TLS everywhere: Mount the whole /etc/pki/libvirt/ directory in libvirt

We need to mount the whole directory inside the libvirt container, so that when new certificates are generated, they could be accessed from within the container. Related-Bug: #1811401 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: I3f1e7511d56f9a974409a9a1e3ed66ba8fa72e36 (cherry picked from commit fff1df6ee0)
2019-01-28 16:31:26 +01:00 · 2019-01-28 16:31:26 +01:00 · 8d4e0a737a
parent ea5fe24f2c
commit 8d4e0a737a
1 changed files with 1 additions and 5 deletions
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@ -208,7 +208,6 @@ outputs:
        map_merge:
          - get_attr: [NovaLibvirtBase, role_data, config_settings]
          - get_attr: [NovaLibvirtLogging, config_settings]
-          - tripleo::profile::base::certmonger_user::libvirt_postsave_cmd: "true" # TODO: restart the libvirt container here

      logging_source: {get_attr: [NovaLibvirtBase, role_data, logging_source]}
      logging_groups: {get_attr: [NovaLibvirtBase, role_data, logging_groups]}
@ -341,10 +340,7 @@ outputs:
                                - libvirt_specific_ca_unset
                                - get_param: InternalTLSCAFile
                                - get_param: LibvirtCACert
-                      - /etc/pki/libvirt/servercert.pem:/var/lib/kolla/config_files/src-tls/etc/pki/libvirt/servercert.pem:ro
-                      - /etc/pki/libvirt/private/serverkey.pem:/var/lib/kolla/config_files/src-tls/etc/pki/libvirt/private/serverkey.pem:ro
-                      - /etc/pki/libvirt/clientcert.pem:/var/lib/kolla/config_files/src-tls/etc/pki/libvirt/clientcert.pem:ro
-                      - /etc/pki/libvirt/private/clientkey.pem:/var/lib/kolla/config_files/src-tls/etc/pki/libvirt/private/clientkey.pem:ro
+                      - /etc/pki/libvirt/:/var/lib/kolla/config_files/src-tls/etc/pki/libvirt/:ro
                    - null
                -
                  if: