diff --git a/modules/installation-osp-bootstrap-machine.adoc b/modules/installation-osp-bootstrap-machine.adoc index b4dabc927b03..d5871d5c0e6c 100644 --- a/modules/installation-osp-bootstrap-machine.adoc +++ b/modules/installation-osp-bootstrap-machine.adoc @@ -14,12 +14,4 @@ The bootstrap machine requires: * An instance from the {rh-openstack} quota * A port from the {rh-openstack} quota -* A flavor with at least 16 GB memory, 4 vCPUs, and 25 GB storage space - -[NOTE] -==== -The installation program cannot pass certificate authority bundles to Ignition -on control plane machines. Therefore, the bootstrap machine cannot retrieve -Ignition configurations from Swift if your endpoint uses self-signed -certificates. -==== +* A flavor with at least 16 GB memory, 4 vCPUs, and 25 GB storage space \ No newline at end of file diff --git a/modules/installation-osp-describing-cloud-parameters.adoc b/modules/installation-osp-describing-cloud-parameters.adoc index d0a373c600ff..8a0d761202bc 100644 --- a/modules/installation-osp-describing-cloud-parameters.adoc +++ b/modules/installation-osp-describing-cloud-parameters.adoc @@ -3,6 +3,7 @@ // * installing/installing_openstack/installing-openstack-installer.adoc // * installing/installing_openstack/installing-openstack-installer-custom.adoc // * installing/installing_openstack/installing-openstack-installer-kuryr.adoc +// * installing/installing_openstack/installing-openstack-installer-user.adoc [id="installation-osp-describing-cloud-parameters_{context}"] = Defining parameters for the installation program @@ -41,7 +42,34 @@ clouds: auth_url: 'https://10.10.14.22:5001/v2.0' ---- -. Place the file that you generate in one of the following locations: +. If your {rh-openstack} installation uses self-signed certificate authority (CA) certificates for endpoint authentication: +.. Copy the certificate authority file to your machine. +.. In the command line, run the following commands to add the machine to the certificate authority trust bundle: ++ +---- +$ sudo cp ca.crt.pem /etc/pki/ca-trust/source/anchors/ +$ sudo update-ca-trust extract +---- + +.. Add the `cacerts` key to the `clouds.yaml` file. The value must be an absolute, non-root-accessible path to the CA certificate: ++ +[source,yaml] +---- +clouds: + shiftstack: + ... + cacert: "/etc/pki/ca-trust/source/anchors/ca.crt.pem" +---- ++ +[TIP] +==== +After you run the installer with a custom CA certificate, you can update the certificate by editing the value of the `ca-cert.pem` key in the `cloud-provider-config` keymap. On a command line, run: +---- +$ oc edit configmap -n openshift-config cloud-provider-config +---- +==== + +. Place the `clouds.yaml` file in one of the following locations: .. The value of the `OS_CLIENT_CONFIG_FILE` environment variable .. The current directory .. A Unix-specific user configuration directory, for example `~/.config/openstack/clouds.yaml`