Refactor copy certificates task

Refactor service configuration to use the copy certificates task. This
reduces code duplication and simplifies implementing encrypting backend
HAProxy traffic for individual services.

Change-Id: I0474324b60a5f792ef5210ab336639edf7a8cd9e
This commit is contained in:
James Kirsch 2020-04-10 13:53:19 -07:00 committed by Mark Goddard
parent 8cc58e3669
commit 4d155d69cd
100 changed files with 350 additions and 544 deletions

View File

@ -45,19 +45,9 @@
notify: notify:
- "Restart {{ item.key }} container" - "Restart {{ item.key }} container"
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ aodh_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ aodh_services }}"

View File

@ -47,19 +47,9 @@
when: when:
- barbican_policy.results - barbican_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ barbican_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ barbican_services }}"

View File

@ -31,19 +31,9 @@
when: when:
- blazar_policy.results - blazar_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ blazar_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ blazar_services }}"

View File

@ -136,19 +136,9 @@
when: when:
- ceilometer_policy.results - ceilometer_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ ceilometer_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ ceilometer_services }}"

View File

@ -37,19 +37,9 @@
when: when:
- cinder_policy.results - cinder_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ cinder_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ cinder_services }}"

View File

@ -55,19 +55,9 @@
set_fact: set_fact:
cloudkitty_custom_metrics_used: "{{ cloudkitty_custom_metrics_file.stat.exists }}" cloudkitty_custom_metrics_used: "{{ cloudkitty_custom_metrics_file.stat.exists }}"
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ cloudkitty_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ cloudkitty_services }}"

View File

@ -52,18 +52,9 @@
fluentd_binary: "{{ fluentd_labels.images.0.ContainerConfig.Labels.fluentd_binary }}" fluentd_binary: "{{ fluentd_labels.images.0.ContainerConfig.Labels.fluentd_binary }}"
when: enable_fluentd | bool when: enable_fluentd | bool
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ common_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ common_services }}"

View File

@ -31,19 +31,9 @@
when: when:
- congress_policy.results - congress_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ congress_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ congress_services }}"

View File

@ -45,19 +45,9 @@
notify: notify:
- Restart {{ item.key }} container - Restart {{ item.key }} container
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ cyborg_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ cyborg_services }}"

View File

@ -31,19 +31,9 @@
when: when:
- designate_policy.results - designate_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ designate_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ designate_services }}"

View File

@ -12,18 +12,9 @@
- item.value.enabled | bool - item.value.enabled | bool
with_dict: "{{ elasticsearch_services }}" with_dict: "{{ elasticsearch_services }}"
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ elasticsearch_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ elasticsearch_services }}"

View File

@ -31,19 +31,9 @@
when: when:
- freezer_policy.results - freezer_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ freezer_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ freezer_services }}"

View File

@ -35,19 +35,9 @@
when: when:
- glance_policy.results - glance_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ glance_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ glance_services }}"

View File

@ -35,19 +35,9 @@
when: when:
- gnocchi_policy.results - gnocchi_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ gnocchi_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ gnocchi_services }}"

View File

@ -20,18 +20,9 @@
run_once: True run_once: True
register: check_extra_conf_grafana register: check_extra_conf_grafana
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ grafana_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files - name: Copying over config.json files
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ grafana_services }}"

View File

@ -125,19 +125,9 @@
notify: notify:
- Restart haproxy container - Restart haproxy container
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
vars:
service: "{{ haproxy_services['haproxy'] }}"
become: true
copy:
src: "{{ kolla_certificates_dir }}/ca/"
dest: "{{ node_config_directory }}/haproxy/ca-certificates"
mode: "0644"
when: when:
- inventory_hostname in groups[service.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
notify:
- Restart haproxy container
- name: Copying over haproxy start script - name: Copying over haproxy start script
vars: vars:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ haproxy_services }}"

View File

@ -31,19 +31,9 @@
when: when:
- heat_policy.results - heat_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ heat_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
become: true become: true

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ heat_services }}"

View File

@ -133,19 +133,9 @@
notify: notify:
- Restart horizon container - Restart horizon container
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ horizon_services }}"
notify:
- "Restart {{ item.key }} container"
- include_tasks: check-containers.yml - include_tasks: check-containers.yml
when: kolla_action != "config" when: kolla_action != "config"

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ horizon_services }}"

View File

@ -31,19 +31,9 @@
when: when:
- ironic_policy.results - ironic_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ ironic_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ ironic_services }}"

View File

@ -12,19 +12,9 @@
- item.value.enabled | bool - item.value.enabled | bool
with_dict: "{{ karbor_services }}" with_dict: "{{ karbor_services }}"
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ karbor_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ karbor_services }}"

View File

@ -12,19 +12,9 @@
- item.value.enabled | bool - item.value.enabled | bool
with_dict: "{{ kibana_services }}" with_dict: "{{ kibana_services }}"
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ kibana_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ kibana_services }}"

View File

@ -31,19 +31,9 @@
when: when:
- kuryr_policy.results - kuryr_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ kuryr_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ kuryr_services }}"

View File

@ -31,19 +31,9 @@
when: when:
- magnum_policy.results - magnum_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ magnum_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ magnum_services }}"

View File

@ -36,19 +36,9 @@
when: when:
- manila_policy.results - manila_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ manila_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ manila_services }}"

View File

@ -31,19 +31,9 @@
when: when:
- mistral_policy.results - mistral_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ mistral_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ mistral_services }}"

View File

@ -12,19 +12,9 @@
- item.value.enabled | bool - item.value.enabled | bool
with_dict: "{{ monasca_services }}" with_dict: "{{ monasca_services }}"
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ monasca_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ monasca_services }}"

View File

@ -31,19 +31,9 @@
when: when:
- murano_policy.results - murano_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ murano_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ murano_services }}"

View File

@ -20,19 +20,9 @@
changed_when: False changed_when: False
register: check_extra_ml2_plugins register: check_extra_ml2_plugins
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- item.value.host_in_groups | bool
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ neutron_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
become: true become: true

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ neutron_services }}"

View File

@ -12,19 +12,9 @@
- item.value.enabled | bool - item.value.enabled | bool
with_dict: "{{ nova_cell_services }}" with_dict: "{{ nova_cell_services }}"
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ nova_cell_services }}"
notify:
- "Restart {{ item.key }} container"
- include_tasks: external_ceph.yml - include_tasks: external_ceph.yml
when: when:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ nova_cell_services }}"

View File

@ -34,13 +34,6 @@
- "wsgate.ini.j2" - "wsgate.ini.j2"
notify: Restart FreeRDP-WebConnect notify: Restart FreeRDP-WebConnect
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_custom_config }}/nova-hyperv/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ nova_hyperv_services }}"

View File

@ -31,19 +31,9 @@
when: when:
- nova_policy.results - nova_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ nova_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
become: true become: true

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ nova_services }}"

View File

@ -45,19 +45,9 @@
notify: notify:
- "Restart {{ item.key }} container" - "Restart {{ item.key }} container"
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ octavia_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ octavia_services }}"

View File

@ -31,19 +31,9 @@
when: when:
- panko_policy.results - panko_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ panko_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ panko_services }}"

View File

@ -31,19 +31,9 @@
when: when:
- placement_policy.results - placement_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ placement_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
become: true become: true

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ placement_services }}"

View File

@ -12,19 +12,9 @@
- item.value.enabled | bool - item.value.enabled | bool
with_dict: "{{ prometheus_services }}" with_dict: "{{ prometheus_services }}"
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ prometheus_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files - name: Copying over config.json files
become: true become: true

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ prometheus_services }}"

View File

@ -36,19 +36,9 @@
when: when:
- qinling_policy.results - qinling_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ qinling_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ qinling_services }}"

View File

@ -31,19 +31,9 @@
when: when:
- rally_policy.results - rally_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ rally_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ rally_services }}"

View File

@ -31,19 +31,9 @@
when: when:
- sahara_policy.results - sahara_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ sahara_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ sahara_services }}"

View File

@ -31,19 +31,9 @@
when: when:
- searchlight_policy.results - searchlight_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ searchlight_config_jsons }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ searchlight_services }}"

View File

@ -31,19 +31,9 @@
when: when:
- senlin_policy.results - senlin_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ senlin_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ senlin_services }}"

View File

@ -12,19 +12,9 @@
- item.value.enabled | bool - item.value.enabled | bool
with_dict: "{{ skydive_services }}" with_dict: "{{ skydive_services }}"
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ skydive_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over default config.json files - name: Copying over default config.json files
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ skydive_services }}"

View File

@ -12,19 +12,9 @@
- item.value.enabled | bool - item.value.enabled | bool
with_dict: "{{ solum_services }}" with_dict: "{{ solum_services }}"
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ solum_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ solum_services }}"

View File

@ -28,19 +28,9 @@
- "swift-proxy-server" - "swift-proxy-server"
- "swift-rsyncd" - "swift-rsyncd"
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ swift_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ swift_services }}"

View File

@ -31,19 +31,9 @@
when: when:
- tacker_policy.results - tacker_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ tacker_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ tacker_services }}"

View File

@ -12,19 +12,9 @@
- item.value.enabled | bool - item.value.enabled | bool
with_dict: "{{ telegraf_services }}" with_dict: "{{ telegraf_services }}"
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ telegraf_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over default config.json files - name: Copying over default config.json files
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ telegraf_services }}"

View File

@ -12,19 +12,9 @@
- item.value.enabled | bool - item.value.enabled | bool
with_dict: "{{ tempest_services }}" with_dict: "{{ tempest_services }}"
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ tempest_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ tempest_services }}"

View File

@ -31,19 +31,9 @@
when: when:
- trove_policy.results - trove_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ trove_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ trove_services }}"

View File

@ -31,19 +31,9 @@
when: when:
- vitrage_policy.results - vitrage_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ vitrage_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ vitrage_services }}"

View File

@ -31,19 +31,9 @@
when: when:
- watcher_policy.results - watcher_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ watcher_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ watcher_services }}"

View File

@ -31,19 +31,9 @@
when: when:
- zun_policy.results - zun_policy.results
- name: Copying over extra CA certificates - include_tasks: copy-certs.yml
become: true
copy:
src: "{{ node_config }}/certificates/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when: when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
- kolla_copy_ca_into_containers | bool - kolla_copy_ca_into_containers | bool
with_dict: "{{ zun_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ zun_services }}"