Copy-in libvirt certs via kolla extended/start
Instead of bind-mounting directly into the libvirt container, follow the established approach for ditributing certificates in containers. Change-Id: Icdec38004df28988aa3a62019cb092c59d915f0e Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
This commit is contained in:
parent
a3a1ed5933
commit
be5fd4eaeb
@ -235,6 +235,11 @@ outputs:
|
||||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
- source: "/var/lib/kolla/config_files/src-tls/*"
|
||||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
optional: true
|
||||
- source: "/var/lib/kolla/config_files/src-ceph/"
|
||||
dest: "/etc/ceph/"
|
||||
merge: true
|
||||
@ -329,24 +334,24 @@ outputs:
|
||||
- use_tls_for_live_migration
|
||||
-
|
||||
- str_replace:
|
||||
template: "CACERT:/etc/pki/CA/cacert.pem:ro"
|
||||
template: "CACERT:/var/lib/kolla/config_files/src-tls/etc/pki/CA/cacert.pem:ro"
|
||||
params:
|
||||
CACERT:
|
||||
if:
|
||||
- libvirt_specific_ca_unset
|
||||
- get_param: InternalTLSCAFile
|
||||
- get_param: LibvirtCACert
|
||||
- /etc/pki/libvirt/servercert.pem:/etc/pki/libvirt/servercert.pem:ro
|
||||
- /etc/pki/libvirt/private/serverkey.pem:/etc/pki/libvirt/private/serverkey.pem:ro
|
||||
- /etc/pki/libvirt/clientcert.pem:/etc/pki/libvirt/clientcert.pem:ro
|
||||
- /etc/pki/libvirt/private/clientkey.pem:/etc/pki/libvirt/private/clientkey.pem:ro
|
||||
- /etc/pki/libvirt/servercert.pem:/var/lib/kolla/config_files/src-tls/etc/pki/libvirt/servercert.pem:ro
|
||||
- /etc/pki/libvirt/private/serverkey.pem:/var/lib/kolla/config_files/src-tls/etc/pki/libvirt/private/serverkey.pem:ro
|
||||
- /etc/pki/libvirt/clientcert.pem:/var/lib/kolla/config_files/src-tls/etc/pki/libvirt/clientcert.pem:ro
|
||||
- /etc/pki/libvirt/private/clientkey.pem:/var/lib/kolla/config_files/src-tls/etc/pki/libvirt/private/clientkey.pem:ro
|
||||
- null
|
||||
-
|
||||
if:
|
||||
- use_tls_for_vnc
|
||||
-
|
||||
- str_replace:
|
||||
template: "CACERT:/etc/pki/libvirt-vnc/ca-cert.pem:ro"
|
||||
template: "CACERT:/var/lib/kolla/config_files/src-tls/etc/pki/libvirt-vnc/ca-cert.pem:ro"
|
||||
params:
|
||||
CACERT:
|
||||
if:
|
||||
|
Loading…
x
Reference in New Issue
Block a user