Correct internal tracing server cert name

We have instructed zuul to connect to tracing.opendev.org, but we are generating a certificate using opendev-ca with S=tracing01.opendev.org. Update the certificate with the correct subject. This also corrects the opendev-ca role which assumed that the cert filename would always be inventory_hostname. Change-Id: I9b6b0534f058d386e01910bb7efc30312f3d72ad
2022-09-28 10:04:32 -07:00 · 2022-09-28 10:04:32 -07:00 · 8492420407
commit 8492420407
parent 7689c561f2
2 changed files with 4 additions and 3 deletions
--- a/playbooks/roles/jaeger/tasks/main.yaml
+++ b/playbooks/roles/jaeger/tasks/main.yaml
@ -37,6 +37,7 @@
    name: opendev-ca
  vars:
    opendev_ca_name: jaeger
+    opendev_ca_server: "tracing.opendev.org"
    opendev_ca_cert_dir: /var/jaeger/tls
    opendev_ca_cert_dir_owner: "{{ jaeger_user }}"
    opendev_ca_cert_dir_group: "{{ jaeger_group }}"
--- a/playbooks/roles/opendev-ca/tasks/main.yaml
+++ b/playbooks/roles/opendev-ca/tasks/main.yaml
@ -35,15 +35,15 @@

 - name: Copy TLS cert into place
  copy:
-    src: "{{ opendev_ca_root }}/certs/{{ inventory_hostname }}.pem"
+    src: "{{ opendev_ca_root }}/certs/{{ opendev_ca_server }}.pem"
    dest: "{{ opendev_ca_cert_dir }}/certs/cert.pem"

 - name: Copy TLS key into place
  copy:
-    src: "{{ opendev_ca_root }}/keys/{{ inventory_hostname }}key.pem"
+    src: "{{ opendev_ca_root }}/keys/{{ opendev_ca_server }}key.pem"
    dest: "{{ opendev_ca_cert_dir }}/keys/key.pem"

 - name: Copy TLS keystore into place
  copy:
-    src: "{{ opendev_ca_root }}/keystores/{{ inventory_hostname }}.pem"
+    src: "{{ opendev_ca_root }}/keystores/{{ opendev_ca_server }}.pem"
    dest: "{{ opendev_ca_cert_dir }}/keys/keystore.pem"