From 88f83b9f5869e67f228821563939b32b4fe54ade Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Wed, 10 Apr 2024 15:27:17 +0100 Subject: [PATCH] ci-multinode: Update configuration for external TLS using Vault CA --- .../tempest/tempest-ci-multinode.overrides.conf | 2 +- etc/kayobe/environments/ci-multinode/kolla.yml | 8 ++++++-- etc/kayobe/environments/ci-multinode/tempest.yml | 3 +++ 3 files changed, 10 insertions(+), 3 deletions(-) create mode 100644 etc/kayobe/environments/ci-multinode/tempest.yml diff --git a/.automation.conf/tempest/tempest-ci-multinode.overrides.conf b/.automation.conf/tempest/tempest-ci-multinode.overrides.conf index 0ff616f76..663b384df 100644 --- a/.automation.conf/tempest/tempest-ci-multinode.overrides.conf +++ b/.automation.conf/tempest/tempest-ci-multinode.overrides.conf @@ -32,4 +32,4 @@ max_microversion = 3.70 build_timeout = 600 [dashboard] -dashboard_url = http://192.168.39.2 +dashboard_url = https://192.168.39.2 diff --git a/etc/kayobe/environments/ci-multinode/kolla.yml b/etc/kayobe/environments/ci-multinode/kolla.yml index 0fc7b05f5..076529742 100644 --- a/etc/kayobe/environments/ci-multinode/kolla.yml +++ b/etc/kayobe/environments/ci-multinode/kolla.yml @@ -8,12 +8,16 @@ kolla_enable_designate: true kolla_enable_redis: true kolla_enable_barbican: true -# The multinode environment supports Backend and internal TLS , but it must be -# enabled in the correct order. See +# The multinode environment supports backend, external and internal TLS , but +# it must be enabled in the correct order. See # https://stackhpc-kayobe-config.readthedocs.io/en/stackhpc-yoga/configuration/vault.html # for details. +# kolla_enable_tls_external: true # kolla_enable_tls_internal: true +kolla_public_openrc_cacert: "{{ '/etc/pki/tls/certs/ca-bundle.crt' if os_distribution in ['centos', 'rocky'] else '/etc/ssl/certs/ca-certificates.crt' }}" +kolla_admin_openrc_cacert: "{{ kolla_public_openrc_cacert }}" + # The multinode environment supports Manila but it is not enabled by default. # kolla_enable_manila: true # kolla_enable_manila_backend_cephfs_native: true diff --git a/etc/kayobe/environments/ci-multinode/tempest.yml b/etc/kayobe/environments/ci-multinode/tempest.yml new file mode 100644 index 000000000..93a7cdfe2 --- /dev/null +++ b/etc/kayobe/environments/ci-multinode/tempest.yml @@ -0,0 +1,3 @@ +--- +# Add the Vault CA certificate to the rally container when running tempest. +tempest_cacert: "{{ kayobe_env_config_path }}/kolla/certificates/ca/vault.crt"