diff --git a/ansible/roles/masakari/tasks/config.yml b/ansible/roles/masakari/tasks/config.yml index f81109d346..047814dcb1 100644 --- a/ansible/roles/masakari/tasks/config.yml +++ b/ansible/roles/masakari/tasks/config.yml @@ -58,6 +58,10 @@ notify: - Restart {{ item.key }} container +- include_tasks: copy-certs.yml + when: + - kolla_copy_ca_into_containers | bool + - name: Copying over masakari.conf vars: service: "{{ item.key }}" diff --git a/ansible/roles/masakari/tasks/copy-certs.yml b/ansible/roles/masakari/tasks/copy-certs.yml new file mode 100644 index 0000000000..84e7656a56 --- /dev/null +++ b/ansible/roles/masakari/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ masakari_services }}" diff --git a/ansible/roles/masakari/templates/masakari.conf.j2 b/ansible/roles/masakari/templates/masakari.conf.j2 index bba3704b3a..92dc06b1ed 100644 --- a/ansible/roles/masakari/templates/masakari.conf.j2 +++ b/ansible/roles/masakari/templates/masakari.conf.j2 @@ -12,6 +12,7 @@ os_privileged_user_tenant = service os_privileged_user_auth_url = {{ keystone_internal_url }}/v3 os_privileged_user_name = {{ nova_keystone_user }} os_privileged_user_password = {{ nova_keystone_password }} +nova_ca_certificates_file = {{ openstack_cacert }} [database] connection = mysql+pymysql://{{ masakari_database_user }}:{{ masakari_database_password }}@{{ masakari_database_address }}/{{ masakari_database_name }} diff --git a/releasenotes/notes/fix-masakari-tls-64f010c037e95bea.yaml b/releasenotes/notes/fix-masakari-tls-64f010c037e95bea.yaml new file mode 100644 index 0000000000..9a82cb4fac --- /dev/null +++ b/releasenotes/notes/fix-masakari-tls-64f010c037e95bea.yaml @@ -0,0 +1,8 @@ +--- +fixes: + - | + Fixes an issue with Masakari and internal TLS where CA certificates were + not copied into containers, and the path to the CA file was not configured. + Depends on `masakari bug 1873736 + `__ being fixed. + `LP#1888655 `__