The microstack.openstack project recently enabled/required tls authentication as outlined here. I am working on deploying an openstack cluster to microstack using a terraform example here. As a result of the change, I receive an unknown signed cert error when trying to create an openstack network client data source.

data "openstack_networking_network_v2" "terraform" {
name = "${var.pool}"
}

The error I get when calling terraform plan:

Error: Error creating OpenStack networking client: Post "https://XXX.XXX.XXX.132:5000/v3/auth/tokens": OpenStack connection error, retries exhausted. Aborting. Last error was: x509: certificate signed by unknown authority
with data.openstack_networking_network_v2.terraform,
on datasources.tf line 1, in data "openstack_networking_network_v2" "terraform":
1: data "openstack_networking_network_v2" "terraform" {

Is there a way to ignore the certificate error, so that I can successfully use terraform to create the openstack cluster? I have tried updating the generate-self-signed parameter, but I haven't seen any change in behavior:

sudo snap set microstack config.tls.generate-self-signed=false

CodePudding user response：

The problem was that I did not source the admin-openrc.sh file that I had downloaded from the horizon web page:

$ source admin-openrc.sh

CodePudding user response：

I think insecure provider parameter is what you are looking for:

(Optional) Trust self-signed SSL certificates. If omitted, the OS_INSECURE environment variable is used.

Try:

provider "openstack" {
  insecure = true
}

Disclaimer: I haven't tried that.