From 86c579c84167e3c778bb0c072d6695c25a4f83f0 Mon Sep 17 00:00:00 2001 From: Spyros Trigazis Date: Wed, 29 Jan 2020 09:10:10 +0100 Subject: [PATCH] k8s_coreos Set REQUESTS_CA for heat-agent The heat-agent as a python service needs to use the ca bundle of the host. story: 2005201 task: 38504 Change-Id: I908555399639a49058831cb2b0c03d5c5442446b Signed-off-by: Spyros Trigazis (cherry picked from commit 7da53fe3b89ec9bbf89824acfe32ce57f787037d) --- magnum/drivers/k8s_fedora_coreos_v1/templates/user_data.json | 2 +- releasenotes/notes/fedora_coreos-e66b44d86dea380f.yaml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/magnum/drivers/k8s_fedora_coreos_v1/templates/user_data.json b/magnum/drivers/k8s_fedora_coreos_v1/templates/user_data.json index 004361711e..a7c30793bd 100644 --- a/magnum/drivers/k8s_fedora_coreos_v1/templates/user_data.json +++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/user_data.json @@ -77,7 +77,7 @@ { "name": "heat-container-agent.service", "enabled": true, - "contents": "[Unit]\nDescription=Run heat-container-agent\nAfter=network-online.target configure-agent-env.service\nWants=network-online.target\n\n[Service]\nEnvironmentFile=-/etc/environment\nExecStartPre=mkdir -p /var/lib/heat-container-agent\nExecStartPre=mkdir -p /var/run/heat-config\nExecStartPre=mkdir -p /var/run/os-collect-config\nExecStartPre=mkdir -p /opt/stack/os-config-refresh\nExecStartPre=-mv /var/lib/os-collect-config/local-data /var/lib/cloud/data/cfn-init-data\nExecStartPre=mkdir -p /srv/magnum\nExecStartPre=-/bin/podman kill heat-container-agent\nExecStartPre=-/bin/podman rm heat-container-agent\nExecStartPre=-/bin/podman pull $CONTAINER_INFRA_PREFIXheat-container-agent:$HEAT_CONTAINER_AGENT_TAG\nExecStart=/bin/podman run \\\n --name heat-container-agent \\\n --privileged \\\n --volume /srv/magnum:/srv/magnum \\\n --volume /opt/stack/os-config-refresh:/opt/stack/os-config-refresh \\\n --volume /run/systemd:/run/systemd \\\n --volume /etc/:/etc/ \\\n --volume /var/lib:/var/lib \\\n --volume /var/run:/var/run \\\n --volume /var/log:/var/log \\\n --volume /tmp:/tmp \\\n --volume /dev:/dev \\\n --env REQUESTS_CA_BUNDLE=/etc/pki/ca-trust/source/anchors/openstack-ca.pem --net=host \\\n $CONTAINER_INFRA_PREFIXheat-container-agent:$HEAT_CONTAINER_AGENT_TAG \\\n /usr/bin/start-heat-container-agent\nTimeoutStartSec=10min\n\nExecStop=/bin/podman stop heat-container-agent\n\n[Install]\nWantedBy=multi-user.target\n" + "contents": "[Unit]\nDescription=Run heat-container-agent\nAfter=network-online.target configure-agent-env.service\nWants=network-online.target\n\n[Service]\nEnvironmentFile=-/etc/environment\nExecStartPre=mkdir -p /var/lib/heat-container-agent\nExecStartPre=mkdir -p /var/run/heat-config\nExecStartPre=mkdir -p /var/run/os-collect-config\nExecStartPre=mkdir -p /opt/stack/os-config-refresh\nExecStartPre=-mv /var/lib/os-collect-config/local-data /var/lib/cloud/data/cfn-init-data\nExecStartPre=mkdir -p /srv/magnum\nExecStartPre=-/bin/podman kill heat-container-agent\nExecStartPre=-/bin/podman rm heat-container-agent\nExecStartPre=-/bin/podman pull $CONTAINER_INFRA_PREFIXheat-container-agent:$HEAT_CONTAINER_AGENT_TAG\nExecStart=/bin/podman run \\\n --name heat-container-agent \\\n --privileged \\\n --volume /srv/magnum:/srv/magnum \\\n --volume /opt/stack/os-config-refresh:/opt/stack/os-config-refresh \\\n --volume /run/systemd:/run/systemd \\\n --volume /etc/:/etc/ \\\n --volume /var/lib:/var/lib \\\n --volume /var/run:/var/run \\\n --volume /var/log:/var/log \\\n --volume /tmp:/tmp \\\n --volume /dev:/dev \\\n --env REQUESTS_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt --net=host \\\n $CONTAINER_INFRA_PREFIXheat-container-agent:$HEAT_CONTAINER_AGENT_TAG \\\n /usr/bin/start-heat-container-agent\nTimeoutStartSec=10min\n\nExecStop=/bin/podman stop heat-container-agent\n\n[Install]\nWantedBy=multi-user.target\n" } ] } diff --git a/releasenotes/notes/fedora_coreos-e66b44d86dea380f.yaml b/releasenotes/notes/fedora_coreos-e66b44d86dea380f.yaml index 01f9469cb5..747873a32a 100644 --- a/releasenotes/notes/fedora_coreos-e66b44d86dea380f.yaml +++ b/releasenotes/notes/fedora_coreos-e66b44d86dea380f.yaml @@ -10,3 +10,7 @@ issues: The startup of the heat-container-agent uses a workaround to copy the SoftwareDeployment credentials to /var/lib/cloud/data/cfn-init-data. The fedora coreos driver requires heat train to support ignition. +fixes: + - | + For k8s_coreos set REQUESTS_CA for heat-agent. The heat-agent as a python + service needs to use the ca bundle of the host.