From 00ea9d56233757279c3b9419a2541d13433a089f Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Mon, 8 Oct 2018 08:55:42 +0200 Subject: [PATCH] Fix TLS resource_registry key error Via I1bfdb6d064f3b10b269dedafd36ca367139fe1df we moved to using environments/ssl/enable-tls.yaml. The problem is that the code in roles/overcloud-ssl/library/tls_tht.py assumes that the parsed yaml file already has the 'resource_registry' key in the dictionary. That was true with environments/enable-tls.yaml but is not true any longer for environments/ssl/enable-tls.yaml. Since Iaf7386207e5bd8b336759f51e4405fe15114123a in rocky NodeTLSData is not used anymore, so let's just skip the whole assignment starting with rocky. Closes-Bug: #1796626 Depends-On: Ibee6ba188585f80f0f7d136c81146096cb4432c2 Change-Id: I53851edbb8bb562dc4194fb99d6ade259227d2f9 --- roles/overcloud-ssl/library/tls_tht.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/roles/overcloud-ssl/library/tls_tht.py b/roles/overcloud-ssl/library/tls_tht.py index 93dfc778b..70b8df61c 100644 --- a/roles/overcloud-ssl/library/tls_tht.py +++ b/roles/overcloud-ssl/library/tls_tht.py @@ -74,7 +74,11 @@ def _open_yaml(filename): def create_enable_file(certpem, keypem, source_dir, dest_dir, tht_release): - output_dict = _open_yaml("{}environments/ssl/enable-tls.yaml".format(source_dir)) + # environments/ssl/* is preferred starting with pike + if tht_release in ['mitaka', 'newton', 'ocata']: + output_dict = _open_yaml("{}environments/enable-tls.yaml".format(source_dir)) + else: + output_dict = _open_yaml("{}environments/ssl/enable-tls.yaml".format(source_dir)) if tht_release == 'mitaka': for key in output_dict["parameter_defaults"]["EndpointMap"]: @@ -84,8 +88,10 @@ def create_enable_file(certpem, keypem, source_dir, dest_dir, tht_release): output_dict["parameter_defaults"]["SSLCertificate"] = certpem output_dict["parameter_defaults"]["SSLKey"] = keypem - output_dict["resource_registry"]["OS::TripleO::NodeTLSData"] = \ - "{}/puppet/extraconfig/tls/tls-cert-inject.yaml".format(source_dir) + # NoteTLSData has been deprecated/removed in rocky and onwards + if tht_release in ['mitaka', 'newton', 'ocata', 'pike', 'queens']: + output_dict["resource_registry"]["OS::TripleO::NodeTLSData"] = \ + "{}/puppet/extraconfig/tls/tls-cert-inject.yaml".format(source_dir) with open("{}enable-tls.yaml".format(dest_dir), "w") as stream: yaml.safe_dump(output_dict, stream, default_style='|')