TLS everywhere: Mount the whole /etc/pki/libvirt/ directory in libvirt
We need to mount the whole directory inside the libvirt container,
so that when new certificates are generated, they could be accessed from
within the container.
Related-Bug: #1811401
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: I3f1e7511d56f9a974409a9a1e3ed66ba8fa72e36
(cherry picked from commit fff1df6ee0
)
This commit is contained in:
parent
d07af320a4
commit
3bd4a2a8bf
|
@ -208,7 +208,6 @@ outputs:
|
|||
map_merge:
|
||||
- get_attr: [NovaLibvirtBase, role_data, config_settings]
|
||||
- get_attr: [NovaLibvirtLogging, config_settings]
|
||||
- tripleo::profile::base::certmonger_user::libvirt_postsave_cmd: "true" # TODO: restart the libvirt container here
|
||||
|
||||
logging_source: {get_attr: [NovaLibvirtBase, role_data, logging_source]}
|
||||
logging_groups: {get_attr: [NovaLibvirtBase, role_data, logging_groups]}
|
||||
|
@ -343,10 +342,7 @@ outputs:
|
|||
- libvirt_specific_ca_unset
|
||||
- get_param: InternalTLSCAFile
|
||||
- get_param: LibvirtCACert
|
||||
- /etc/pki/libvirt/servercert.pem:/var/lib/kolla/config_files/src-tls/etc/pki/libvirt/servercert.pem:ro
|
||||
- /etc/pki/libvirt/private/serverkey.pem:/var/lib/kolla/config_files/src-tls/etc/pki/libvirt/private/serverkey.pem:ro
|
||||
- /etc/pki/libvirt/clientcert.pem:/var/lib/kolla/config_files/src-tls/etc/pki/libvirt/clientcert.pem:ro
|
||||
- /etc/pki/libvirt/private/clientkey.pem:/var/lib/kolla/config_files/src-tls/etc/pki/libvirt/private/clientkey.pem:ro
|
||||
- /etc/pki/libvirt/:/var/lib/kolla/config_files/src-tls/etc/pki/libvirt/:ro
|
||||
- null
|
||||
-
|
||||
if:
|
||||
|
|
Loading…
Reference in New Issue