From 5d3eed23a736144b69909f388300d1587f7862e2 Mon Sep 17 00:00:00 2001
From: Matthew N Heler <matthew.heler@hotmail.com>
Date: Sun, 26 Feb 2023 08:44:22 -0600
Subject: [PATCH] Set the etcd internal hostname and cacert for tls internal
 enabled deployments

This allows services to work with etcd when coordination is enabled
for TLS internal deployments. Without this fix, we fail to connect to
etcd with the coordination backend and the service itself crashes.

Change-Id: I0c1d6b87e663e48c15a846a2774b0a4531a3ca68
---
 ansible/roles/cinder/templates/cinder.conf.j2             | 2 +-
 ansible/roles/ironic/templates/ironic-inspector.conf.j2   | 2 +-
 .../fix-etcd-coordination-config-b1c9f900ef13be13.yaml    | 8 ++++++++
 3 files changed, 10 insertions(+), 2 deletions(-)
 create mode 100644 releasenotes/notes/fix-etcd-coordination-config-b1c9f900ef13be13.yaml

diff --git a/ansible/roles/cinder/templates/cinder.conf.j2 b/ansible/roles/cinder/templates/cinder.conf.j2
index 914e8b2dfd..a7ebf2c099 100644
--- a/ansible/roles/cinder/templates/cinder.conf.j2
+++ b/ansible/roles/cinder/templates/cinder.conf.j2
@@ -241,5 +241,5 @@ backend_url = {{ redis_connection_string }}
 # NOTE(yoctozepto): we must use etcd3gw (aka etcd3+http) due to issues with alternative (etcd3) and eventlet (as used by cinder)
 # see https://bugs.launchpad.net/kolla-ansible/+bug/1854932
 # and https://review.opendev.org/466098 for details
-backend_url = etcd3+{{ internal_protocol }}://{{ kolla_internal_vip_address }}:{{ etcd_client_port }}
+backend_url = etcd3+{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ etcd_client_port }}{% if openstack_cacert %}?ca_cert={{ openstack_cacert }}{% endif %}
 {% endif %}
diff --git a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
index 51a34c2a51..d0fe3a3bf0 100644
--- a/ansible/roles/ironic/templates/ironic-inspector.conf.j2
+++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
@@ -86,5 +86,5 @@ backend_url = {{ redis_connection_string }}
 # NOTE(yoctozepto): we must use etcd3gw (aka etcd3+http) due to issues with alternative (etcd3) and eventlet (as used by cinder)
 # see https://bugs.launchpad.net/kolla-ansible/+bug/1854932
 # and https://review.opendev.org/466098 for details
-backend_url = etcd3+{{ internal_protocol }}://{{  kolla_internal_vip_address }}:{{ etcd_client_port }}
+backend_url = etcd3+{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ etcd_client_port }}{% if openstack_cacert %}?ca_cert={{ openstack_cacert }}{% endif %}
 {% endif %}
diff --git a/releasenotes/notes/fix-etcd-coordination-config-b1c9f900ef13be13.yaml b/releasenotes/notes/fix-etcd-coordination-config-b1c9f900ef13be13.yaml
new file mode 100644
index 0000000000..ec8c3dcb94
--- /dev/null
+++ b/releasenotes/notes/fix-etcd-coordination-config-b1c9f900ef13be13.yaml
@@ -0,0 +1,8 @@
+---
+fixes:
+  - |
+    Set the etcd internal hostname and cacert for tls internal enabled
+    deployments. This allows services to work with etcd when
+    coordination is enabled for TLS interal deployments. Without this
+    fix, the coordination backend fails to connect to etcd and the
+    service itself crashes.