Merge "CI: stop using zuul as kayobe_ansible_user in TLS jobs"

2022-03-03 13:16:13 +00:00 · 2022-03-03 13:16:13 +00:00 · afa8618f6a
commit afa8618f6a
parent b2b013c1cf a0665cd9c6
3 changed files with 12 additions and 4 deletions
--- a/dev/functions
+++ b/dev/functions
@ -404,6 +404,17 @@ function overcloud_deploy {
    if [[ ${KAYOBE_OVERCLOUD_GENERATE_CERTIFICATES} = 1 ]]; then
        echo "Generate TLS certificates"
        run_kayobe kolla ansible run certificates --kolla-extra kolla_certificates_dir=${KAYOBE_CONFIG_PATH}/kolla/certificates
        # Add CA cert to trust store.
        ca_cert=${KAYOBE_CONFIG_PATH}/kolla/certificates/ca/root.crt
        if [[ -e /etc/debian_version ]]; then
            # Ubuntu
            sudo cp $ca_cert "/usr/local/share/ca-certificates/kayobe-customca.crt"
            sudo update-ca-certificates
        elif [[ -e /etc/redhat-release ]]; then
            # CentOS
            sudo cp $ca_cert "/etc/pki/ca-trust/source/anchors/kayobe-customca.crt"
            sudo update-ca-trust
        fi
    fi
    # Note: This must currently be before host configure, because host
--- a/playbooks/kayobe-overcloud-base/globals.yml.j2
+++ b/playbooks/kayobe-overcloud-base/globals.yml.j2
@ -20,6 +20,6 @@ nova_libvirt_logging_debug: False
 kolla_copy_ca_into_containers: "yes"
 kolla_enable_tls_backend: "yes"
 openstack_cacert: "/etc/pki/tls/certs/ca-bundle.crt"
-kolla_admin_openrc_cacert: "{% raw %}{{ '{{' }} kolla_certificates_dir }}{% endraw %}/ca/root.crt"
+kolla_admin_openrc_cacert: "/etc/pki/tls/certs/ca-bundle.crt"
 libvirt_tls: "yes"
 {% endif %}
--- a/playbooks/kayobe-overcloud-base/overrides.yml.j2
+++ b/playbooks/kayobe-overcloud-base/overrides.yml.j2
@ -45,9 +45,6 @@ kolla_ironic_default_boot_interface: ipxe
 kolla_enable_tls_external: "yes"
 kolla_enable_tls_internal: "yes"
 # FIXME: ipa-images fails to access OS_CACERT from /home/zuul.
 kayobe_ansible_user: zuul
 kolla_ironic_pxe_append_params_extra:
  - ipa-insecure=1
 {% endif %}