openstack/kolla-ansible
Code Issues Proposed changes

Support CA certificate for fluentd & Elasticsearch

Browse Source 
Currently there is no way to configure a CA certificate bundle file for
fluentd to Elasticsearch communication. This change adds a new variable,
'fluentd_elasticsearch_cacert' with a default value set to the value of
'openstack_cacert.

Closes-Bug: #1885109

Change-Id: I5bbf55a4dd4ccce9fa2635cee720139c088268e3
This commit is contained in:
Mark Goddard 2020-06-19 12:49:07 +00:00
parent f13847a5a2
commit 31f3f84859
4 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ansible/roles/common/defaults/main.yml
View File

@ -47,6 +47,7 @@ fluentd_elasticsearch_user: ""
fluentd_elasticsearch_password: "" fluentd_elasticsearch_password: ""
fluentd_elasticsearch_ssl_version: "TLSv1_2" fluentd_elasticsearch_ssl_version: "TLSv1_2"
fluentd_elasticsearch_ssl_verify: "true" fluentd_elasticsearch_ssl_verify: "true"
fluentd_elasticsearch_cacert: "{{ openstack_cacert }}"
#################### ####################
# Docker # Docker

6
ansible/roles/common/templates/conf/output/00-local.conf.j2
View File

@ -21,6 +21,9 @@
{% if fluentd_elasticsearch_scheme == 'https' %} {% if fluentd_elasticsearch_scheme == 'https' %}
ssl_version {{ fluentd_elasticsearch_ssl_version }} ssl_version {{ fluentd_elasticsearch_ssl_version }}
ssl_verify {{ fluentd_elasticsearch_ssl_verify }} ssl_verify {{ fluentd_elasticsearch_ssl_verify }}
{% if fluentd_elasticsearch_cacert | length > 0 %}
ca_file {{ fluentd_elasticsearch_cacert }}
{% endif %}
{% endif %} {% endif %}
{% if fluentd_elasticsearch_user != '' and fluentd_elasticsearch_password != ''%} {% if fluentd_elasticsearch_user != '' and fluentd_elasticsearch_password != ''%}
user {{ fluentd_elasticsearch_user }} user {{ fluentd_elasticsearch_user }}
@ -78,6 +81,9 @@
{% if fluentd_elasticsearch_scheme == 'https' %} {% if fluentd_elasticsearch_scheme == 'https' %}
ssl_version {{ fluentd_elasticsearch_ssl_version }} ssl_version {{ fluentd_elasticsearch_ssl_version }}
ssl_verify {{ fluentd_elasticsearch_ssl_verify }} ssl_verify {{ fluentd_elasticsearch_ssl_verify }}
{% if fluentd_elasticsearch_cacert | length > 0 %}
ca_file {{ fluentd_elasticsearch_cacert }}
{% endif %}
{% endif %} {% endif %}
{% if fluentd_elasticsearch_user != '' and fluentd_elasticsearch_password != ''%} {% if fluentd_elasticsearch_user != '' and fluentd_elasticsearch_password != ''%}
user {{ fluentd_elasticsearch_user }} user {{ fluentd_elasticsearch_user }}

3
ansible/roles/common/templates/conf/output/01-es.conf.j2
View File

@ -11,6 +11,9 @@
{% if fluentd_elasticsearch_scheme == 'https' %} {% if fluentd_elasticsearch_scheme == 'https' %}
ssl_version {{ fluentd_elasticsearch_ssl_version }} ssl_version {{ fluentd_elasticsearch_ssl_version }}
ssl_verify {{ fluentd_elasticsearch_ssl_verify }} ssl_verify {{ fluentd_elasticsearch_ssl_verify }}
{% if fluentd_elasticsearch_cacert | length > 0 %}
ca_file {{ fluentd_elasticsearch_cacert }}
{% endif %}
{% endif %} {% endif %}
{% if fluentd_elasticsearch_user != '' and fluentd_elasticsearch_password != ''%} {% if fluentd_elasticsearch_user != '' and fluentd_elasticsearch_password != ''%}
user {{ fluentd_elasticsearch_user }} user {{ fluentd_elasticsearch_user }}

8
releasenotes/notes/fluentd-elasticsearch-cacert-0e8824dd57052913.yaml Normal file
View File

@ -0,0 +1,8 @@
---
fixes:
- |
Adds a new variable ``fluentd_elasticsearch_cacert``, which defaults to the
value of ``openstack_cacert``. If set, this will be used to set the path of
the CA certificate bundle used by Fluentd when communicating with
Elasticsearch. `LP#1885109
<https://bugs.launchpad.net/kolla-ansible/+bug/1885109>`__