Copy-in neutron cert via kolla extended/start

Instead of bind-mounting in RW mode, follow the established approach for ditributing certificates in containers. Related-Bug: #1759049 Partial-Bug: #1767998 Change-Id: I6bcb72b8b600b6b1d916b64c161bca22c802cf07 Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-04-30 12:46:42 +02:00 · 2018-04-30 12:46:42 +02:00 · bce3452104
parent e24316c4ec
commit bce3452104
1 changed files with 7 additions and 2 deletions
--- a/docker/services/neutron-dhcp.yaml
+++ b/docker/services/neutron-dhcp.yaml
@ -112,6 +112,11 @@ outputs:
              dest: "/"
              merge: true
              preserve_properties: true
+            - source: "/var/lib/kolla/config_files/src-tls/*"
+              dest: "/"
+              merge: true
+              preserve_properties: true
+              optional: true
          permissions:
            - path: /var/log/neutron
              owner: neutron:neutron
@ -149,8 +154,8 @@ outputs:
                -
                  if:
                    - internal_tls_enabled
-                    - - /etc/pki/tls/certs/neutron.crt:/etc/pki/tls/certs/neutron.crt
-                      - /etc/pki/tls/private/neutron.key:/etc/pki/tls/private/neutron.key
+                    - - /etc/pki/tls/certs/neutron.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/neutron.crt:ro
+                      - /etc/pki/tls/private/neutron.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/neutron.key:ro
                      - list_join:
                        - ':'
                        - - {get_param: InternalTLSCAFile}