Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / ironic / d9e357d5c360e5e218031aa8bb17e739c3b9cd01^! / .
commitd9e357d5c360e5e218031aa8bb17e739c3b9cd01[log] [tgz]
authorKirill Bespalov <kbespalov@mirantis.com>Tue Nov 14 16:40:44 2017 +0300
committerKirill Bespalov <kbespalov@mirantis.com>Tue Nov 14 16:40:44 2017 +0300
tree956899f1d553d2a1ced9c07f687a5871fdee2b63
parentd678679fbc3aad1ec55563d532425ebfa13418ee [diff]
[tls] Make a cert SLS IDs globally unique

At the moment most of openstack formulas have
the same ids of certs at state files, e.g.:

 nova/server.sls   - rabbitmq_ca : file_managed
 glance/server.sls - rabbitmq_ca : file_managed

So, any attempt to use the:

   salt-call state.apply

fails with:

  Detected conflicting IDs, SLS IDs need to be
  globally unique.

Change-Id: I9af17230285a68a8e9c2774d02c9f4e8008f258e

diff --git a/ironic/_common.sls b/ironic/_common.sls
index cc4b4bf..992c49a 100644
--- a/ironic/_common.sls
+++ b/ironic/_common.sls

@@ -18,7 +18,7 @@
     - pkg: ironic_common_pkgs
 
 {%- if ironic.message_queue.get('ssl',{}).get('enabled', False) %}
-rabbitmq_ca:
+rabbitmq_ca_ironic_{{ service_name }}:
 {%- if ironic.message_queue.ssl.cacert is defined %}
   file.managed:
     - name: {{ ironic.message_queue.ssl.cacert_file }}

diff --git a/ironic/api.sls b/ironic/api.sls
index 68df1a3..705f594 100644
--- a/ironic/api.sls
+++ b/ironic/api.sls

@@ -23,7 +23,7 @@
       - file: /etc/ironic/ironic.conf
       - file: /etc/ironic/policy.json
     {%- if api.message_queue.get('ssl',{}).get('enabled', False) %}
-      - file: rabbitmq_ca
+      - file: rabbitmq_ca_ironic_api
     {%- endif %}
     {%- if api.database.get('ssl',{}).get('enabled', False) %}
       - file: mysql_ca_ironic_api

diff --git a/ironic/conductor.sls b/ironic/conductor.sls
index e16fccb..3241340 100644
--- a/ironic/conductor.sls
+++ b/ironic/conductor.sls

@@ -15,7 +15,7 @@
     - watch:
       - file: /etc/ironic/ironic.conf
     {%- if conductor.message_queue.get('ssl',{}).get('enabled', False) %}
-      - file: rabbitmq_ca
+      - file: rabbitmq_ca_ironic_conductor
     {%- endif %}
     {%- if conductor.database.get('ssl',{}).get('enabled', False) %}
       - file: mysql_ca_ironic_conductor