Add ca_path for module uri in opensearch role

Fixes an deploy opensearch whith enable TLS on the internal VIP Closes-Bug: #2073224 Change-Id: I50ce48c4e3c645e2f3aeee4913a9bc9ee506040a (cherry picked from commit aed500c1405b17f1991333c5fe4d2faf11b213c4)
2024-07-16 04:58:13 +00:00 · 2024-07-16 04:58:13 +00:00 · 0594a284c6
commit 0594a284c6
parent 54019c56f1
3 changed files with 10 additions and 0 deletions
--- a/ansible/roles/opensearch/handlers/main.yml
+++ b/ansible/roles/opensearch/handlers/main.yml
@ -13,6 +13,7 @@
      return_content: yes
      body: "{{ opensearch_shard_body | to_json }}"  # noqa jinja[invalid]
      body_format: json
+      ca_path: "{{ openstack_cacert }}"
  delegate_to: "{{ groups['opensearch'][0] }}"
  run_once: true
  listen: "Restart opensearch container"
@ -30,6 +31,7 @@
      status_code: 200
      return_content: yes
      body_format: json
+      ca_path: "{{ openstack_cacert }}"
  delegate_to: "{{ groups['opensearch'][0] }}"
  run_once: true
  retries: 10
--- a/ansible/roles/opensearch/tasks/post-config.yml
+++ b/ansible/roles/opensearch/tasks/post-config.yml
@ -7,6 +7,7 @@
    module_args:
      url: "{{ opensearch_internal_endpoint }}/_cluster/stats"
      status_code: 200
+      ca_path: "{{ openstack_cacert }}"
  register: result
  until: result.get('status') == 200
  retries: 30
@ -23,6 +24,7 @@
      method: GET
      status_code: 200, 404
      return_content: yes
+      ca_path: "{{ openstack_cacert }}"
  register: opensearch_retention_policy_check
  delegate_to: "{{ groups['opensearch'][0] }}"
  run_once: true
@ -39,6 +41,7 @@
      return_content: yes
      body: "{{ opensearch_retention_policy | from_yaml | to_json }}"
      body_format: json
+      ca_path: "{{ openstack_cacert }}"
  register: opensearch_retention_policy_create
  delegate_to: "{{ groups['opensearch'][0] }}"
  run_once: true
@ -59,6 +62,7 @@
      return_content: yes
      body: "{{ opensearch_set_policy_body | to_json }}"
      body_format: json
+      ca_path: "{{ openstack_cacert }}"
  delegate_to: "{{ groups['opensearch'][0] }}"
  run_once: true
  changed_when: opensearch_retention_policy_create.status == 201
--- a/releasenotes/notes/add-opensearch-uri-68a657c55ce9c9f1.yaml
+++ b/releasenotes/notes/add-opensearch-uri-68a657c55ce9c9f1.yaml
@ -0,0 +1,4 @@
+---
+fixes:
+  - |
+    Fixes an deploy opensearch with enable TLS on the internal VIP.