diff options
author | Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2018-02-06 04:51:37 +0100 |
---|---|---|
committer | Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2018-02-06 17:26:09 +0100 |
commit | 9a4d570364ae9126b7886bc187cc7f7e0f9ced7f (patch) | |
tree | 13455e07bb4347d93b3ef32d816bffee5112a9bf /mcp/config | |
parent | 6357d861c2f7c69c1486a40a81d24d7dda66eba8 (diff) |
[HA] Use cluster_public_host for SSL cert fetch
For VCP-enabled scenarios, `cluster_public_host` and
`cluster_vip_address` both point to the public VIP of the cluster.
However, for upcoming NOVCP scenarios, `cluster_vip_address` resides
inside the management segment, so use `cluster_public_host` instead.
JIRA: FUEL-310
Change-Id: I13ef482e2c3116c991dfe91be81d0964f140f8e9
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Diffstat (limited to 'mcp/config')
-rwxr-xr-x | mcp/config/states/openstack_ha | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/mcp/config/states/openstack_ha b/mcp/config/states/openstack_ha index a035a8b2f..404c89c08 100755 --- a/mcp/config/states/openstack_ha +++ b/mcp/config/states/openstack_ha @@ -77,11 +77,13 @@ if ! salt -C 'I@horizon:server and *01*' --out=yaml pkg.version openstack-dashbo salt -I 'horizon:server' service.reload apache2 fi -clstr_vip_addr=$(salt -C 'I@nginx:server and *01*' --out=yaml \ - pillar.get _param:cluster_vip_address | awk '{print $2; exit}') -salt -C 'I@nginx:server and *01*' cp.push \ - "/etc/ssl/certs/${clstr_vip_addr}-with-chain.crt" upload_path='certs/os_cacert' -cd /etc/ssl/certs && ln -sf /var/cache/salt/master/minions/prx01.*/files/certs/os_cacert +cluster_public_host=$(salt -C 'I@nginx:server and *01*' --out=yaml \ + pillar.get _param:cluster_public_host | awk '{print $2; exit}') +dashboard_host=$(salt -C 'I@nginx:server and *01*' --out=yaml cp.push \ + "/etc/ssl/certs/${cluster_public_host}-with-chain.crt" \ + upload_path='certs/os_cacert' | cut -d':' -f1) +cd /etc/ssl/certs && \ + ln -sf "/var/cache/salt/master/minions/${dashboard_host}/files/certs/os_cacert" # glance v1 api is required by orchestra tests salt -I 'glance:server' ini.set_option /etc/glance/glance-api.conf '{DEFAULT: {enable_v1_api: True}}' |