openstack/kolla-ansible
Code Issues Proposed changes

Don't notify handlers during copy-cert

Browse Source 
This is a prerequisite for patchset #745164

This fixes unwanted restarts during copying of certificates.
By removing conditional statements from role handlers in #745164,
copying certificates caused containers to restart, this is unwanted
during the genconfig process. However, if we would remove handler
notifiers from copying certificates, the container would never
restart, since from #745164, containers will restart only if any
of the files specified in config.json change. Certificates are now
copied to intermediary location inside of the container, from which
the script kolla_copy_cacerts will install them in the trust store.

Depends-on: https://review.opendev.org/c/openstack/kolla/+/926882
Change-Id: Ib89048c7e0f250182c4bf57d8c8a1b5478e9b4ab
Signed-off-by: Roman Krček <roman.krcek@tietoevry.com>
This commit is contained in:
Roman Krček 2024-07-22 16:57:51 +02:00 committed by Michal Arbet
parent d3a41c8839
commit 006ff07185
188 changed files with 1085 additions and 199 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ansible/roles/aodh/templates/aodh-api.json.j2
View File

@ -20,6 +20,12 @@
"dest": "/etc/aodh/{{ aodh_policy_file }}",
"owner": "aodh",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/aodh/templates/aodh-evaluator.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/aodh/{{ aodh_policy_file }}",
"owner": "aodh",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/aodh/templates/aodh-listener.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/aodh/{{ aodh_policy_file }}",
"owner": "aodh",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/aodh/templates/aodh-notifier.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/aodh/{{ aodh_policy_file }}",
"owner": "aodh",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

2
ansible/roles/barbican/defaults/main.yml
View File

@ -213,3 +213,5 @@ barbican_enabled_notification_topics: "{{ barbican_notification_topics | selecta
# TLS
####################
barbican_enable_tls_backend: "{{ kolla_enable_tls_backend }}"
barbican_copy_certs: "{{ kolla_copy_ca_into_containers | bool or barbican_enable_tls_backend | bool }}"

2
ansible/roles/barbican/tasks/config.yml
View File

@ -44,7 +44,7 @@
- include_tasks: copy-certs.yml
when:
- kolla_copy_ca_into_containers | bool or barbican_enable_tls_backend | bool
- barbican_copy_certs
- name: Copying over config.json files for services
template:

6
ansible/roles/barbican/templates/barbican-api.json.j2
View File

@ -37,6 +37,12 @@
"dest": "/etc/barbican/{{ barbican_policy_file }}",
"owner": "barbican",
"perm": "0600"
}{% endif %}{% if barbican_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/barbican/templates/barbican-keystone-listener.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/barbican/{{ barbican_policy_file }}",
"owner": "barbican",
"perm": "0600"
}{% endif %}{% if barbican_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

7
ansible/roles/barbican/templates/barbican-worker.json.j2
View File

@ -13,6 +13,13 @@
"owner": "barbican",
"perm": "0600"
}{% endif %}
{% if barbican_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [
{

6
ansible/roles/blazar/templates/blazar-api.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/blazar/{{ blazar_policy_file }}",
"owner": "blazar",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/blazar/templates/blazar-manager.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/blazar/{{ blazar_policy_file }}",
"owner": "blazar",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

8
ansible/roles/ceilometer/templates/ceilometer-central.json.j2
View File

@ -42,7 +42,13 @@
"dest": "/etc/ceilometer/pipeline.yaml",
"owner": "ceilometer",
"perm": "0600"
}
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [
{

6
ansible/roles/ceilometer/templates/ceilometer-compute.json.j2
View File

@ -42,6 +42,12 @@
"dest": "/etc/ceilometer/vmware_ca",
"owner": "ceilometer",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/ceilometer/templates/ceilometer-ipmi.json.j2
View File

@ -30,6 +30,12 @@
"dest": "/etc/ceilometer/meters.d",
"owner": "ceilometer",
"perm": "0700"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/ceilometer/templates/ceilometer-notification.json.j2
View File

@ -42,6 +42,12 @@
"dest": "/etc/ceilometer/{{ ceilometer_policy_file }}",
"owner": "ceilometer",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

1
ansible/roles/cinder/defaults/main.yml
View File

@ -342,6 +342,7 @@ cinder_ks_user_roles:
# TLS
####################
cinder_enable_tls_backend: "{{ kolla_enable_tls_backend }}"
cinder_copy_certs: "{{ kolla_copy_ca_into_containers | bool or cinder_enable_tls_backend | bool }}"
############
# Clustering

2
ansible/roles/cinder/tasks/config.yml
View File

@ -42,7 +42,7 @@
- include_tasks: copy-certs.yml
when:
- kolla_copy_ca_into_containers | bool or cinder_enable_tls_backend | bool
- cinder_copy_certs
- name: Copying over config.json files for services
template:

8
ansible/roles/cinder/templates/cinder-api.json.j2
View File

@ -32,7 +32,13 @@
"dest": "/etc/cinder/certs/cinder-key.pem",
"owner": "cinder",
"perm": "0600"
}
}{% if cinder_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
{% endif %}],
"permissions": [
{

6
ansible/roles/cinder/templates/cinder-backup.json.j2
View File

@ -18,6 +18,12 @@
"dest": "/etc/ceph",
"owner": "cinder",
"perm": "0600"
}{% endif %}{% if cinder_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/cinder/templates/cinder-scheduler.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/cinder/{{ cinder_policy_file }}",
"owner": "cinder",
"perm": "0600"
}{% endif %}{% if cinder_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/cinder/templates/cinder-volume.json.j2
View File

@ -38,6 +38,12 @@
"dest": "/etc/cinder/{{ cinder_policy_file }}",
"owner": "cinder",
"perm": "0600"
}{% endif %}{% if cinder_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/cloudkitty/templates/cloudkitty-api.json.j2
View File

@ -26,6 +26,12 @@
"dest": "/etc/cloudkitty/{{ cloudkitty_custom_metrics_yaml_file }}",
"owner": "cloudkitty",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/cloudkitty/templates/cloudkitty-processor.json.j2
View File

@ -18,6 +18,12 @@
"dest": "/etc/cloudkitty/{{ cloudkitty_custom_metrics_yaml_file }}",
"owner": "cloudkitty",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

8
ansible/roles/common/templates/cron.json.j2
View File

@ -7,6 +7,12 @@
"dest": "/etc/logrotate.conf",
"owner": "root",
"perm": "0600"
}
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

8
ansible/roles/common/templates/fluentd.json.j2
View File

@ -6,7 +6,13 @@
"dest": "/etc/fluentd/fluentd.conf",
"owner": "fluentd",
"perm": "0600"
}
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [
{

6
ansible/roles/common/templates/kolla-toolbox.json.j2
View File

@ -18,6 +18,12 @@
"dest": "/etc/rabbitmq/erl_inetrc",
"owner": "rabbitmq",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/cyborg/templates/cyborg-agent.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/cyborg/{{ cyborg_policy_file }}",
"owner": "cyborg",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/cyborg/templates/cyborg-api.json.j2
View File

@ -18,6 +18,12 @@
"dest": "/etc/cyborg/{{ cyborg_policy_file }}",
"owner": "cyborg",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/cyborg/templates/cyborg-conductor.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/cyborg/{{ cyborg_policy_file }}",
"owner": "cyborg",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/designate/templates/designate-api.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

8
ansible/roles/designate/templates/designate-backend-bind9.json.j2
View File

@ -23,7 +23,13 @@
"owner": "root",
"perm": "0600",
"optional": true
}
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [
{

6
ansible/roles/designate/templates/designate-central.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/designate/templates/designate-mdns.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/designate/templates/designate-producer.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/designate/templates/designate-sink.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

8
ansible/roles/designate/templates/designate-worker.json.j2
View File

@ -33,7 +33,13 @@
"owner": "designate",
"perm": "0600",
"optional": true
}
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [
{

5
ansible/roles/etcd/defaults/main.yml
View File

@ -80,3 +80,8 @@ etcd_peer_internal_endpoint: "{{ etcd_protocol }}://{{ api_interface_address | p
# Managing members
###################
etcd_remove_deleted_members: "no"
###################
# Copy certificates
###################
etcd_copy_certs: "{{ kolla_copy_ca_into_containers | bool or etcd_enable_tls | bool }}"

2
ansible/roles/etcd/tasks/config.yml
View File

@ -21,4 +21,4 @@
- include_tasks: copy-certs.yml
when:
- etcd_enable_tls | bool
- etcd_copy_certs

52
ansible/roles/etcd/tasks/copy-certs.yml
View File

@ -1,50 +1,6 @@
---
- name: "{{ project_name }} | Copying over extra CA certificates"
become: true
copy:
src: "{{ kolla_certificates_dir }}/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when:
- kolla_copy_ca_into_containers | bool
with_dict: "{{ etcd_services | select_services_enabled_and_mapped_to_host }}"
notify:
- "Restart {{ item.key }} container"
- name: "{{ project_name }} | Copying over etcd TLS certificate"
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
certs:
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}/{{ project_name }}-cert.pem"
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-cert.pem"
- "{{ kolla_certificates_dir }}/{{ project_name }}-cert.pem"
- "{{ kolla_tls_backend_cert }}"
backend_tls_cert: "{{ lookup('first_found', certs) }}"
copy:
src: "{{ backend_tls_cert }}"
dest: "{{ node_config_directory }}/{{ item.key }}/{{ project_name }}-cert.pem"
mode: "0644"
become: true
with_dict: "{{ etcd_services | select_services_enabled_and_mapped_to_host }}"
notify:
- "Restart {{ item.key }} container"
when:
- etcd_enable_tls | bool
- name: "{{ project_name }} | Copying over etcd TLS key"
vars:
keys:
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}/{{ project_name }}-key.pem"
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-key.pem"
- "{{ kolla_certificates_dir }}/{{ project_name }}-key.pem"
- "{{ kolla_tls_backend_key }}"
backend_tls_key: "{{ lookup('first_found', keys) }}"
copy:
src: "{{ backend_tls_key }}"
dest: "{{ node_config_directory }}/{{ item.key }}/{{ project_name }}-key.pem"
mode: "0600"
become: true
with_dict: "{{ etcd_services | select_services_enabled_and_mapped_to_host }}"
notify:
- "Restart {{ item.key }} container"
when:
- etcd_enable_tls | bool
project_services: "{{ etcd_services }}"

6
ansible/roles/etcd/templates/etcd.json.j2
View File

@ -13,6 +13,12 @@
"dest": "/etc/etcd/certs/etcd-key.pem",
"owner": "etcd",
"perm": "0600"
}{% endif %}{% if etcd_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

5
ansible/roles/glance/defaults/main.yml
View File

@ -298,3 +298,8 @@ glance_tls_proxy_check_timeout: "10s"
# Check http://www.haproxy.org/download/1.5/doc/configuration.txt for available options
glance_tls_proxy_defaults_balance: "roundrobin"
###################
# Copy certificates
###################
glance_copy_certs: "{{ kolla_copy_ca_into_containers | bool or glance_enable_tls_backend | bool }}"

2
ansible/roles/glance/tasks/config.yml
View File

@ -34,7 +34,7 @@
- include_tasks: copy-certs.yml
when:
- kolla_copy_ca_into_containers | bool or glance_enable_tls_backend | bool
- glance_copy_certs
- name: Creating TLS backend PEM File
vars:

6
ansible/roles/glance/templates/glance-api.json.j2
View File

@ -42,6 +42,12 @@
"dest": "/etc/glance/property-protections-rules.conf",
"owner": "glance",
"perm": "0600"
}{% endif %}{% if glance_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

8
ansible/roles/glance/templates/glance-tls-proxy.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/glance/certs/glance-cert-and-key.pem",
"owner": "glance",
"perm": "0600"
}
}{% if glance_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

7
ansible/roles/gnocchi/templates/gnocchi-api.json.j2
View File

@ -26,8 +26,13 @@
"dest": "/etc/ceph",
"owner": "gnocchi",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [
{

6
ansible/roles/gnocchi/templates/gnocchi-metricd.json.j2
View File

@ -18,6 +18,12 @@
"dest": "/etc/ceph",
"owner": "gnocchi",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/gnocchi/templates/gnocchi-statsd.json.j2
View File

@ -18,6 +18,12 @@
"dest": "/etc/ceph",
"owner": "gnocchi",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

8
ansible/roles/grafana/templates/grafana.json.j2
View File

@ -42,7 +42,13 @@
"owner": "grafana",
"perm": "0755",
"optional": true
}
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [
{

2
ansible/roles/heat/defaults/main.yml
View File

@ -243,3 +243,5 @@ heat_ks_user_roles:
# TLS
####################
heat_enable_tls_backend: "{{ kolla_enable_tls_backend }}"
heat_copy_certs: "{{ kolla_copy_ca_into_containers | bool or heat_enable_tls_backend | bool }}"

2
ansible/roles/heat/tasks/config.yml
View File

@ -30,7 +30,7 @@
- include_tasks: copy-certs.yml
when:
- kolla_copy_ca_into_containers | bool or heat_enable_tls_backend | bool
- heat_copy_certs
- name: Copying over config.json files for services
become: true

8
ansible/roles/heat/templates/heat-api-cfn.json.j2
View File

@ -32,7 +32,13 @@
"owner": "heat",
"perm": "0600"
}
{% endif %}
{% endif %}{% if heat_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [
{

8
ansible/roles/heat/templates/heat-api.json.j2
View File

@ -32,7 +32,13 @@
"owner": "heat",
"perm": "0600"
}
{% endif %}
{% endif %}{% if heat_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [
{

6
ansible/roles/heat/templates/heat-engine.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/heat/{{ heat_policy_file }}",
"owner": "heat",
"perm": "0600"
}{% endif %}{% if heat_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

5
ansible/roles/horizon/defaults/main.yml
View File

@ -157,3 +157,8 @@ horizon_source_version: "{{ kolla_source_version }}"
# Therefore, instead of overriding the whole "horizon_keystone_url", this change allows an easier integration because
# the Keystone public URL is already defined with variable "keystone_public_url".
horizon_use_keystone_public_url: False
###################
# Copy certificates
###################
horizon_copy_certs: "{{ kolla_copy_ca_into_containers | bool or horizon_enable_tls_backend | bool }}"

2
ansible/roles/horizon/tasks/config.yml
View File

@ -127,4 +127,4 @@
- include_tasks: copy-certs.yml
when:
- kolla_copy_ca_into_containers | bool or horizon_enable_tls_backend | bool
- horizon_copy_certs

7
ansible/roles/horizon/templates/horizon.json.j2
View File

@ -48,5 +48,12 @@
"owner": "horizon",
"perm": "0600"
}{% endif %}
{% if horizon_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

2
ansible/roles/ironic/defaults/main.yml
View File

@ -378,3 +378,5 @@ ironic_ks_user_roles:
# TLS
####################
ironic_enable_tls_backend: "{{ kolla_enable_tls_backend }}"
ironic_copy_certs: "{{ kolla_copy_ca_into_containers | bool or ironic_enable_tls_backend | bool }}"

2
ansible/roles/ironic/tasks/config.yml
View File

@ -75,7 +75,7 @@
- include_tasks: copy-certs.yml
when:
- kolla_copy_ca_into_containers | bool or ironic_enable_tls_backend | bool
- ironic_copy_certs
- name: Copying over config.json files for services
template:

6
ansible/roles/ironic/templates/ironic-conductor.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/ironic/{{ ironic_policy_file }}",
"owner": "ironic",
"perm": "0600"
}{% endif %}{% if ironic_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

8
ansible/roles/ironic/templates/ironic-dnsmasq.json.j2
View File

@ -6,6 +6,12 @@
"dest": "/etc/dnsmasq.conf",
"owner": "root",
"perm": "0600"
}
}{% if ironic_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

8
ansible/roles/ironic/templates/ironic-http.json.j2
View File

@ -28,6 +28,12 @@
"dest": "/etc/{{ apache_conf_dir }}/httpboot.conf",
"owner": "root",
"perm": "0644"
}
}{% if ironic_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

5
ansible/roles/ironic/templates/ironic-inspector.json.j2
View File

@ -17,6 +17,11 @@
"source": "{{ container_config_directory }}/known_devices.yaml",
"dest": "/etc/ironic-inspector/known_devices.yaml",
"owner": "ironic-inspector",
}{% endif %}{% if ironic_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]

8
ansible/roles/ironic/templates/ironic-prometheus-exporter.json.j2
View File

@ -14,7 +14,13 @@
"dest": "/etc/ironic/ironic.conf",
"owner": "ironic",
"perm": "0600"
}
}{% if ironic_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [
{

5
ansible/roles/keystone/defaults/main.yml
View File

@ -246,3 +246,8 @@ keystone_oidc_enable_memcached: "{{ enable_memcached }}"
# Database
keystone_database_enable_tls_internal: "{{ database_enable_tls_internal | bool }}"
###################
# Copy certificates
###################
keystone_copy_certs: "{{ kolla_copy_ca_into_containers | bool or keystone_enable_tls_backend | bool }}"

2
ansible/roles/keystone/tasks/config.yml
View File

@ -37,7 +37,7 @@
- include_tasks: copy-certs.yml
when:
- kolla_copy_ca_into_containers | bool or keystone_enable_tls_backend | bool
- keystone_copy_certs
- name: Copying over config.json files for services
template:

6
ansible/roles/keystone/templates/keystone-fernet.json.j2
View File

@ -55,6 +55,12 @@
"dest": "/usr/bin/fernet-healthcheck.sh",
"owner": "root",
"perm": "0755"
}{% endif %}{% if keystone_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

8
ansible/roles/keystone/templates/keystone-ssh.json.j2
View File

@ -12,7 +12,13 @@
"dest": "/var/lib/keystone/.ssh/authorized_keys",
"owner": "keystone",
"perm": "0600"
}
}{% if keystone_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [
{

9
ansible/roles/keystone/templates/keystone.json.j2
View File

@ -67,8 +67,13 @@
"owner": "{{ apache_user }}:{{ apache_user }}",
"perm": "0600",
"merge": true
}
{% endif %}
}{% endif %}{% if keystone_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [
{

6
ansible/roles/kuryr/templates/kuryr.json.j2
View File

@ -18,6 +18,12 @@
"dest": "/etc/kuryr/{{ kuryr_policy_file }}",
"owner": "kuryr",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

8
ansible/roles/letsencrypt/templates/letsencrypt-lego.json.j2
View File

@ -20,7 +20,13 @@
"dest": "/var/lib/letsencrypt/.ssh/id_rsa",
"owner": "letsencrypt",
"perm": "0600"
}
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

8
ansible/roles/letsencrypt/templates/letsencrypt-webserver.json.j2
View File

@ -9,6 +9,12 @@
"dest": "/etc/{{ letsencrypt_apache_dir }}/letsencrypt-webserver.conf",
"owner": "letsencrypt",
"perm": "0600"
}
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

8
ansible/roles/loadbalancer/templates/haproxy-ssh/haproxy-ssh.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/var/lib/haproxy/.ssh/authorized_keys",
"owner": "haproxy",
"perm": "0600"
}
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

8
ansible/roles/loadbalancer/templates/haproxy/haproxy.json.j2
View File

@ -40,6 +40,12 @@
"perm": "0600",
"optional": {{ (not kolla_enable_tls_internal | bool) | string | lower }}
}
{% endif %}
{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

8
ansible/roles/loadbalancer/templates/keepalived/keepalived.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/checks",
"owner": "root",
"perm": "0770"
}
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

8
ansible/roles/loadbalancer/templates/proxysql/proxysql.json.j2
View File

@ -24,7 +24,13 @@
"dest": "/etc/proxysql/rules",
"owner": "proxysql",
"perm": "0700"
}
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
{% if database_enable_tls_backend | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates/root.crt",

6
ansible/roles/magnum/templates/magnum-api.json.j2
View File

@ -19,6 +19,12 @@
"dest": "/etc/magnum/{{ magnum_policy_file }}",
"owner": "magnum",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/magnum/templates/magnum-conductor.json.j2
View File

@ -19,6 +19,12 @@
"dest": "/etc/magnum/{{ magnum_policy_file }}",
"owner": "magnum",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/manila/templates/manila-api.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/manila/{{ manila_policy_file }}",
"owner": "manila",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/manila/templates/manila-data.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/manila/{{ manila_policy_file }}",
"owner": "manila",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/manila/templates/manila-scheduler.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/manila/{{ manila_policy_file }}",
"owner": "manila",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/manila/templates/manila-share.json.j2
View File

@ -18,6 +18,12 @@
"dest": "/etc/manila/{{ manila_policy_file }}",
"owner": "manila",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/masakari/templates/masakari-api.json.j2
View File

@ -26,6 +26,12 @@
"dest": "/etc/masakari/{{ masakari_policy_file }}",
"owner": "masakari",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/masakari/templates/masakari-engine.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/masakari/{{ masakari_policy_file }}",
"owner": "masakari",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

8
ansible/roles/masakari/templates/masakari-hostmonitor.json.j2
View File

@ -6,7 +6,13 @@
"dest": "/etc/masakari-monitors/masakari-monitors.conf",
"owner": "masakari",
"perm": "0600"
}
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [
{

6
ansible/roles/masakari/templates/masakari-instancemonitor.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/var/lib/masakari/.config/libvirt/auth.conf",
"owner": "masakari",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/mistral/templates/mistral-api.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/mistral/{{ mistral_policy_file }}",
"owner": "mistral",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/mistral/templates/mistral-engine.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/mistral/{{ mistral_policy_file }}",
"owner": "mistral",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/mistral/templates/mistral-event-engine.json.j2
View File

@ -18,6 +18,12 @@
"dest": "/etc/mistral/{{ mistral_policy_file }}",
"owner": "mistral",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/mistral/templates/mistral-executor.json.j2
View File

@ -12,6 +12,12 @@
"dest": "/etc/mistral/{{ mistral_policy_file }}",
"owner": "mistral",
"perm": "0600"
}{% endif %}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

5
ansible/roles/neutron/defaults/main.yml
View File

@ -940,3 +940,8 @@ neutron_tls_proxy_defaults_balance: "roundrobin"
neutron_dns_integration: "{{ enable_designate | bool }}"
# When overridden by the user, this value must end with a dot.
neutron_dns_domain: "openstacklocal"
###################
# Copy certificates
###################
neutron_copy_certs: "{{ kolla_copy_ca_into_containers | bool or neutron_enable_tls_backend | bool }}"

2
ansible/roles/neutron/tasks/config.yml
View File

@ -19,7 +19,7 @@
- include_tasks: copy-certs.yml
when:
- kolla_copy_ca_into_containers | bool or neutron_enable_tls_backend | bool
- neutron_copy_certs
- name: Creating TLS backend PEM File
vars:

8
ansible/roles/neutron/templates/ironic-neutron-agent.json.j2
View File

@ -12,7 +12,13 @@
"dest": "/etc/neutron/plugins/ml2/ironic_neutron_agent.ini",
"owner": "neutron",
"perm": "0600"
}
}{% if neutron_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [
{

6
ansible/roles/neutron/templates/neutron-bgp-dragent.json.j2
View File

@ -18,6 +18,12 @@
"dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron",
"perm": "0600"
}{% endif %}{% if neutron_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2
View File

@ -24,6 +24,12 @@
"dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron",
"perm": "0600"
}{% endif %}{% if neutron_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

8
ansible/roles/neutron/templates/neutron-eswitchd.json.j2
View File

@ -12,7 +12,13 @@
"dest": "/etc/neutron/plugins/ml2/eswitchd.conf",
"owner": "neutron",
"perm": "0600"
}
}{% if neutron_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [
{

8
ansible/roles/neutron/templates/neutron-infoblox-ipam-agent.json.j2
View File

@ -12,7 +12,13 @@
"dest": "/etc/neutron/plugins/ml2/ml2_conf.ini",
"owner": "neutron",
"perm": "0600"
}
}{% if neutron_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [
{

6
ansible/roles/neutron/templates/neutron-l3-agent.json.j2
View File

@ -36,6 +36,12 @@
"dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron",
"perm": "0600"
}{% endif %}{% if neutron_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

8
ansible/roles/neutron/templates/neutron-linuxbridge-agent.json.j2
View File

@ -26,7 +26,13 @@
"dest": "/etc/neutron/plugins/ml2/linuxbridge_agent.ini",
"owner": "neutron",
"perm": "0600"
}
}{% if neutron_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [
{

6
ansible/roles/neutron/templates/neutron-metadata-agent.json.j2
View File

@ -18,6 +18,12 @@
"dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron",
"perm": "0600"
}{% endif %}{% if neutron_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

6
ansible/roles/neutron/templates/neutron-metering-agent.json.j2
View File

@ -18,6 +18,12 @@
"dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron",
"perm": "0600"
}{% endif %}{% if neutron_copy_certs | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
],
"permissions": [

Some files were not shown because too many files have changed in this diff Show More