From 9a4d570364ae9126b7886bc187cc7f7e0f9ced7f Mon Sep 17 00:00:00 2001 From: Alexandru Avadanii Date: Tue, 6 Feb 2018 04:51:37 +0100 Subject: [HA] Use cluster_public_host for SSL cert fetch For VCP-enabled scenarios, `cluster_public_host` and `cluster_vip_address` both point to the public VIP of the cluster. However, for upcoming NOVCP scenarios, `cluster_vip_address` resides inside the management segment, so use `cluster_public_host` instead. JIRA: FUEL-310 Change-Id: I13ef482e2c3116c991dfe91be81d0964f140f8e9 Signed-off-by: Alexandru Avadanii --- mcp/config/states/openstack_ha | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'mcp/config') diff --git a/mcp/config/states/openstack_ha b/mcp/config/states/openstack_ha index a035a8b2f..404c89c08 100755 --- a/mcp/config/states/openstack_ha +++ b/mcp/config/states/openstack_ha @@ -77,11 +77,13 @@ if ! salt -C 'I@horizon:server and *01*' --out=yaml pkg.version openstack-dashbo salt -I 'horizon:server' service.reload apache2 fi -clstr_vip_addr=$(salt -C 'I@nginx:server and *01*' --out=yaml \ - pillar.get _param:cluster_vip_address | awk '{print $2; exit}') -salt -C 'I@nginx:server and *01*' cp.push \ - "/etc/ssl/certs/${clstr_vip_addr}-with-chain.crt" upload_path='certs/os_cacert' -cd /etc/ssl/certs && ln -sf /var/cache/salt/master/minions/prx01.*/files/certs/os_cacert +cluster_public_host=$(salt -C 'I@nginx:server and *01*' --out=yaml \ + pillar.get _param:cluster_public_host | awk '{print $2; exit}') +dashboard_host=$(salt -C 'I@nginx:server and *01*' --out=yaml cp.push \ + "/etc/ssl/certs/${cluster_public_host}-with-chain.crt" \ + upload_path='certs/os_cacert' | cut -d':' -f1) +cd /etc/ssl/certs && \ + ln -sf "/var/cache/salt/master/minions/${dashboard_host}/files/certs/os_cacert" # glance v1 api is required by orchestra tests salt -I 'glance:server' ini.set_option /etc/glance/glance-api.conf '{DEFAULT: {enable_v1_api: True}}' -- cgit 1.2.3-korg