openstack/kolla-ansible
Code Issues Proposed changes

Fix Octavia CA cert paths

Browse Source 
This fixes Octavia in scenarios requiring providing
CA cert (self-signed, internally-signed).

Change-Id: I60b7ec85f4fd8bbacf5df0ab7ed9a00658c91871
Closes-Bug: #1872404
This commit is contained in:
lixuehai 2020-04-13 14:11:29 +08:00 committed by Radosław Piliszek
parent 969159cc17
commit ea4505f17a
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ansible/roles/octavia/templates/octavia.conf.j2
View File

@ -30,6 +30,7 @@ password = {{ octavia_keystone_password }}
user_domain_name = {{ default_user_domain_name }}
project_name = {{ openstack_auth.project_name }}
project_domain_name = {{ default_project_domain_name }}
cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
@ -84,14 +85,14 @@ policy_file = {{ octavia_policy_file }}
[glance]
region_name = {{ openstack_region_name }}
endpoint_type = internal
ca_certificates_file == {{ openstack_cacert }}
ca_certificates_file = {{ openstack_cacert }}
[neutron]
region_name = {{ openstack_region_name }}
endpoint_type = internal
ca_certificates_file == {{ openstack_cacert }}
ca_certificates_file = {{ openstack_cacert }}
[nova]
region_name = {{ openstack_region_name }}
endpoint_type = internal
ca_certificates_file == {{ openstack_cacert }}
ca_certificates_file = {{ openstack_cacert }}

6
releasenotes/notes/bug-1872404-dc092ab1ce84c71d.yaml Normal file
View File

@ -0,0 +1,6 @@
---
fixes:
- |
Fixes Octavia in internally-signed (e.g. self-signed) cert TLS deployments
by providing path to CA cert file in proper config places.
`LP#1872404 <https://launchpad.net/bugs/1872404>`__