From ef85df2335f21b82c04e752e039b30d45b4483ab Mon Sep 17 00:00:00 2001
From: Jeffrey Zhang <zhang.lei.fly@gmail.com>
Date: Sat, 23 Sep 2017 14:58:23 +0800
Subject: [PATCH] Copy certifications info octavia housekeeping and health
 manager container

octavia-housekeeping container need certifications to create spare
amphore instances.

octavia-health-manager container need certifications to create stable
amphore instances.

Change-Id: I90b9c4c39f6542bb1ee5f40a8d0a39ae8d0ab2b0
Closes-Bug: #1719063
---
 ansible/roles/octavia/handlers/main.yml       |  2 ++
 ansible/roles/octavia/tasks/config.yml        | 36 ++++++++++++++++++-
 .../templates/octavia-health-manager.json.j2  | 18 ++++++++++
 .../templates/octavia-housekeeping.json.j2    | 18 ++++++++++
 4 files changed, 73 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/octavia/handlers/main.yml b/ansible/roles/octavia/handlers/main.yml
index 8740b990fe..0192932c73 100644
--- a/ansible/roles/octavia/handlers/main.yml
+++ b/ansible/roles/octavia/handlers/main.yml
@@ -39,6 +39,7 @@
     - service.enabled | bool
     - config_json.changed | bool
       or octavia_conf.changed | bool
+      or octavia_health_manager_certificate.changed | bool
       or octavia_health_manager_container.changed | bool
 
 - name: Restart octavia-housekeeping container
@@ -60,6 +61,7 @@
     - service.enabled | bool
     - config_json.changed | bool
       or octavia_conf.changed | bool
+      or octavia_housekeeping_certificate.changed | bool
       or octavia_housekeeping_container.changed | bool
 
 - name: Restart octavia-worker container
diff --git a/ansible/roles/octavia/tasks/config.yml b/ansible/roles/octavia/tasks/config.yml
index 93db2bcb32..f6a8b003e6 100644
--- a/ansible/roles/octavia/tasks/config.yml
+++ b/ansible/roles/octavia/tasks/config.yml
@@ -42,7 +42,7 @@
   notify:
     - "Restart {{ item.key }} container"
 
-- name: Copying certificate files
+- name: Copying certificate files for octavia-worker
   vars:
     service: "{{ octavia_services['octavia-worker'] }}"
   copy:
@@ -59,6 +59,40 @@
   notify:
     - Restart octavia-worker container
 
+- name: Copying certificate files for octavia-housekeeping
+  vars:
+    service: "{{ octavia_services['octavia-housekeeping'] }}"
+  copy:
+    src: "{{ node_custom_config }}/octavia/{{ item }}"
+    dest: "{{ node_config_directory }}/octavia-housekeeping/{{ item }}"
+  register: octavia_housekeeping_certificate
+  when:
+    - inventory_hostname in groups[service.group]
+    - service.enabled | bool
+  with_items:
+    - cakey.pem
+    - ca_01.pem
+    - client.pem
+  notify:
+    - Restart octavia-housekeeping container
+
+- name: Copying certificate files for octavia-health-manager
+  vars:
+    service: "{{ octavia_services['octavia-health-manager'] }}"
+  copy:
+    src: "{{ node_custom_config }}/octavia/{{ item }}"
+    dest: "{{ node_config_directory }}/octavia-health-manager/{{ item }}"
+  register: octavia_health_manager_certificate
+  when:
+    - inventory_hostname in groups[service.group]
+    - service.enabled | bool
+  with_items:
+    - cakey.pem
+    - ca_01.pem
+    - client.pem
+  notify:
+    - Restart octavia-health-manager container
+
 - name: Check octavia containers
   kolla_docker:
     action: "compare_container"
diff --git a/ansible/roles/octavia/templates/octavia-health-manager.json.j2 b/ansible/roles/octavia/templates/octavia-health-manager.json.j2
index ed0f102c62..51d83f40af 100644
--- a/ansible/roles/octavia/templates/octavia-health-manager.json.j2
+++ b/ansible/roles/octavia/templates/octavia-health-manager.json.j2
@@ -6,6 +6,24 @@
             "dest": "/etc/octavia/octavia.conf",
             "owner": "octavia",
             "perm": "0600"
+        },
+        {
+            "source": "{{ container_config_directory }}/cakey.pem",
+            "dest": "/etc/octavia/certs/private/cakey.pem",
+            "owner": "octavia",
+            "perm": "0600"
+        },
+        {
+            "source": "{{ container_config_directory }}/ca_01.pem",
+            "dest": "/etc/octavia/certs/ca_01.pem",
+            "owner": "octavia",
+            "perm": "0600"
+        },
+        {
+            "source": "{{ container_config_directory }}/client.pem",
+            "dest": "/etc/octavia/certs/client.pem",
+            "owner": "octavia",
+            "perm": "0600"
         }
     ]
 }
diff --git a/ansible/roles/octavia/templates/octavia-housekeeping.json.j2 b/ansible/roles/octavia/templates/octavia-housekeeping.json.j2
index a112332833..16731e271e 100644
--- a/ansible/roles/octavia/templates/octavia-housekeeping.json.j2
+++ b/ansible/roles/octavia/templates/octavia-housekeeping.json.j2
@@ -6,6 +6,24 @@
             "dest": "/etc/octavia/octavia.conf",
             "owner": "octavia",
             "perm": "0600"
+        },
+        {
+            "source": "{{ container_config_directory }}/cakey.pem",
+            "dest": "/etc/octavia/certs/private/cakey.pem",
+            "owner": "octavia",
+            "perm": "0600"
+        },
+        {
+            "source": "{{ container_config_directory }}/ca_01.pem",
+            "dest": "/etc/octavia/certs/ca_01.pem",
+            "owner": "octavia",
+            "perm": "0600"
+        },
+        {
+            "source": "{{ container_config_directory }}/client.pem",
+            "dest": "/etc/octavia/certs/client.pem",
+            "owner": "octavia",
+            "perm": "0600"
         }
     ]
 }