summaryrefslogtreecommitdiffstats
path: root/mcp/config
diff options
context:
space:
mode:
authorAlexandru Avadanii <Alexandru.Avadanii@enea.com>2018-02-06 04:51:37 +0100
committerAlexandru Avadanii <Alexandru.Avadanii@enea.com>2018-02-06 17:26:09 +0100
commit9a4d570364ae9126b7886bc187cc7f7e0f9ced7f (patch)
tree13455e07bb4347d93b3ef32d816bffee5112a9bf /mcp/config
parent6357d861c2f7c69c1486a40a81d24d7dda66eba8 (diff)
[HA] Use cluster_public_host for SSL cert fetch
For VCP-enabled scenarios, `cluster_public_host` and `cluster_vip_address` both point to the public VIP of the cluster. However, for upcoming NOVCP scenarios, `cluster_vip_address` resides inside the management segment, so use `cluster_public_host` instead. JIRA: FUEL-310 Change-Id: I13ef482e2c3116c991dfe91be81d0964f140f8e9 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Diffstat (limited to 'mcp/config')
-rwxr-xr-xmcp/config/states/openstack_ha12
1 files changed, 7 insertions, 5 deletions
diff --git a/mcp/config/states/openstack_ha b/mcp/config/states/openstack_ha
index a035a8b2f..404c89c08 100755
--- a/mcp/config/states/openstack_ha
+++ b/mcp/config/states/openstack_ha
@@ -77,11 +77,13 @@ if ! salt -C 'I@horizon:server and *01*' --out=yaml pkg.version openstack-dashbo
salt -I 'horizon:server' service.reload apache2
fi
-clstr_vip_addr=$(salt -C 'I@nginx:server and *01*' --out=yaml \
- pillar.get _param:cluster_vip_address | awk '{print $2; exit}')
-salt -C 'I@nginx:server and *01*' cp.push \
- "/etc/ssl/certs/${clstr_vip_addr}-with-chain.crt" upload_path='certs/os_cacert'
-cd /etc/ssl/certs && ln -sf /var/cache/salt/master/minions/prx01.*/files/certs/os_cacert
+cluster_public_host=$(salt -C 'I@nginx:server and *01*' --out=yaml \
+ pillar.get _param:cluster_public_host | awk '{print $2; exit}')
+dashboard_host=$(salt -C 'I@nginx:server and *01*' --out=yaml cp.push \
+ "/etc/ssl/certs/${cluster_public_host}-with-chain.crt" \
+ upload_path='certs/os_cacert' | cut -d':' -f1)
+cd /etc/ssl/certs && \
+ ln -sf "/var/cache/salt/master/minions/${dashboard_host}/files/certs/os_cacert"
# glance v1 api is required by orchestra tests
salt -I 'glance:server' ini.set_option /etc/glance/glance-api.conf '{DEFAULT: {enable_v1_api: True}}'