From 8492420407071dd189904be5a3939ae3655a1e83 Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jim@acmegating.com>
Date: Wed, 28 Sep 2022 10:04:32 -0700
Subject: [PATCH] Correct internal tracing server cert name

We have instructed zuul to connect to tracing.opendev.org, but
we are generating a certificate using opendev-ca with
S=tracing01.opendev.org.  Update the certificate with the correct
subject.

This also corrects the opendev-ca role which assumed that the cert
filename would always be inventory_hostname.

Change-Id: I9b6b0534f058d386e01910bb7efc30312f3d72ad
---
 playbooks/roles/jaeger/tasks/main.yaml     | 1 +
 playbooks/roles/opendev-ca/tasks/main.yaml | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/playbooks/roles/jaeger/tasks/main.yaml b/playbooks/roles/jaeger/tasks/main.yaml
index 69a28e8477..fe22615f99 100644
--- a/playbooks/roles/jaeger/tasks/main.yaml
+++ b/playbooks/roles/jaeger/tasks/main.yaml
@@ -37,6 +37,7 @@
     name: opendev-ca
   vars:
     opendev_ca_name: jaeger
+    opendev_ca_server: "tracing.opendev.org"
     opendev_ca_cert_dir: /var/jaeger/tls
     opendev_ca_cert_dir_owner: "{{ jaeger_user }}"
     opendev_ca_cert_dir_group: "{{ jaeger_group }}"
diff --git a/playbooks/roles/opendev-ca/tasks/main.yaml b/playbooks/roles/opendev-ca/tasks/main.yaml
index 8c1e5c350a..3c37faa2e3 100644
--- a/playbooks/roles/opendev-ca/tasks/main.yaml
+++ b/playbooks/roles/opendev-ca/tasks/main.yaml
@@ -35,15 +35,15 @@
 
 - name: Copy TLS cert into place
   copy:
-    src: "{{ opendev_ca_root }}/certs/{{ inventory_hostname }}.pem"
+    src: "{{ opendev_ca_root }}/certs/{{ opendev_ca_server }}.pem"
     dest: "{{ opendev_ca_cert_dir }}/certs/cert.pem"
 
 - name: Copy TLS key into place
   copy:
-    src: "{{ opendev_ca_root }}/keys/{{ inventory_hostname }}key.pem"
+    src: "{{ opendev_ca_root }}/keys/{{ opendev_ca_server }}key.pem"
     dest: "{{ opendev_ca_cert_dir }}/keys/key.pem"
 
 - name: Copy TLS keystore into place
   copy:
-    src: "{{ opendev_ca_root }}/keystores/{{ inventory_hostname }}.pem"
+    src: "{{ opendev_ca_root }}/keystores/{{ opendev_ca_server }}.pem"
     dest: "{{ opendev_ca_cert_dir }}/keys/keystore.pem"