/ca-bundle.crt" +``` + If you are using `install_yamls` and you already have `crc` running you can use the "s3" example and apply it to the control plane with the following commands: diff --git a/config/samples/backends/s3/s3.yaml b/config/samples/backends/s3/s3.yaml index 2d5416d2..29bf9a52 100644 --- a/config/samples/backends/s3/s3.yaml +++ b/config/samples/backends/s3/s3.yaml @@ -15,6 +15,7 @@ spec: [default_backend] s3_store_create_bucket_on_put = True s3_store_bucket_url_format = "path" + s3_store_cacert = "/etc/pki/tls/certs/ca-bundle.crt" databaseInstance: openstack glanceAPIs: default: