Merge "Copy CA into containers."
This commit is contained in:
commit
b3c8ff59f1
@ -759,7 +759,7 @@ kolla_external_fqdn_cert: "{{ node_config }}/certificates/haproxy.pem"
|
|||||||
kolla_internal_fqdn_cert: "{{ node_config }}/certificates/haproxy-internal.pem"
|
kolla_internal_fqdn_cert: "{{ node_config }}/certificates/haproxy-internal.pem"
|
||||||
kolla_external_fqdn_cacert: "{{ node_config }}/certificates/haproxy-ca.crt"
|
kolla_external_fqdn_cacert: "{{ node_config }}/certificates/haproxy-ca.crt"
|
||||||
kolla_internal_fqdn_cacert: "{{ node_config }}/certificates/haproxy-ca-internal.crt"
|
kolla_internal_fqdn_cacert: "{{ node_config }}/certificates/haproxy-ca-internal.crt"
|
||||||
|
kolla_copy_ca_into_containers: "no"
|
||||||
|
|
||||||
####################
|
####################
|
||||||
# Kibana options
|
# Kibana options
|
||||||
|
@ -45,6 +45,18 @@
|
|||||||
notify:
|
notify:
|
||||||
- "Restart {{ item.key }} container"
|
- "Restart {{ item.key }} container"
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ aodh_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -47,6 +47,18 @@
|
|||||||
when:
|
when:
|
||||||
- barbican_policy.results
|
- barbican_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ barbican_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -31,6 +31,18 @@
|
|||||||
when:
|
when:
|
||||||
- blazar_policy.results
|
- blazar_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ blazar_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -136,6 +136,18 @@
|
|||||||
when:
|
when:
|
||||||
- ceilometer_policy.results
|
- ceilometer_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ ceilometer_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -46,6 +46,18 @@
|
|||||||
when:
|
when:
|
||||||
- cinder_policy.results
|
- cinder_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ cinder_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -55,6 +55,18 @@
|
|||||||
set_fact:
|
set_fact:
|
||||||
cloudkitty_custom_metrics_used: "{{ cloudkitty_custom_metrics_file.stat.exists }}"
|
cloudkitty_custom_metrics_used: "{{ cloudkitty_custom_metrics_file.stat.exists }}"
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ cloudkitty_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -52,6 +52,17 @@
|
|||||||
fluentd_binary: "{{ fluentd_labels.images.0.ContainerConfig.Labels.fluentd_binary }}"
|
fluentd_binary: "{{ fluentd_labels.images.0.ContainerConfig.Labels.fluentd_binary }}"
|
||||||
when: enable_fluentd | bool
|
when: enable_fluentd | bool
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ common_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -31,6 +31,18 @@
|
|||||||
when:
|
when:
|
||||||
- congress_policy.results
|
- congress_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ congress_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -45,6 +45,18 @@
|
|||||||
notify:
|
notify:
|
||||||
- Restart {{ item.key }} container
|
- Restart {{ item.key }} container
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ cyborg_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -31,6 +31,18 @@
|
|||||||
when:
|
when:
|
||||||
- designate_policy.results
|
- designate_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ designate_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -21,6 +21,17 @@
|
|||||||
- item.value.enabled | bool
|
- item.value.enabled | bool
|
||||||
with_dict: "{{ elasticsearch_services }}"
|
with_dict: "{{ elasticsearch_services }}"
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ elasticsearch_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -31,6 +31,18 @@
|
|||||||
when:
|
when:
|
||||||
- freezer_policy.results
|
- freezer_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ freezer_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -41,6 +41,18 @@
|
|||||||
when:
|
when:
|
||||||
- glance_policy.results
|
- glance_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ glance_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -41,6 +41,18 @@
|
|||||||
when:
|
when:
|
||||||
- gnocchi_policy.results
|
- gnocchi_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ gnocchi_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -20,6 +20,17 @@
|
|||||||
run_once: True
|
run_once: True
|
||||||
register: check_extra_conf_grafana
|
register: check_extra_conf_grafana
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ grafana_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files
|
- name: Copying over config.json files
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -31,6 +31,18 @@
|
|||||||
when:
|
when:
|
||||||
- heat_policy.results
|
- heat_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ heat_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
become: true
|
become: true
|
||||||
template:
|
template:
|
||||||
|
@ -38,6 +38,18 @@
|
|||||||
when:
|
when:
|
||||||
- ironic_policy.results
|
- ironic_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ ironic_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -12,6 +12,18 @@
|
|||||||
- item.value.enabled | bool
|
- item.value.enabled | bool
|
||||||
with_dict: "{{ karbor_services }}"
|
with_dict: "{{ karbor_services }}"
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ karbor_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -38,6 +38,18 @@
|
|||||||
run_once: True
|
run_once: True
|
||||||
register: keystone_domain_directory
|
register: keystone_domain_directory
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ keystone_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -12,6 +12,18 @@
|
|||||||
- item.value.enabled | bool
|
- item.value.enabled | bool
|
||||||
with_dict: "{{ kibana_services }}"
|
with_dict: "{{ kibana_services }}"
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ kibana_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -31,6 +31,18 @@
|
|||||||
when:
|
when:
|
||||||
- kuryr_policy.results
|
- kuryr_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ kuryr_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -31,6 +31,18 @@
|
|||||||
when:
|
when:
|
||||||
- magnum_policy.results
|
- magnum_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ magnum_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -45,6 +45,18 @@
|
|||||||
when:
|
when:
|
||||||
- manila_policy.results
|
- manila_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ manila_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -31,6 +31,18 @@
|
|||||||
when:
|
when:
|
||||||
- mistral_policy.results
|
- mistral_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ mistral_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -12,6 +12,18 @@
|
|||||||
- item.value.enabled | bool
|
- item.value.enabled | bool
|
||||||
with_dict: "{{ monasca_services }}"
|
with_dict: "{{ monasca_services }}"
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ monasca_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}/{{ item.key }}.json.j2"
|
src: "{{ item.key }}/{{ item.key }}.json.j2"
|
||||||
|
@ -31,6 +31,18 @@
|
|||||||
when:
|
when:
|
||||||
- murano_policy.results
|
- murano_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ murano_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -47,6 +47,18 @@
|
|||||||
changed_when: False
|
changed_when: False
|
||||||
register: check_extra_ml2_plugins
|
register: check_extra_ml2_plugins
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- item.value.host_in_groups | bool
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ neutron_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
become: true
|
become: true
|
||||||
template:
|
template:
|
||||||
|
@ -24,6 +24,18 @@
|
|||||||
- item.value.enabled | bool
|
- item.value.enabled | bool
|
||||||
with_dict: "{{ nova_cell_services }}"
|
with_dict: "{{ nova_cell_services }}"
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ nova_cell_services }}"
|
||||||
|
|
||||||
- include_tasks: ceph.yml
|
- include_tasks: ceph.yml
|
||||||
when:
|
when:
|
||||||
- enable_ceph | bool and nova_backend == "rbd"
|
- enable_ceph | bool and nova_backend == "rbd"
|
||||||
|
@ -33,3 +33,14 @@
|
|||||||
- "{{ node_custom_config }}/nova-hyperv/wsgate.ini"
|
- "{{ node_custom_config }}/nova-hyperv/wsgate.ini"
|
||||||
- "wsgate.ini.j2"
|
- "wsgate.ini.j2"
|
||||||
notify: Restart FreeRDP-WebConnect
|
notify: Restart FreeRDP-WebConnect
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_custom_config }}/nova-hyperv/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
@ -31,6 +31,18 @@
|
|||||||
when:
|
when:
|
||||||
- nova_policy.results
|
- nova_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ nova_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
become: true
|
become: true
|
||||||
template:
|
template:
|
||||||
|
@ -45,6 +45,18 @@
|
|||||||
notify:
|
notify:
|
||||||
- "Restart {{ item.key }} container"
|
- "Restart {{ item.key }} container"
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ octavia_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -31,6 +31,18 @@
|
|||||||
when:
|
when:
|
||||||
- panko_policy.results
|
- panko_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ panko_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -31,6 +31,18 @@
|
|||||||
when:
|
when:
|
||||||
- placement_policy.results
|
- placement_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ placement_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
become: true
|
become: true
|
||||||
template:
|
template:
|
||||||
|
@ -12,6 +12,18 @@
|
|||||||
- item.value.enabled | bool
|
- item.value.enabled | bool
|
||||||
with_dict: "{{ prometheus_services }}"
|
with_dict: "{{ prometheus_services }}"
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ prometheus_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files
|
- name: Copying over config.json files
|
||||||
become: true
|
become: true
|
||||||
template:
|
template:
|
||||||
|
@ -36,6 +36,18 @@
|
|||||||
when:
|
when:
|
||||||
- qinling_policy.results
|
- qinling_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ qinling_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -31,6 +31,18 @@
|
|||||||
when:
|
when:
|
||||||
- rally_policy.results
|
- rally_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ rally_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -31,6 +31,18 @@
|
|||||||
when:
|
when:
|
||||||
- sahara_policy.results
|
- sahara_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ sahara_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -31,6 +31,18 @@
|
|||||||
when:
|
when:
|
||||||
- searchlight_policy.results
|
- searchlight_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ searchlight_config_jsons }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -31,6 +31,18 @@
|
|||||||
when:
|
when:
|
||||||
- senlin_policy.results
|
- senlin_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ senlin_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -12,6 +12,18 @@
|
|||||||
- item.value.enabled | bool
|
- item.value.enabled | bool
|
||||||
with_dict: "{{ skydive_services }}"
|
with_dict: "{{ skydive_services }}"
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ skydive_services }}"
|
||||||
|
|
||||||
- name: Copying over default config.json files
|
- name: Copying over default config.json files
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -12,6 +12,18 @@
|
|||||||
- item.value.enabled | bool
|
- item.value.enabled | bool
|
||||||
with_dict: "{{ solum_services }}"
|
with_dict: "{{ solum_services }}"
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ solum_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -28,6 +28,18 @@
|
|||||||
- "swift-proxy-server"
|
- "swift-proxy-server"
|
||||||
- "swift-rsyncd"
|
- "swift-rsyncd"
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ swift_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item }}.json.j2"
|
src: "{{ item }}.json.j2"
|
||||||
|
@ -31,6 +31,18 @@
|
|||||||
when:
|
when:
|
||||||
- tacker_policy.results
|
- tacker_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ tacker_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -12,6 +12,18 @@
|
|||||||
- item.value.enabled | bool
|
- item.value.enabled | bool
|
||||||
with_dict: "{{ telegraf_services }}"
|
with_dict: "{{ telegraf_services }}"
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ telegraf_services }}"
|
||||||
|
|
||||||
- name: Copying over default config.json files
|
- name: Copying over default config.json files
|
||||||
template:
|
template:
|
||||||
src: "telegraf.json.j2"
|
src: "telegraf.json.j2"
|
||||||
|
@ -12,6 +12,18 @@
|
|||||||
- item.value.enabled | bool
|
- item.value.enabled | bool
|
||||||
with_dict: "{{ tempest_services }}"
|
with_dict: "{{ tempest_services }}"
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ tempest_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -31,6 +31,18 @@
|
|||||||
when:
|
when:
|
||||||
- trove_policy.results
|
- trove_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ trove_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -31,6 +31,18 @@
|
|||||||
when:
|
when:
|
||||||
- vitrage_policy.results
|
- vitrage_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ vitrage_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -31,6 +31,18 @@
|
|||||||
when:
|
when:
|
||||||
- watcher_policy.results
|
- watcher_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ watcher_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -31,6 +31,18 @@
|
|||||||
when:
|
when:
|
||||||
- zun_policy.results
|
- zun_policy.results
|
||||||
|
|
||||||
|
- name: Copying over extra CA certificates
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: "{{ node_config }}/certificates/ca/"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- kolla_copy_ca_into_containers | bool
|
||||||
|
with_dict: "{{ zun_services }}"
|
||||||
|
|
||||||
- name: Copying over config.json files for services
|
- name: Copying over config.json files for services
|
||||||
template:
|
template:
|
||||||
src: "{{ item.key }}.json.j2"
|
src: "{{ item.key }}.json.j2"
|
||||||
|
@ -165,6 +165,32 @@ configuration file:
|
|||||||
The files haproxy.pem and haproxy-ca.pem will be generated and stored
|
The files haproxy.pem and haproxy-ca.pem will be generated and stored
|
||||||
in the ``/etc/kolla/certificates/`` directory.
|
in the ``/etc/kolla/certificates/`` directory.
|
||||||
|
|
||||||
|
Adding CA Certificates to the Service Containers
|
||||||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
To copy CA certificate files to the service containers
|
||||||
|
|
||||||
|
.. code-block:: yaml
|
||||||
|
|
||||||
|
kolla_copy_ca_into_containers: "yes"
|
||||||
|
|
||||||
|
When ``kolla_copy_ca_into_containers`` is configured to "yes", the
|
||||||
|
CA certificate files in /etc/kolla/certificates/ca will be copied into
|
||||||
|
service containers to enable trust for those CA certificates. This is required
|
||||||
|
for any certificates that are either self-signed or signed by a private CA,
|
||||||
|
and are not already present in the service image trust store.
|
||||||
|
|
||||||
|
All certificate file names will have the "kolla-customca-" prefix appended to
|
||||||
|
it when it is copied into the containers. For example, if a certificate file is
|
||||||
|
named "internal.crt", it will be named "kolla-customca-internal.crt" in the
|
||||||
|
containers.
|
||||||
|
|
||||||
|
For Debian and Ubuntu containers, the certificate files will be copied to
|
||||||
|
the ``/usr/local/share/ca-certificates/`` directory.
|
||||||
|
|
||||||
|
For Centos and Red Hat Linux containers, the certificate files will be copied
|
||||||
|
to the ``/etc/pki/ca-trust/source/anchors/`` directory.
|
||||||
|
|
||||||
.. _service-config:
|
.. _service-config:
|
||||||
|
|
||||||
OpenStack Service Configuration in Kolla
|
OpenStack Service Configuration in Kolla
|
||||||
|
@ -186,6 +186,7 @@
|
|||||||
#kolla_internal_fqdn_cert: "{{ node_config }}/certificates/haproxy-internal.pem"
|
#kolla_internal_fqdn_cert: "{{ node_config }}/certificates/haproxy-internal.pem"
|
||||||
#kolla_external_fqdn_cacert: "{{ node_config }}/certificates/haproxy-ca.crt"
|
#kolla_external_fqdn_cacert: "{{ node_config }}/certificates/haproxy-ca.crt"
|
||||||
#kolla_internal_fqdn_cacert: "{{ node_config }}/certificates/haproxy-ca-internal.crt"
|
#kolla_internal_fqdn_cacert: "{{ node_config }}/certificates/haproxy-ca-internal.crt"
|
||||||
|
#kolla_copy_ca_into_containers: "no"
|
||||||
|
|
||||||
################
|
################
|
||||||
# Region options
|
# Region options
|
||||||
|
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
When 'kolla_copy_ca_into_containers' is configured to 'yes', the
|
||||||
|
certificate authority files in /etc/kolla/certificates/ca will be copied
|
||||||
|
into service containers to enable trust for those CA certificates. This
|
||||||
|
is required for any certificates that are either self-signed or signed by
|
||||||
|
a private CA, and are not already present in the service image trust store.
|
||||||
|
Otherwise, either CA validation will need to be explicitly disabled or the
|
||||||
|
path to the CA certificate must be configured in the service using
|
||||||
|
the ``openstack_cacert`` parameter.
|
||||||
|
|
||||||
|
issues:
|
||||||
|
- |
|
||||||
|
Python <= 2.7.9 will not trust self-signed or privately signed CAs even
|
||||||
|
if they are added into the OS trusted CA folder and update-ca-trust is
|
||||||
|
executed. This is also true for the Python Requests library, regardless of
|
||||||
|
Python version. For services that run Python <= 2.7.9 or rely on the
|
||||||
|
Python Requests library, either CA verification must be explicitly disabled
|
||||||
|
in the service or the path to the CA certificate must be configured using
|
||||||
|
the ``openstack_cacert`` parameter.
|
Loading…
Reference in New Issue
Block a user