Add cacert_file
Change-Id: I340b616d6b4b1f2b8d5ed7bc48d440a842528401
Related-PROD: PROD-26938 (PROD:26938)
diff --git a/octavia/files/queens/octavia_api.conf b/octavia/files/queens/octavia_api.conf
index ce95dcd..d6ba089 100644
--- a/octavia/files/queens/octavia_api.conf
+++ b/octavia/files/queens/octavia_api.conf
@@ -808,6 +808,7 @@
auth_url={{ api.identity.get('protocol', 'http') }}://{{ api.identity.host }}:35357
{%- set _data = api.identity %}
+{%- if 'cacert_file' not in _data.keys() %}{% do _data.update({'cacert_file': api.cacert_file}) %}{% endif %}
{%- set auth_type = _data.get('auth_type', 'password') %}
{%- include "oslo_templates/files/queens/keystonemiddleware/_auth_token.conf" %}
{%- include "oslo_templates/files/queens/keystoneauth/_type_" + auth_type + ".conf" %}
diff --git a/octavia/files/queens/octavia_manager.conf b/octavia/files/queens/octavia_manager.conf
index 0e558e8..21b446e 100644
--- a/octavia/files/queens/octavia_manager.conf
+++ b/octavia/files/queens/octavia_manager.conf
@@ -854,6 +854,7 @@
auth_url={{ manager.identity.get('protocol', 'http') }}://{{ manager.identity.host }}:35357
{%- set _data = manager.identity %}
+{%- if 'cacert_file' not in _data.keys() %}{% do _data.update({'cacert_file': manager.cacert_file}) %}{% endif %}
{%- set auth_type = _data.get('auth_type', 'password') %}
{%- include "oslo_templates/files/queens/keystonemiddleware/_auth_token.conf" %}
{%- include "oslo_templates/files/queens/keystoneauth/_type_" + auth_type + ".conf" %}
diff --git a/octavia/map.jinja b/octavia/map.jinja
index 6d72326..fd83957 100644
--- a/octavia/map.jinja
+++ b/octavia/map.jinja
@@ -1,4 +1,14 @@
+{%- set default_params = {
+ 'cacert_file': salt['grains.filter_by']({
+ 'Debian': '/etc/ssl/certs/ca-certificates.crt',
+ 'RedHat': '/etc/pki/tls/certs/ca-bundle.crt'
+ }),
+ 'enabled': false }
+%}
+
+
{% set api = salt['grains.filter_by']({
+ 'BaseDefaults': default_params,
'Debian': {
'pkgs': ['octavia-common', 'octavia-api'],
'services': ['octavia-api'],
@@ -17,9 +27,10 @@
'enabled': false
}
},
-}, merge=pillar.octavia.get('api', {})) %}
+}, merge=pillar.octavia.get('api', {}), base='BaseDefaults') %}
{% set manager = salt['grains.filter_by']({
+ 'BaseDefaults': default_params,
'Debian': {
'pkgs': ['octavia-common', 'octavia-worker', 'octavia-housekeeping',
'octavia-health-manager', 'iptables-persistent'],
@@ -46,7 +57,7 @@
'enabled': false
}
},
-}, merge=pillar.octavia.get('manager', {})) %}
+}, merge=pillar.octavia.get('manager', {}), base='BaseDefaults') %}
{% set monitoring = salt['grains.filter_by']({
'default': {