Merge "Fix Octavia CA cert paths"

2020-04-16 14:03:31 +00:00 · 2020-04-16 14:03:31 +00:00 · 93ff86bcb9
commit 93ff86bcb9
parent b6801477db ea4505f17a
2 changed files with 10 additions and 3 deletions
--- a/ansible/roles/octavia/templates/octavia.conf.j2
+++ b/ansible/roles/octavia/templates/octavia.conf.j2
@ -30,6 +30,7 @@ password = {{ octavia_keystone_password }}
 user_domain_name = {{ default_user_domain_name }}
 project_name = {{ openstack_auth.project_name }}
 project_domain_name = {{ default_project_domain_name }}
+cafile = {{ openstack_cacert }}

 memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcache_secret_key }}
@ -84,14 +85,14 @@ policy_file = {{ octavia_policy_file }}
 [glance]
 region_name = {{ openstack_region_name }}
 endpoint_type = internal
-ca_certificates_file ==  {{ openstack_cacert }}
+ca_certificates_file = {{ openstack_cacert }}

 [neutron]
 region_name = {{ openstack_region_name }}
 endpoint_type = internal
-ca_certificates_file ==  {{ openstack_cacert }}
+ca_certificates_file = {{ openstack_cacert }}

 [nova]
 region_name = {{ openstack_region_name }}
 endpoint_type = internal
-ca_certificates_file ==  {{ openstack_cacert }}
+ca_certificates_file = {{ openstack_cacert }}
--- a/releasenotes/notes/bug-1872404-dc092ab1ce84c71d.yaml
+++ b/releasenotes/notes/bug-1872404-dc092ab1ce84c71d.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixes Octavia in internally-signed (e.g. self-signed) cert TLS deployments
+    by providing path to CA cert file in proper config places.
+    `LP#1872404 <https://launchpad.net/bugs/1872404>`__