From 3c5d5a12fd6cb4b582d43b81cef2cb59974980a7 Mon Sep 17 00:00:00 2001 From: Brendan Shephard Date: Wed, 14 Sep 2022 18:08:03 +1000 Subject: [PATCH] Fix tls-e CA cert declaration for OVN When using the OVN Cluster Ansible role, we currently default to /etc/ipa/ca.crt. We should instead use the value defined by the user in InternalTLSCAFile parameter. This change defines the relevant Ansible variables when the role is called: tripleo_ovn_cluster_northd_ssl_ca_cert tripleo_ovn_cluster_sb_ssl_ca_cert tripleo_ovn_cluster_nb_ssl_ca_cert Closes-Bug: #1989535 Change-Id: I28a4d173505a194c8a735e8b2e1c6f2589338730 --- deployment/ovn/ovn-dbs-cluster-ansible.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/deployment/ovn/ovn-dbs-cluster-ansible.yaml b/deployment/ovn/ovn-dbs-cluster-ansible.yaml index f20787b056..8b890e9903 100644 --- a/deployment/ovn/ovn-dbs-cluster-ansible.yaml +++ b/deployment/ovn/ovn-dbs-cluster-ansible.yaml @@ -308,6 +308,9 @@ outputs: tripleo_ovn_cluster_nb_remote_port: {get_param: OVNNorthboundClusterPort} tripleo_ovn_cluster_sb_local_port: {get_param: OVNSouthboundClusterPort} tripleo_ovn_cluster_sb_remote_port: {get_param: OVNSouthboundClusterPort} + tripleo_ovn_cluster_northd_ssl_ca_cert: {get_param: InternalTLSCAFile} + tripleo_ovn_cluster_sb_ssl_ca_cert: {get_param: InternalTLSCAFile} + tripleo_ovn_cluster_nb_ssl_ca_cert: {get_param: InternalTLSCAFile} - name: Start OVN DBs and northd containers (bootstrap node) when: - step|int == 3