openstack/kolla-ansible
Code Issues Proposed changes
Files
master
kolla-ansible/releasenotes/notes/fix-unrestricted-copying-of-backend-tls-2bade63581b84c80.yaml
Seunghun Lee e092d33245 Fix unrestricted copying of backend TLS certs 
With the change
https://review.opendev.org/c/openstack/kolla-ansible/+/915901
K-A copies backend TLS certificates to all containers of projects
when backend TLS for the project is enabled because of less strict
conditional check.

However, this causes K-A to attempt copying non-existent certificates
from hosts that is not part of backend TLS to containers that are
also not part of backend TLS.

This change makes service-copy-certs task check if a host is part of
``tls-backend`` group when copying backend TLS certificate and key.

Cloeses-Bug: #2105505
Change-Id: I799dc6e6fdccc483784fc3c2088ada69f24412e9
Signed-off-by: Seunghun Lee <seunghun@stackhpc.com>
2025-07-16 12:09:24 +01:00

9 lines
333 B
YAML
Raw Permalink Blame History

---
fixes:
- |
Fixes a bug where K-A can fail service deployment because it
tries to copy backend TLS certificates of some hosts to
containers when both hosts and containers are not part of backend
TLS and do not have certificates to copy.
`LP#2105505 <https://bugs.launchpad.net/kolla-ansible/+bug/2105505>`__
View Git Blame Copy Permalink