Merge "Support CA certificate for fluentd & Elasticsearch"

2020-06-26 21:34:29 +00:00 · 2020-06-26 21:34:29 +00:00 · 943c8670da
commit 943c8670da
parent 214a24f4b2 31f3f84859
4 changed files with 18 additions and 0 deletions
--- a/ansible/roles/common/defaults/main.yml
+++ b/ansible/roles/common/defaults/main.yml
@ -47,6 +47,7 @@ fluentd_elasticsearch_user: ""
 fluentd_elasticsearch_password: ""
 fluentd_elasticsearch_ssl_version: "TLSv1_2"
 fluentd_elasticsearch_ssl_verify: "true"
+fluentd_elasticsearch_cacert: "{{ openstack_cacert }}"

 ####################
 # Docker
--- a/ansible/roles/common/templates/conf/output/00-local.conf.j2
+++ b/ansible/roles/common/templates/conf/output/00-local.conf.j2
@ -21,6 +21,9 @@
 {% if fluentd_elasticsearch_scheme == 'https' %}
       ssl_version {{ fluentd_elasticsearch_ssl_version }}
       ssl_verify {{ fluentd_elasticsearch_ssl_verify }}
+{% if fluentd_elasticsearch_cacert | length > 0 %}
+       ca_file {{ fluentd_elasticsearch_cacert }}
+{% endif %}
 {% endif %}
 {% if fluentd_elasticsearch_user != '' and fluentd_elasticsearch_password != ''%}
       user {{ fluentd_elasticsearch_user }}
@ -78,6 +81,9 @@
 {% if fluentd_elasticsearch_scheme == 'https' %}
       ssl_version {{ fluentd_elasticsearch_ssl_version }}
       ssl_verify {{ fluentd_elasticsearch_ssl_verify }}
+{% if fluentd_elasticsearch_cacert | length > 0 %}
+       ca_file {{ fluentd_elasticsearch_cacert }}
+{% endif %}
 {% endif %}
 {% if fluentd_elasticsearch_user != '' and fluentd_elasticsearch_password != ''%}
       user {{ fluentd_elasticsearch_user }}
--- a/ansible/roles/common/templates/conf/output/01-es.conf.j2
+++ b/ansible/roles/common/templates/conf/output/01-es.conf.j2
@ -11,6 +11,9 @@
 {% if fluentd_elasticsearch_scheme == 'https' %}
       ssl_version {{ fluentd_elasticsearch_ssl_version }}
       ssl_verify {{ fluentd_elasticsearch_ssl_verify }}
+{% if fluentd_elasticsearch_cacert | length > 0 %}
+       ca_file {{ fluentd_elasticsearch_cacert }}
+{% endif %}
 {% endif %}
 {% if fluentd_elasticsearch_user != '' and fluentd_elasticsearch_password != ''%}
       user {{ fluentd_elasticsearch_user }}
--- a/releasenotes/notes/fluentd-elasticsearch-cacert-0e8824dd57052913.yaml
+++ b/releasenotes/notes/fluentd-elasticsearch-cacert-0e8824dd57052913.yaml
@ -0,0 +1,8 @@
+---
+fixes:
+  - |
+    Adds a new variable ``fluentd_elasticsearch_cacert``, which defaults to the
+    value of ``openstack_cacert``. If set, this will be used to set the path of
+    the CA certificate bundle used by Fluentd when communicating with
+    Elasticsearch. `LP#1885109
+    <https://bugs.launchpad.net/kolla-ansible/+bug/1885109>`__